fuzz: fix expected section start/end symbol name on MacOS when linking libfuzzer

tjog · alexrp · commit 2e35fdd03203 · 2025-04-26T14:35:03.000+02:00
Not only is the section name when adding the sancov variables different. The linker symbol ending up in the binary is also different. Reference: https://github.com/llvm/llvm-project/blob/60105ac6bab130c2694fc7f5b7b6a5fddaaab752/llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp#L1076-L1104
diff --git a/lib/fuzzer.zig b/lib/fuzzer.zig
@@ -468,27 +468,42 @@ export fn fuzzer_init(cache_dir_struct: Fuzzer.Slice) void {
     // Linkers are expected to automatically add `__start_<section>` and
     // `__stop_<section>` symbols when section names are valid C identifiers.
 
+    const ofmt = builtin.object_format;
+
+    const start_symbol_prefix: []const u8 = if (ofmt == .macho)
+        "\x01section$start$__DATA$__"
+    else
+        "__start___";
+    const end_symbol_prefix: []const u8 = if (ofmt == .macho)
+        "\x01section$end$__DATA$__"
+    else
+        "__end___";
+
+    const pc_counters_start_name = start_symbol_prefix ++ "sancov_cntrs";
     const pc_counters_start = @extern([*]u8, .{
-        .name = "__start___sancov_cntrs",
+        .name = pc_counters_start_name,
         .linkage = .weak,
-    }) orelse fatal("missing __start___sancov_cntrs symbol", .{});
+    }) orelse fatal("missing {s} symbol", .{pc_counters_start_name});
 
+    const pc_counters_end_name = end_symbol_prefix ++ "sancov_cntrs";
     const pc_counters_end = @extern([*]u8, .{
-        .name = "__stop___sancov_cntrs",
+        .name = pc_counters_end_name,
         .linkage = .weak,
-    }) orelse fatal("missing __stop___sancov_cntrs symbol", .{});
+    }) orelse fatal("missing {s} symbol", .{pc_counters_end_name});
 
     const pc_counters = pc_counters_start[0 .. pc_counters_end - pc_counters_start];
 
+    const pcs_start_name = start_symbol_prefix ++ "sancov_pcs1";
     const pcs_start = @extern([*]usize, .{
-        .name = "__start___sancov_pcs1",
+        .name = pcs_start_name,
         .linkage = .weak,
-    }) orelse fatal("missing __start___sancov_pcs1 symbol", .{});
+    }) orelse fatal("missing {s} symbol", .{pcs_start_name});
 
+    const pcs_end_name = end_symbol_prefix ++ "sancov_pcs1";
     const pcs_end = @extern([*]usize, .{
-        .name = "__stop___sancov_pcs1",
+        .name = pcs_end_name,
         .linkage = .weak,
-    }) orelse fatal("missing __stop___sancov_pcs1 symbol", .{});
+    }) orelse fatal("missing {s} symbol", .{pcs_end_name});
 
     const pcs = pcs_start[0 .. pcs_end - pcs_start];
 
