| Message ID | 20200512030133.29896-4-alxndr@bu.edu (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | None | expand |
On Monday, 2020-05-11 at 23:01:32 -04, Alexander Bulekov wrote: > Previously, we relied on "FuzzerTracePC*(.bss*)" to place libfuzzer's > fuzzer::TPC object into our contiguous shared-memory region. This does > not work for some libfuzzer builds, so this addition identifies the > region by its mangled name: *(.bss._ZN6fuzzer3TPCE); > > Signed-off-by: Alexander Bulekov <alxndr@bu.edu> FWIW, since I'm not really familiar with the syntax, but I understand what the intent is: Reviewed-by: Darren Kenny <darren.kenny@oracle.com> > --- > tests/qtest/fuzz/fork_fuzz.ld | 5 +++++ > 1 file changed, 5 insertions(+) > > This isn't ideal, but I looked at the libfuzzer builds packaged for > debian, for versions 6, 7, 8, 9, 10 and 11 and this (mangled) object > name appears consistently in the symbol tables. > > diff --git a/tests/qtest/fuzz/fork_fuzz.ld b/tests/qtest/fuzz/fork_fuzz.ld > index e086bba873..bfb667ed06 100644 > --- a/tests/qtest/fuzz/fork_fuzz.ld > +++ b/tests/qtest/fuzz/fork_fuzz.ld > @@ -28,6 +28,11 @@ SECTIONS > > /* Internal Libfuzzer TracePC object which contains the ValueProfileMap */ > FuzzerTracePC*(.bss*); > + /* > + * In case the above line fails, explicitly specify the (mangled) name of > + * the object we care about > + */ > + *(.bss._ZN6fuzzer3TPCE); > } > .data.fuzz_end : ALIGN(4K) > { > -- > 2.26.2
diff --git a/tests/qtest/fuzz/fork_fuzz.ld b/tests/qtest/fuzz/fork_fuzz.ld index e086bba873..bfb667ed06 100644 --- a/tests/qtest/fuzz/fork_fuzz.ld +++ b/tests/qtest/fuzz/fork_fuzz.ld @@ -28,6 +28,11 @@ SECTIONS /* Internal Libfuzzer TracePC object which contains the ValueProfileMap */ FuzzerTracePC*(.bss*); + /* + * In case the above line fails, explicitly specify the (mangled) name of + * the object we care about + */ + *(.bss._ZN6fuzzer3TPCE); } .data.fuzz_end : ALIGN(4K) {
Previously, we relied on "FuzzerTracePC*(.bss*)" to place libfuzzer's fuzzer::TPC object into our contiguous shared-memory region. This does not work for some libfuzzer builds, so this addition identifies the region by its mangled name: *(.bss._ZN6fuzzer3TPCE); Signed-off-by: Alexander Bulekov <alxndr@bu.edu> --- tests/qtest/fuzz/fork_fuzz.ld | 5 +++++ 1 file changed, 5 insertions(+) This isn't ideal, but I looked at the libfuzzer builds packaged for debian, for versions 6, 7, 8, 9, 10 and 11 and this (mangled) object name appears consistently in the symbol tables.