From f1aff654be2110d716f3304ed0a776309a84166d Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Wed, 9 Oct 2019 17:45:57 +0200 Subject: [PATCH] Use php stream in exif fuzzer This has the main benefit that we don't go through the realpath cache, which will cause leak checking to be disabled. --- sapi/fuzzer/fuzzer-exif.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/sapi/fuzzer/fuzzer-exif.c b/sapi/fuzzer/fuzzer-exif.c index 6591a68888..230852bb61 100644 --- a/sapi/fuzzer/fuzzer-exif.c +++ b/sapi/fuzzer/fuzzer-exif.c @@ -32,8 +32,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { #if HAVE_EXIF - char *filename; - int filedes; + php_stream *stream; + zval stream_zv; if (Size > 256 * 1024) { /* Large inputs have a large impact on fuzzer performance, @@ -45,16 +45,15 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { return 0; } - /* put the data in a file */ - filename = tmpnam(NULL); - filedes = open(filename, O_CREAT|O_RDWR, 0644); - write(filedes, Data, Size); - close(filedes); + stream = php_stream_fopen_tmpfile(); + php_stream_write(stream, (const char *) Data, Size); + php_stream_to_zval(stream, &stream_zv); - fuzzer_call_php_func("exif_read_data", 1, &filename); + fuzzer_call_php_func_zval("exif_read_data", 1, &stream_zv); + + zval_ptr_dtor(&stream_zv); /* cleanup */ - unlink(filename); php_request_shutdown(NULL); return 0; -- 2.50.1