On Mon, Jul 29, 2019 at 2:48 AM Stanislav Malyshev <smalys...@gmail.com> wrote:
> Hi! > > As you probably know, we've been running PHP fuzzing under Google's > OSS-Fuzz[1] project for a while now (and found and fixed some bugs due > to it). > > This has been enabled by the PHP fuzzing API SAPI[2] which currently > lives in a separate repository. Since the setup is working pretty well > for a while now, I would like to propose to merge it into core > repository as a core SAPI, and make Travis CI setup build it as part of > the CI tests. > > This would ensure the fuzzing scripts are not broken by core changes > (happened several times recently) and would provide wider exposure to > the fuzzing setup we have, hopefully prompting extension authors and > other contributors to add more fuzzing modules to it, thus enhancing PHP > security and reliability. > > Are there any objections or suggestions about this? Do we need an RFC > for it? Note that this is only for master branch (only master is being > fuzzed now), though it would not be hard to port to other branches if > there's interest, the fuzzer should work on pretty much any recent > branch with small code changes. > > [1] https://github.com/google/oss-fuzz/ > [2] https://github.com/php/php-fuzzing-sapi Sounds good to me. Feel free to submit a PR for review. Nikita
