From a51f446e14b8995ca6f61692b831f25365be480b Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Wed, 13 Mar 2019 07:31:48 -0700 Subject: [PATCH] Add mbstring fuzzer for PHP (#2233) --- projects/php/Dockerfile | 5 +++-- projects/php/build.sh | 19 +++++++++++++++---- projects/php/runtime.options | 2 ++ 3 files changed, 20 insertions(+), 6 deletions(-) create mode 100644 projects/php/runtime.options diff --git a/projects/php/Dockerfile b/projects/php/Dockerfile index 1464cb8f0..f6ff42555 100644 --- a/projects/php/Dockerfile +++ b/projects/php/Dockerfile @@ -17,10 +17,11 @@ FROM gcr.io/oss-fuzz-base/base-builder MAINTAINER stas@php.net RUN apt-get update && apt-get install -y make autoconf automake libtool bison re2c make ca-certificates curl \ - xz-utils dpkg-dev file libc-dev pkg-config libcurl4-openssl-dev libedit-dev libsqlite3-dev libssl-dev zlib1g-dev + xz-utils dpkg-dev file libc-dev pkg-config libcurl4-openssl-dev libedit-dev libsqlite3-dev libssl-dev \ + zlib1g-dev libonig-dev chrpath RUN git clone --depth 1 --branch master https://github.com/php/php-src.git php-src RUN git clone --depth 1 https://github.com/smalyshev/php-fuzzing-sapi.git php-src/sapi/fuzzer WORKDIR php-src -COPY build.sh $SRC/ +COPY build.sh *.options $SRC/ # This ideally will be gone eventually, right now used for more flexibility in tweaking Makefile options # COPY Makefile.frag $SRC/php-src/sapi/fuzzer diff --git a/projects/php/build.sh b/projects/php/build.sh index 4facef4fe..9b6dadd5a 100755 --- a/projects/php/build.sh +++ b/projects/php/build.sh @@ -15,15 +15,26 @@ # ################################################################################ +mkdir -p $OUT/lib/ +cp sapi/fuzzer/json.dict $OUT/php-fuzz-json.dict +cp /usr/lib/x86_64-linux-gnu/libonig.so.2 $OUT/lib/ # build project ./buildconf ./configure --enable-fuzzer --enable-option-checking=fatal --disable-libxml --disable-dom \ --disable-simplexml --disable-xml --disable-xmlreader --disable-xmlwriter --without-pear \ - --enable-exif --disable-phpdbg --disable-cgi + --enable-exif --disable-phpdbg --disable-cgi --enable-mbstring make -cp sapi/fuzzer/json.dict $OUT/php-fuzz-json.dict -cp sapi/fuzzer/php-fuzz-json $OUT/ -cp sapi/fuzzer/php-fuzz-exif $OUT/ + +FUZZERS="php-fuzz-json php-fuzz-exif php-fuzz-mbstring" +for fuzzerName in $FUZZERS; do + cp sapi/fuzzer/$fuzzerName $OUT/ + # for loading missing libs like libonig + chrpath -r '$ORIGIN/lib' $OUT/$fuzzerName + # copy runtime options + cp $SRC/runtime.options $OUT/${fuzzerName}.options +done +# copy corpora from source for fuzzerName in `ls sapi/fuzzer/corpus`; do zip -j $OUT/php-fuzz-${fuzzerName}_seed_corpus.zip sapi/fuzzer/corpus/${fuzzerName}/* done + diff --git a/projects/php/runtime.options b/projects/php/runtime.options new file mode 100644 index 000000000..e6ad1448a --- /dev/null +++ b/projects/php/runtime.options @@ -0,0 +1,2 @@ +[libfuzzer] +detect_leaks=0 \ No newline at end of file