I am trying to fuzz a particular piece of code using LLVM libFuzzer that only exposes its main() function externally. I have access to the source of the target code, but cannot change it.
If I try to directly include the object file, it conflicts with the main definition provided by -fsanitize=fuzzer. I thought I might be able to solve this by renaming the main symbol in the object file:
objcopy --redefine-sym main=stub_main main.stub main.o
Then in my harness code, I should just declare:
extern int stub_main(int argc, char **argv)
And call stub_main() instead of main(), while including main.stub on the link line. However, this did not seem to work, and the linker cannot find the reference to stub_main(int, char**).
How can I call this main function from another piece of code that also provides its own main()?
You are not accounting for C++'s name mangling. The symbol for stub_main is likely a string containing main as well as some obfuscated info about arguments, type of function, and return type. In my platform it's __Z9stub_mainiPPc. The symbol for main would likely just be main or main_.
You can try looking how main and stub_main definitions mangle in your platform with objdump -d *.o, and then you can replace these strings with objcopy --redefine-sym.
Alternatively, as matoro said, you can declare the function as extern "C" so that no name mangling takes place.