Make sure dummy file for fuzzing exists

Author: nikic

sapi/fuzzer/fuzzer-execute-common.h

@@ -20,6 +20,7 @@
 #include "fuzzer-sapi.h"
 #include "zend_exceptions.h"
 
+#define FILE_NAME "/tmp/fuzzer.php"
 #define MAX_STEPS 1000
 #define MAX_SIZE (8 * 1024)
 static uint32_t steps_left;
@@ -102,12 +103,19 @@ static void fuzzer_init_php_for_execute(const char *extra_ini) {
 	zend_compile_string = fuzzer_compile_string;
 }
 
+ZEND_ATTRIBUTE_UNUSED static void create_file(void) {
+	/* For opcache_invalidate() to work, the dummy file name used for fuzzing needs to
+	 * actually exist. */
+	FILE *f = fopen(FILE_NAME, "w");
+	fclose(f);
+}
+
 ZEND_ATTRIBUTE_UNUSED static void opcache_invalidate(void) {
 	steps_left = MAX_STEPS;
 	zend_exception_save();
 	zval retval, func, args[2];
 	ZVAL_STRING(&func, "opcache_invalidate");
-	ZVAL_STRING(&args[0], "/fuzzer.php");
+	ZVAL_STRING(&args[0], FILE_NAME);
 	ZVAL_TRUE(&args[1]);
 	call_user_function(CG(function_table), NULL, &func, &retval, 2, args);
 	ZEND_ASSERT(Z_TYPE(retval) == IS_TRUE);

sapi/fuzzer/fuzzer-execute.c

@@ -25,7 +25,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 
 	steps_left = MAX_STEPS;
 	fuzzer_do_request_from_buffer(
-		"/fuzzer.php", (const char *) Data, Size, /* execute */ 1, /* before_shutdown */ NULL);
+		FILE_NAME, (const char *) Data, Size, /* execute */ 1, /* before_shutdown */ NULL);
 
 	return 0;
 }

sapi/fuzzer/fuzzer-function-jit.c

@@ -32,14 +32,14 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 	zend_alter_ini_entry_chars(
 		jit_option, "off", sizeof("off")-1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
 	fuzzer_do_request_from_buffer(
-		"/fuzzer.php", (const char *) Data, Size, /* execute */ 1, opcache_invalidate);
+		FILE_NAME, (const char *) Data, Size, /* execute */ 1, opcache_invalidate);
 
 	if (!bailed_out) {
 		steps_left = MAX_STEPS;
 		zend_alter_ini_entry_chars(jit_option,
 			"function", sizeof("function")-1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
 		fuzzer_do_request_from_buffer(
-			"/fuzzer.php", (const char *) Data, Size, /* execute */ 1, opcache_invalidate);
+			FILE_NAME, (const char *) Data, Size, /* execute */ 1, opcache_invalidate);
 	}
 
 	zend_string_release(jit_option);
@@ -59,6 +59,8 @@ int LLVMFuzzerInitialize(int *argc, char ***argv) {
 		"opcache.jit_buffer_size=256M",
 		opcache_path);
 	free(opcache_path);
+
+	create_file();
 	fuzzer_init_php_for_execute(ini_buf);
 	return 0;
 }

sapi/fuzzer/fuzzer-tracing-jit.c

@@ -32,7 +32,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 	zend_alter_ini_entry_chars(
 		jit_option, "off", sizeof("off")-1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
 	fuzzer_do_request_from_buffer(
-		"/fuzzer.php", (const char *) Data, Size, /* execute */ 1, opcache_invalidate);
+		FILE_NAME, (const char *) Data, Size, /* execute */ 1, opcache_invalidate);
 
 	if (!bailed_out) {
 		steps_left = MAX_STEPS;
@@ -41,10 +41,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 		zend_execute_ex = orig_execute_ex;
 		/* Trace & compile */
 		fuzzer_do_request_from_buffer(
-			"/fuzzer.php", (const char *) Data, Size, /* execute */ 1, NULL);
+			FILE_NAME, (const char *) Data, Size, /* execute */ 1, NULL);
 		/* Execute trace */
 		fuzzer_do_request_from_buffer(
-			"/fuzzer.php", (const char *) Data, Size, /* execute */ 1, opcache_invalidate);
+			FILE_NAME, (const char *) Data, Size, /* execute */ 1, opcache_invalidate);
 		zend_execute_ex = fuzzer_execute_ex;
 	}
 
@@ -70,6 +70,8 @@ int LLVMFuzzerInitialize(int *argc, char ***argv) {
 		"opcache.jit_max_root_traces=32768",
 		opcache_path);
 	free(opcache_path);
+
+	create_file();
 	fuzzer_init_php_for_execute(ini_buf);
 	return 0;
 }