blob: bcf50804d738d8f9b734c3b2887df1952e7b7018 [file] [log] [blame]
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// Triggers the bug described here:
// In a nutshell, MSan's parameter shadow does not get unpoisoned before calls
// to LLVMFuzzerTestOneInput. This test case causes the parameter shadow to be
// poisoned by the call to foo(), which will trigger an MSan false positive on
// the Size == 0 check if the parameter shadow is still poisoned.
#include <cstdint>
#include <cstdio>
#include <cstdlib>
#include <cstring>
volatile int zero = 0;
__attribute__((noinline)) int foo(int arg1, int arg2) { return zero; }
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
if (Size == 0)
return 0;
// Pass uninitialized values to foo(). Since foo doesn't do anything with
// them, MSan should not report an error here.
int a, b;
return foo(a, b);