[libFuzzer] Unpoison parameters before calling user callback.
Summary:
Fixes an MSan false positive when compiling with
-fsanitize=memory,fuzzer.
See https://github.com/google/oss-fuzz/issues/2369 for more details.
Reviewers: kcc
Reviewed By: kcc
Subscribers: llvm-commits, metzman, eugenis
Tags: #llvm
Differential Revision: https://reviews.llvm.org/D61753
llvm-svn: 360390
GitOrigin-RevId: 3478494c1fdcbbee3e22895dcd6e6919d6c05430
diff --git a/FuzzerExtFunctions.def b/FuzzerExtFunctions.def
index 288a59c..41fa0fd 100644
--- a/FuzzerExtFunctions.def
+++ b/FuzzerExtFunctions.def
@@ -46,3 +46,4 @@
EXT_FUNC(__msan_scoped_disable_interceptor_checks, void, (), false);
EXT_FUNC(__msan_scoped_enable_interceptor_checks, void, (), false);
EXT_FUNC(__msan_unpoison, void, (const volatile void *, size_t size), false);
+EXT_FUNC(__msan_unpoison_param, void, (size_t n), false);
diff --git a/FuzzerLoop.cpp b/FuzzerLoop.cpp
index d1ad3e3..cb3d821 100644
--- a/FuzzerLoop.cpp
+++ b/FuzzerLoop.cpp
@@ -542,6 +542,8 @@
memcpy(DataCopy, Data, Size);
if (EF->__msan_unpoison)
EF->__msan_unpoison(DataCopy, Size);
+ if (EF->__msan_unpoison_param)
+ EF->__msan_unpoison_param(2);
if (CurrentUnitData && CurrentUnitData != Data)
memcpy(CurrentUnitData, Data, Size);
CurrentUnitSize = Size;
@@ -702,7 +704,7 @@
break; // We will mutate this input more in the next rounds.
}
if (Options.ReduceDepth && !FoundUniqFeatures)
- break;
+ break;
}
}
