1 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 2 // See https://llvm.org/LICENSE.txt for license information. 3 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 4 5 // Triggers the bug described here: 6 // https://github.com/google/oss-fuzz/issues/2369#issuecomment-490240627 7 // 8 // In a nutshell, MSan's parameter shadow does not get unpoisoned before calls 9 // to LLVMFuzzerTestOneInput. This test case causes the parameter shadow to be 10 // poisoned by the call to foo(), which will trigger an MSan false positive on 11 // the Size == 0 check if the parameter shadow is still poisoned. 12 #include <cstdint> 13 #include <cstdio> 14 #include <cstdlib> 15 #include <cstring> 16 17 volatile int zero = 0; 18 __attribute__((noinline)) int foo(int arg1, int arg2) { return zero; } 19 20 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { 21 if (Size == 0) 22 return 0; 23 24 // Pass uninitialized values to foo(). Since foo doesn't do anything with 25 // them, MSan should not report an error here. 26 int a, b; 27 return foo(a, b); 28 } 29