6 files changed, 34 insertions, 3 deletions
diff --git a/config_help.txt b/config_help.txt
index 2c46592c31..d8b027f0e8 100644
--- a/config_help.txt
+++ b/config_help.txt
@@ -131,7 +131,7 @@ Build options:
                          Currently supported backends are 'etw' (Windows) and
                          'lttng' (Linux), or 'yes' for auto-detection. [no]
 
-  -sanitize {address|thread|memory|undefined}
+  -sanitize {address|thread|memory|fuzzer-no-link|undefined}
                          Instrument with the specified compiler sanitizer.
                          Note that some sanitizers cannot be combined;
                          for example, -sanitize address cannot be combined with
diff --git a/configure.json b/configure.json
index ce71e67993..105b51a81c 100644
--- a/configure.json
+++ b/configure.json
@@ -895,6 +895,12 @@
             "autoDetect": false,
             "output": [ "publicConfig" ]
         },
+        "sanitize_fuzzer_no_link": {
+            "label": "Fuzzer (instrumentation only)",
+            "autoDetect": false,
+            "output": [ "publicConfig" ],
+            "purpose": [ "Adds instrumentation for fuzzing to the binaries but links to the usual main function instead of a fuzzer's." ]
+        },
         "sanitize_undefined": {
             "label": "Undefined",
             "autoDetect": false,
@@ -902,7 +908,7 @@
         },
         "sanitizer": {
             "label": "Sanitizers",
-            "condition": "features.sanitize_address || features.sanitize_thread || features.sanitize_memory || features.sanitize_undefined",
+            "condition": "features.sanitize_address || features.sanitize_thread || features.sanitize_memory || features.sanitize_fuzzer_no_link || features.sanitize_undefined",
             "output": [ "sanitizer", "publicConfig" ]
         },
         "coverage_trace_pc_guard": {
@@ -1444,6 +1450,11 @@ Qt can be built in release mode with separate debug information, so
             "type": "error",
             "condition": "features.coverage && !config.clang",
             "message": "Command line option -coverage is only supported with clang compilers."
+        },
+        {
+            "type": "error",
+            "condition": "features.sanitize_fuzzer_no_link && !config.clang",
+            "message": "Command line option -sanitize fuzzer-no-link is only supported with clang compilers."
         }
     ],
 
@@ -1581,7 +1592,13 @@ Configure with '-qreal float' to create a build that is binary-compatible with 5
                 {
                     "section": "Sanitizers",
                     "condition": "features.sanitizer",
-                    "entries": [ "sanitize_address", "sanitize_thread", "sanitize_memory", "sanitize_undefined" ]
+                    "entries": [
+                        "sanitize_address",
+                        "sanitize_thread",
+                        "sanitize_memory",
+                        "sanitize_fuzzer_no_link",
+                        "sanitize_undefined"
+                    ]
                 },
                 {
                     "message": "Code Coverage Instrumentation",
diff --git a/configure.pri b/configure.pri
index 97b9f3bf63..e717a5d305 100644
--- a/configure.pri
+++ b/configure.pri
@@ -53,6 +53,8 @@ defineTest(qtConfCommandline_sanitize) {
             qtConfCommandlineSetInput("sanitize_thread", "yes")
         } else: equals(val, "memory") {
             qtConfCommandlineSetInput("sanitize_memory", "yes")
+        } else: equals(val, "fuzzer-no-link") {
+            qtConfCommandlineSetInput("sanitize_fuzzer_no_link", "yes")
         } else: equals(val, "undefined") {
             qtConfCommandlineSetInput("sanitize_undefined", "yes")
         } else {
diff --git a/mkspecs/common/sanitize.conf b/mkspecs/common/sanitize.conf
index 5e09406cfb..8417fa4c2f 100644
--- a/mkspecs/common/sanitize.conf
+++ b/mkspecs/common/sanitize.conf
@@ -17,6 +17,10 @@ QMAKE_SANITIZE_MEMORY_CFLAGS      = -fsanitize=memory
 QMAKE_SANITIZE_MEMORY_CXXFLAGS    = -fsanitize=memory
 QMAKE_SANITIZE_MEMORY_LFLAGS      = -fsanitize=memory
 
+QMAKE_SANITIZE_FUZZERNL_CFLAGS    = -fsanitize=fuzzer-no-link
+QMAKE_SANITIZE_FUZZERNL_CXXFLAGS  = -fsanitize=fuzzer-no-link
+QMAKE_SANITIZE_FUZZERNL_LFLAGS    = -fsanitize=fuzzer-no-link
+
 QMAKE_SANITIZE_UNDEFINED_CFLAGS   = -fsanitize=undefined
 QMAKE_SANITIZE_UNDEFINED_CXXFLAGS = -fsanitize=undefined
 QMAKE_SANITIZE_UNDEFINED_LFLAGS   = -fsanitize=undefined
diff --git a/mkspecs/features/sanitizer.prf b/mkspecs/features/sanitizer.prf
index c7d72aec80..12ca1a17bd 100644
--- a/mkspecs/features/sanitizer.prf
+++ b/mkspecs/features/sanitizer.prf
@@ -42,6 +42,12 @@ sanitize_thread {
     QMAKE_LFLAGS   += $$QMAKE_SANITIZE_THREAD_LFLAGS
 }
 
+sanitize_fuzzer_no_link {
+    QMAKE_CFLAGS   += $$QMAKE_SANITIZE_FUZZERNL_CFLAGS
+    QMAKE_CXXFLAGS += $$QMAKE_SANITIZE_FUZZERNL_CXXFLAGS
+    QMAKE_LFLAGS   += $$QMAKE_SANITIZE_FUZZERNL_LFLAGS
+}
+
 sanitize_undefined {
     QMAKE_CFLAGS   += $$QMAKE_SANITIZE_UNDEFINED_CFLAGS
     QMAKE_CXXFLAGS += $$QMAKE_SANITIZE_UNDEFINED_CXXFLAGS
diff --git a/tests/libfuzzer/README b/tests/libfuzzer/README
index 57140cebfb..ded04a5798 100644
--- a/tests/libfuzzer/README
+++ b/tests/libfuzzer/README
@@ -17,6 +17,8 @@ To run a test with libFuzzer:
    install libFuzzer for this version of clang explicitly.
 2. Make sure clang and clang++ from this version of clang are found in PATH.
 3. Configure Qt with
+    -platform linux-clang -sanitize fuzzer-no-link
+   or, if you are using clang 5
     -platform linux-clang -coverage trace-pc-guard
    to add the needed code coverage instrumentation. Since speed of execution is crucial for fuzz
    testing, it's recommendable to also use the switches