1#!/bin/bash -eu 2# Copyright 2019 Google Inc. 3# 4# Licensed under the Apache License, Version 2.0 (the "License"); 5# you may not use this file except in compliance with the License. 6# You may obtain a copy of the License at 7# 8# http://www.apache.org/licenses/LICENSE-2.0 9# 10# Unless required by applicable law or agreed to in writing, software 11# distributed under the License is distributed on an "AS IS" BASIS, 12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13# See the License for the specific language governing permissions and 14# limitations under the License. 15# 16################################################################################ 17 18# PHP's zend_function union is incompatible with the object-size sanitizer 19export CFLAGS="$CFLAGS -fno-sanitize=object-size" 20export CXXFLAGS="$CXXFLAGS -fno-sanitize=object-size" 21 22# Disable JIT profitability checks. 23export CFLAGS="$CFLAGS -DPROFITABILITY_CHECKS=0" 24 25# Make sure the right assembly files are picked 26BUILD_FLAG="" 27if [ "$ARCHITECTURE" = "i386" ]; then 28 BUILD_FLAG="--build=i686-pc-linux-gnu" 29fi 30 31# build project 32./buildconf 33./configure $BUILD_FLAG \ 34 --disable-all \ 35 --enable-debug-assertions \ 36 --enable-option-checking=fatal \ 37 --enable-fuzzer \ 38 --enable-exif \ 39 --enable-opcache \ 40 --without-pcre-jit \ 41 --disable-phpdbg \ 42 --disable-cgi \ 43 --with-pic 44make -j$(nproc) 45 46# Generate corpuses and dictionaries. 47sapi/cli/php sapi/fuzzer/generate_all.php 48 49# Copy dictionaries to expected locations. 50cp sapi/fuzzer/dict/unserialize $OUT/php-fuzz-unserialize.dict 51cp sapi/fuzzer/dict/parser $OUT/php-fuzz-parser.dict 52cp sapi/fuzzer/json.dict $OUT/php-fuzz-json.dict 53 54FUZZERS="php-fuzz-json 55php-fuzz-exif 56php-fuzz-unserialize 57php-fuzz-unserializehash 58php-fuzz-parser 59php-fuzz-execute" 60for fuzzerName in $FUZZERS; do 61 cp sapi/fuzzer/$fuzzerName $OUT/ 62done 63 64# The JIT fuzzer is fundamentally incompatible with memory sanitizer, 65# as that would require the JIT to emit msan instrumentation itself. 66# In practice it is currently also incompatible with ubsan. 67if [ "$SANITIZER" != "memory" ] && [ "$SANITIZER" != "undefined" ]; then 68 cp sapi/fuzzer/php-fuzz-function-jit $OUT/ 69 cp sapi/fuzzer/php-fuzz-tracing-jit $OUT/ 70 71 # Copy opcache.so extension, which does not support static linking. 72 mkdir -p $OUT/modules 73 cp modules/opcache.so $OUT/modules 74fi 75 76# copy corpora from source 77for fuzzerName in `ls sapi/fuzzer/corpus`; do 78 zip -j $OUT/php-fuzz-${fuzzerName}_seed_corpus.zip sapi/fuzzer/corpus/${fuzzerName}/* 79done 80 81