From d7b4cdff3f048ce232bd16870695ffbfcba45f4e Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Wed, 18 Sep 2019 11:53:15 +0200
Subject: [PATCH] Add instructions for building an instrumented libonig

[ci skip]
---
 sapi/fuzzer/README.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/sapi/fuzzer/README.md b/sapi/fuzzer/README.md
index b07428f041..166be746ea 100644
--- a/sapi/fuzzer/README.md
+++ b/sapi/fuzzer/README.md
@@ -48,3 +48,20 @@ mkdir ./my-parser-corpus
 sapi/fuzzer/php-fuzz-parser -merge=1 ./my-parser-corpus sapi/fuzzer/corpus/parser
 sapi/fuzzer/php-fuzz-parser -only_ascii=1 ./my-parser-corpus
 ```
+
+For the mbstring fuzzer, you may want to build the libonig dependency with instrumentation. At this time, libonig is not clean under ubsan, so only the fuzzer and address sanitizers may be used.
+
+```sh
+mkdir libonig
+pushd libonig
+wget -O - https://github.com/kkos/oniguruma/releases/download/v6.9.3/onig-6.9.3.tar.gz \
+    | tar -xz --strip-components=1
+./configure CC=clang CFLAGS="-fsanitize=fuzzer-no-link,address -O2 -g"
+make
+popd
+
+export ONIG_CFLAGS="-I$PWD/libonig/src"
+export ONIG_LIBS="-L$PWD/libonig/src/.libs -l:libonig.a"
+```
+
+This will link an instrumented libonig statically into the PHP binary.
-- 
2.49.0