From: Nikita Popov <nikita.ppv@gmail.com>
Date: Fri, 13 Dec 2019 15:09:28 +0000 (+0100)
Subject: Limit parse depth in mbstring fuzzer
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9de4f87aca69b41aa0b26b5f426517b53ec87514;p=php

Limit parse depth in mbstring fuzzer

The default depth of 4096 is large enough to cause optimize_node
stack overflows under asan. Reduce to 1024.
---

diff --git a/sapi/fuzzer/fuzzer-mbstring.c b/sapi/fuzzer/fuzzer-mbstring.c
index 3ec0c42c4e..5821024ec3 100644
--- a/sapi/fuzzer/fuzzer-mbstring.c
+++ b/sapi/fuzzer/fuzzer-mbstring.c
@@ -20,6 +20,7 @@
 #include "Zend/zend.h"
 #include "main/php_config.h"
 #include "main/php_main.h"
+#include "oniguruma.h"
 
 #include <stdio.h>
 #include <stdint.h>
@@ -67,6 +68,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 int LLVMFuzzerInitialize(int *argc, char ***argv) {
 	fuzzer_init_php();
 
+	/* The default parse depth limit allows stack overflows under asan. */
+	onig_set_parse_depth_limit(1024);
+
 	/* fuzzer_shutdown_php(); */
 	return 0;
 }