fuzz: add mangled object name to linker script

Previously, we relied on "FuzzerTracePC*(.bss*)" to place libfuzzer's fuzzer::TPC object into our contiguous shared-memory region. This does not work for some libfuzzer builds, so this addition identifies the region by its mangled name: *(.bss._ZN6fuzzer3TPCE); Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Message-id: 20200512030133.29896-4-alxndr@bu.edu Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
qemu · Jun 5, 2020 · 3b11322 · 3b11322
1 parent 6851803
commit 3b11322
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/tests/qtest/fuzz/fork_fuzz.ld b/tests/qtest/fuzz/fork_fuzz.ld
@@ -28,6 +28,11 @@ SECTIONS
 
       /* Internal Libfuzzer TracePC object which contains the ValueProfileMap */
       FuzzerTracePC*(.bss*);
+      /*
+       * In case the above line fails, explicitly specify the (mangled) name of
+       * the object we care about
+       */
+       *(.bss._ZN6fuzzer3TPCE);
   }
   .data.fuzz_end : ALIGN(4K)
   {