Hi! Looking at the recent PHP security issues, it is clear that many of them are stemming from corner cases in various format-parsing code, and most of them either is or can be found by fuzzers.
Thus, I've made an initial integration for PHP on OSS-fuzz project - a fuzzing engine for testing open source projects. PHP configuration sits here: https://github.com/google/oss-fuzz/tree/master/projects/php and implementation of fuzzers is here: https://github.com/php/php-fuzzing-sapi So far we have three fuzzers enabled: JSON, EXIF and mbstring. I plan also to add basic phar fuzzer soon. Everybody is welcome to add more fuzzers - with priority on ones that actually deal with third-party data, e.g. language parser fuzzer is not enabled right now, because people usually do not run random byte streams as PHP scripts on their servers. On the other hand, people do apply EXIF or gd functions to third-party data, so a vulnerability in that code would be high priority. That said, fuzzers can be run independently of OSS-Fuzz, so if you feel inspired to add a fuzzer for any code please do so. -- Stas Malyshev smalys...@gmail.com -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
