compiler-rt/test/fuzzer/MsanParamUnpoison.cpp

   1 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
   2 // See https://llvm.org/LICENSE.txt for license information.
   3 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
   4
   5 // Triggers the bug described here:
   6 // https://github.com/google/oss-fuzz/issues/2369#issuecomment-490240627
   7 //
   8 // In a nutshell, MSan's parameter shadow does not get unpoisoned before calls
   9 // to LLVMFuzzerTestOneInput.  This test case causes the parameter shadow to be
  10 // poisoned by the call to foo(), which will trigger an MSan false positive on
  11 // the Size == 0 check if the parameter shadow is still poisoned.
  12 #include <cstdint>
  13 #include <cstdio>
  14 #include <cstdlib>
  15 #include <cstring>
  16
  17 volatile int zero = 0;
  18 __attribute__((noinline)) int foo(int arg1, int arg2) { return zero; }
  19
  20 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
  21   if (Size == 0)
  22     return 0;
  23
  24   // Pass uninitialized values to foo().  Since foo doesn't do anything with
  25   // them, MSan should not report an error here.
  26   int a, b;
  27   return foo(a, b);
  28 }