[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 3/4] fuzz: add mangled object name to linker script
|
From: |
Alexander Bulekov |
|
Subject: |
[PATCH 3/4] fuzz: add mangled object name to linker script |
|
Date: |
Mon, 11 May 2020 23:01:32 -0400 |
Previously, we relied on "FuzzerTracePC*(.bss*)" to place libfuzzer's
fuzzer::TPC object into our contiguous shared-memory region. This does
not work for some libfuzzer builds, so this addition identifies the
region by its mangled name: *(.bss._ZN6fuzzer3TPCE);
Signed-off-by: Alexander Bulekov <address@hidden>
---
tests/qtest/fuzz/fork_fuzz.ld | 5 +++++
1 file changed, 5 insertions(+)
This isn't ideal, but I looked at the libfuzzer builds packaged for
debian, for versions 6, 7, 8, 9, 10 and 11 and this (mangled) object
name appears consistently in the symbol tables.
diff --git a/tests/qtest/fuzz/fork_fuzz.ld b/tests/qtest/fuzz/fork_fuzz.ld
index e086bba873..bfb667ed06 100644
--- a/tests/qtest/fuzz/fork_fuzz.ld
+++ b/tests/qtest/fuzz/fork_fuzz.ld
@@ -28,6 +28,11 @@ SECTIONS
/* Internal Libfuzzer TracePC object which contains the ValueProfileMap
*/
FuzzerTracePC*(.bss*);
+ /*
+ * In case the above line fails, explicitly specify the (mangled) name of
+ * the object we care about
+ */
+ *(.bss._ZN6fuzzer3TPCE);
}
.data.fuzz_end : ALIGN(4K)
{
--
2.26.2