1// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
2// See https://llvm.org/LICENSE.txt for license information.
3// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
4
5// Triggers the bug described here:
6// https://github.com/google/oss-fuzz/issues/2369#issuecomment-490240627
7//
8// In a nutshell, MSan's parameter shadow does not get unpoisoned before calls
9// to LLVMFuzzerTestOneInput. This test case causes the parameter shadow to be
10// poisoned by the call to foo(), which will trigger an MSan false positive on
11// the Size == 0 check if the parameter shadow is still poisoned.
12#include <cstdint>
13#include <cstdio>
14#include <cstdlib>
15#include <cstring>
16
17volatile int zero = 0;
18__attribute__((noinline)) int foo(int arg1, int arg2) { return zero; }
19
20extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
21 if (Size == 0)
22 return 0;
23
24 // Pass uninitialized values to foo(). Since foo doesn't do anything with
25 // them, MSan should not report an error here.
26 int a, b;
27 return foo(a, b);
28}
29