brintos

brintos / llvm-project-archived public Read only

0
0
Text · 1.0 KiB · bcf5080 Raw
29 lines · cpp
1// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.2// See https://llvm.org/LICENSE.txt for license information.3// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception4 5// Triggers the bug described here:6// https://github.com/google/oss-fuzz/issues/2369#issuecomment-4902406277//8// In a nutshell, MSan's parameter shadow does not get unpoisoned before calls9// to LLVMFuzzerTestOneInput.  This test case causes the parameter shadow to be10// poisoned by the call to foo(), which will trigger an MSan false positive on11// the Size == 0 check if the parameter shadow is still poisoned.12#include <cstdint>13#include <cstdio>14#include <cstdlib>15#include <cstring>16 17volatile int zero = 0;18__attribute__((noinline)) int foo(int arg1, int arg2) { return zero; }19 20extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {21  if (Size == 0)22    return 0;23 24  // Pass uninitialized values to foo().  Since foo doesn't do anything with25  // them, MSan should not report an error here.26  int a, b;27  return foo(a, b);28}29