diff --git a/sapi/fuzzer/fuzzer-execute-common.h b/sapi/fuzzer/fuzzer-execute-common.h index f5113a5b0e41f..081ab4d30e823 100644 --- a/sapi/fuzzer/fuzzer-execute-common.h +++ b/sapi/fuzzer/fuzzer-execute-common.h @@ -127,15 +127,16 @@ ZEND_ATTRIBUTE_UNUSED static void create_file(void) { ZEND_ATTRIBUTE_UNUSED static void opcache_invalidate(void) { steps_left = MAX_STEPS; zend_exception_save(); - zval retval, func, args[2]; - ZVAL_STRING(&func, "opcache_invalidate"); + zval retval, args[2]; + zend_function *fn = zend_hash_str_find_ptr(CG(function_table), ZEND_STRL("opcache_invalidate")); + ZEND_ASSERT(fn != NULL); + ZVAL_STRING(&args[0], FILE_NAME); ZVAL_TRUE(&args[1]); - call_user_function(CG(function_table), NULL, &func, &retval, 2, args); + zend_call_known_function(fn, NULL, NULL, &retval, 2, args, NULL); ZEND_ASSERT(Z_TYPE(retval) == IS_TRUE); zval_ptr_dtor(&args[0]); zval_ptr_dtor(&retval); - zval_ptr_dtor(&func); zend_exception_restore(); } diff --git a/sapi/fuzzer/fuzzer-sapi.c b/sapi/fuzzer/fuzzer-sapi.c index baf77ae0463b3..5014a51cca4f2 100644 --- a/sapi/fuzzer/fuzzer-sapi.c +++ b/sapi/fuzzer/fuzzer-sapi.c @@ -292,11 +292,13 @@ int fuzzer_do_request_from_buffer( // Call named PHP function with N zval arguments void fuzzer_call_php_func_zval(const char *func_name, int nargs, zval *args) { - zval retval, func; + zval retval; + + zend_function *fn = zend_hash_str_find_ptr(CG(function_table), func_name, strlen(func_name)); + ZEND_ASSERT(fn != NULL); - ZVAL_STRING(&func, func_name); ZVAL_UNDEF(&retval); - call_user_function(CG(function_table), NULL, &func, &retval, nargs, args); + zend_call_known_function(fn, NULL, NULL, &retval, nargs, args, NULL); // TODO: check result? /* to ensure retval is not broken */ @@ -304,7 +306,6 @@ void fuzzer_call_php_func_zval(const char *func_name, int nargs, zval *args) { /* cleanup */ zval_ptr_dtor(&retval); - zval_ptr_dtor(&func); } // Call named PHP function with N string arguments