Generate execute corpus in generate_all.php

And add crypt() to the function blacklist, it can be very slow.

Author: nikic

sapi/fuzzer/README.md

@@ -25,7 +25,8 @@ When running `make` it creates these binaries in `sapi/fuzzer/`:
 * `php-fuzz-unserializehash`: Fuzzing unserialize() for HashContext objects
 * `php-fuzz-json`: Fuzzing JSON parser (requires --enable-json)
 * `php-fuzz-exif`: Fuzzing `exif_read_data()` function (requires --enable-exif)
-* `php-fuzz-mbstring`: fuzzing `mb_ereg[i]()` (requires --enable-mbstring)
+* `php-fuzz-mbstring`: Fuzzing `mb_ereg[i]()` (requires --enable-mbstring)
+* `php-fuzz-execute`: Fuzzing the executor
 
 Some fuzzers have a seed corpus in `sapi/fuzzer/corpus`. You can use it as follows:
 

sapi/fuzzer/fuzzer-sapi.c

@@ -50,6 +50,8 @@ const char HARDCODED_INI[] =
 	",chgrp,chmod,chown,copy,file_put_contents,lchgrp,lchown,link,mkdir"
 	",move_uploaded_file,rename,rmdir,symlink,tempname,touch,unlink,fopen"
 	",fsockopen,stream_socket_pair,stream_socket_client"
+	/* crypt() can be very slow. */
+	",crypt"
 	/* openlog() has a known memory-management issue. */
 	",openlog"
 ;

sapi/fuzzer/generate_all.php

@@ -2,3 +2,4 @@
 require __DIR__ . '/generate_unserialize_dict.php';
 require __DIR__ . '/generate_unserializehash_corpus.php';
 require __DIR__ . '/generate_parser_corpus.php';
+require __DIR__ . '/generate_execute_corpus.php';