This commits add a temporary stack to handle libfuzzer crashes in
Fuchsia.
Crashes in fuchsia are handled via exception channels: an exception
handler thread waits for an exception, and when one happs, it will try
to "resurrect" the crashed thread by writing the registers onto the
stack and changing the PC to a crash trampoline, which then calls
libfuzzer's static crash handler.
If the crashed thread has an invalid stack, writing the registers onto
the stack will fail. The end result is that the fuzzer would hang and
the error would be reported as a time out.
To solve it, we set up a temporary stack of a few pages so the crash
handler can run. This crash handler will end the application, so we are
not expected to resume normal execution.
The code changes three stacks: The SafeStack (current sp pointer), the
UnsafeStack (stored at an offset from the Thread Pointer), and the
ShadowCallStack if it's available.
You want to do this regardless of how the fuzzer library itself was compiled.
The SCSP in x18 is part of the --target=aarch64-fuchsia ABI.