blob: 18a861f912dc3a83288503fa6fe040a633ddd11e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
#!/bin/bash -eu
# Copyright 2019 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
################################################################################
# PHP's zend_function union is incompatible with the object-size sanitizer
export CFLAGS="$CFLAGS -fno-sanitize=object-size"
export CXXFLAGS="$CXXFLAGS -fno-sanitize=object-size"
# Disable JIT profitability checks.
export CFLAGS="$CFLAGS -DPROFITABILITY_CHECKS=0"
# Make sure the right assembly files are picked
BUILD_FLAG=""
if [ "$ARCHITECTURE" = "i386" ]; then
BUILD_FLAG="--build=i686-pc-linux-gnu"
fi
# build project
./buildconf
./configure $BUILD_FLAG \
--disable-all \
--enable-debug-assertions \
--enable-option-checking=fatal \
--enable-fuzzer \
--enable-exif \
--enable-opcache \
--without-pcre-jit \
--disable-phpdbg \
--disable-cgi \
--with-pic
make -j$(nproc)
# Generate corpuses and dictionaries.
sapi/cli/php sapi/fuzzer/generate_all.php
# Copy dictionaries to expected locations.
cp sapi/fuzzer/dict/unserialize $OUT/php-fuzz-unserialize.dict
cp sapi/fuzzer/dict/parser $OUT/php-fuzz-parser.dict
cp sapi/fuzzer/json.dict $OUT/php-fuzz-json.dict
FUZZERS="php-fuzz-json
php-fuzz-exif
php-fuzz-unserialize
php-fuzz-unserializehash
php-fuzz-parser
php-fuzz-execute"
for fuzzerName in $FUZZERS; do
cp sapi/fuzzer/$fuzzerName $OUT/
done
# The JIT fuzzer is fundamentally incompatible with memory sanitizer,
# as that would require the JIT to emit msan instrumentation itself.
# In practice it is currently also incompatible with ubsan.
if [ "$SANITIZER" != "memory" ] && [ "$SANITIZER" != "undefined" ]; then
cp sapi/fuzzer/php-fuzz-function-jit $OUT/
cp sapi/fuzzer/php-fuzz-tracing-jit $OUT/
# Copy opcache.so extension, which does not support static linking.
mkdir -p $OUT/modules
cp modules/opcache.so $OUT/modules
fi
# copy corpora from source
for fuzzerName in `ls sapi/fuzzer/corpus`; do
zip -j $OUT/php-fuzz-${fuzzerName}_seed_corpus.zip sapi/fuzzer/corpus/${fuzzerName}/*
done
|
