While the cwd-relative lookup worked for the oss-fuzz docker images,
it doesn't seem to work on the cluster infrastructure. Try finding
opcache.so relative to the binary instead.
It's easy to cause stack overflows with degenerate cases like
"$$$$$x" repeated thousands of times. We have no interest in
addressing these.
Make the input size smaller to hopefully avoid these stack
overflows.
We don't want the current working directory to change during
fuzzing, as that breaks corpus access unless an absolute path is
used. I'm not sure why this issue never came up before.
Having zend_execute_ex set is normally not a problem for the
function JIT, but there is an edge case leak due to special
RELEASE_THIS handling during generator creation. As this is an
unsupported mode of operation, reset to the original handler
for the function jit fuzzer as well.
In particular, this allows using the hook without server_context.
The apache2handler implementation now checks that server_context
is available itself, as that's the implementation that cares
about it.
Now that we have generic --enable-address|undefined|memory-sanitizer
options, let the user pick one of these instead of making the fuzzer
enable one implicitly.
Currently, resource IDs are limited to 32-bits. As resource IDs
are not reused, this means that resource ID overflow for
long-running processes is very possible.
This patch switches resource IDs to use zend_long instead, which
means that on 64-bit systems, 64-bit resource IDs will be used.
This makes resource ID overflow practically impossible.
The tradeoff is an 8 byte increase in zend_resource size.
Closes GH-7436.
Restrict the size of string arguments in the hope of avoiding some
very common timeouts with pcre. If this doesn't work, the functions
need to be disabled entirely.
We need to run the full `php_cli_server_request_shutdown()` in case of
failing `php_cli_server_request_startup()`.
Patch contributed by @cataphract.
Closes GH-7322.
While our HTTP parser supports upgrade requests, the code using it does
not. Since upgrade requests are only valid for HTTP/1.1 and we neither
support any higher version, nor HTTPS yet, we do not exit early in case
of such requests, i.e. we ignore them, what is allowed by the specs.
We keep the supporting code in case we can meaningfully support upgrade
requests in the future.
Closes GH-7316.
The built-in Webserver's `on_path`, `on_query_string` and `on_url`
callbacks may be called multiple times from the parser; we must not
simply replace the old values, but need to concatenate the new values
instead.
This appears to be tricky for `on_path` due to the path normalization,
so we fail if the function is called again.
The built-in Webserver logs errors during request parsing to stderr,
but this is ignored by the php_cli_server framework, and apparently the
Webserver does not send a resonse at all in such cases (instead of an
4xx). Thus we can only check that a request with an overly long path
fails.
Closes GH-7207.
