Add fuzzer SAPIs to the core

Author: smalyshev

sapi/fuzzer/Makefile.frag

@@ -0,0 +1,18 @@
+fuzzer: $(PHP_FUZZER_BINARIES)
+
+FUZZER_BUILD = $(LIBTOOL) --mode=link $(FUZZING_CC) -export-dynamic $(CFLAGS_CLEAN) $(EXTRA_CFLAGS) $(EXTRA_LDFLAGS_PROGRAM) $(LDFLAGS) $(PHP_RPATHS) $(PHP_GLOBAL_OBJS) $(PHP_BINARY_OBJS) $(EXTRA_LIBS) $(ZEND_EXTRA_LIBS) $(FUZZING_LIB) -rpath /ORIGIN/lib
+
+$(SAPI_FUZZER_PATH)/php-fuzz-parser: $(PHP_GLOBAL_OBJS) $(PHP_SAPI_OBJS) $(PHP_FUZZER_PARSER_OBJS)
+	$(FUZZER_BUILD) $(PHP_FUZZER_PARSER_OBJS) -o $@
+
+$(SAPI_FUZZER_PATH)/php-fuzz-unserialize: $(PHP_GLOBAL_OBJS) $(PHP_SAPI_OBJS) $(PHP_FUZZER_UNSERIALIZE_OBJS)
+	$(FUZZER_BUILD) $(PHP_FUZZER_UNSERIALIZE_OBJS) -o $@
+
+$(SAPI_FUZZER_PATH)/php-fuzz-json: $(PHP_GLOBAL_OBJS) $(PHP_SAPI_OBJS) $(PHP_FUZZER_JSON_OBJS)
+	$(FUZZER_BUILD) $(PHP_FUZZER_JSON_OBJS) -o $@
+
+$(SAPI_FUZZER_PATH)/php-fuzz-exif: $(PHP_GLOBAL_OBJS) $(PHP_SAPI_OBJS) $(PHP_FUZZER_EXIF_OBJS)
+	$(FUZZER_BUILD) $(PHP_FUZZER_EXIF_OBJS) -o $@
+
+$(SAPI_FUZZER_PATH)/php-fuzz-mbstring: $(PHP_GLOBAL_OBJS) $(PHP_SAPI_OBJS) $(PHP_FUZZER_MBSTRING_OBJS)
+	$(FUZZER_BUILD) $(PHP_FUZZER_MBSTRING_OBJS) -o $@

sapi/fuzzer/README

@@ -0,0 +1,13 @@
+Fuzzing SAPI for PHP
+
+Enable fuzzing targets with --enable-fuzzer switch.
+
+Your compiler should support -fsanitize=address and you need
+to have Fuzzer library around.
+
+When running `make` it creates these binaries in `sapi/fuzzer/`:
+* php-fuzz-parser - fuzzing language parser
+* php-fuzz-unserialize - fuzzing unserialize() function
+* php-fuzz-json - fuzzing JSON parser
+* php-fuzz-exif - fuzzing exif_read_data() function (use --enable-exif)
+* php-fuzz-mbstring - fuzzing mb_ereg[i] (requires --enable-mbstring)

sapi/fuzzer/config.m4

@@ -0,0 +1,63 @@
+AC_MSG_CHECKING(for clang fuzzer SAPI)
+
+PHP_ARG_ENABLE([fuzzer],,
+  [AS_HELP_STRING([--enable-fuzzer],
+    [Build PHP as clang fuzzing test module (for developers)])],
+  [no])
+
+dnl For newer clang versions see https://llvm.org/docs/LibFuzzer.html#fuzzer-usage
+dnl for relevant flags.
+
+dnl Macro to define fuzzing target
+dnl PHP_FUZZER_TARGET(name, target-var)
+dnl
+AC_DEFUN([PHP_FUZZER_TARGET], [
+  PHP_FUZZER_BINARIES="$PHP_FUZZER_BINARIES $SAPI_FUZZER_PATH/php-fuzz-$1"
+  PHP_SUBST($2)
+  PHP_ADD_SOURCES_X([sapi/fuzzer],[fuzzer-$1.c fuzzer-sapi.c],[],$2)
+])
+
+if test "$PHP_FUZZER" != "no"; then
+  AC_MSG_RESULT([yes])
+  PHP_REQUIRE_CXX()
+  PHP_ADD_MAKEFILE_FRAGMENT($abs_srcdir/sapi/fuzzer/Makefile.frag)
+  SAPI_FUZZER_PATH=sapi/fuzzer
+  PHP_SUBST(SAPI_FUZZER_PATH)
+  if test -z "$LIB_FUZZING_ENGINE"; then
+    FUZZING_LIB="-lFuzzer"
+    FUZZING_CC="$CC"
+    AX_CHECK_COMPILE_FLAG([-fsanitize=address], [
+      CFLAGS="$CFLAGS -fsanitize=address"
+      CXXFLAGS="$CXXFLAGS -fsanitize=address"
+      LDFLAGS="$LDFLAGS -fsanitize=address"
+    ],[
+      AC_MSG_ERROR(compiler doesn't support -fsanitize flags)
+    ])
+  else
+    FUZZING_LIB="-lFuzzingEngine"
+    FUZZING_CC="$CXX -stdlib=libc++"
+  fi
+  PHP_SUBST(FUZZING_LIB)
+  PHP_SUBST(FUZZING_CC)
+
+  dnl PHP_SELECT_SAPI(fuzzer-parser, program, $FUZZER_SOURCES, , '$(SAPI_FUZZER_PATH)')
+
+  PHP_ADD_BUILD_DIR([sapi/fuzzer])
+  PHP_FUZZER_BINARIES=""
+  PHP_INSTALLED_SAPIS="$PHP_INSTALLED_SAPIS fuzzer"
+
+  PHP_FUZZER_TARGET([parser], PHP_FUZZER_PARSER_OBJS)
+  PHP_FUZZER_TARGET([unserialize], PHP_FUZZER_UNSERIALIZE_OBJS)
+  PHP_FUZZER_TARGET([exif], PHP_FUZZER_EXIF_OBJS)
+
+  if test -n "$enable_json" && test "$enable_json" != "no"; then
+    PHP_FUZZER_TARGET([json], PHP_FUZZER_JSON_OBJS)
+  fi
+  if test -n "$enable_mbstring" && test "$enable_mbstring" != "no"; then
+    PHP_FUZZER_TARGET([mbstring], PHP_FUZZER_MBSTRING_OBJS)
+  fi
+
+  PHP_SUBST(PHP_FUZZER_BINARIES)
+fi
+
+AC_MSG_RESULT($PHP_FUZZER)