| Issue |
131653
|
| Summary |
MSan false positive on x86_64
|
| Labels |
false-positive
|
| Assignees |
|
| Reporter |
k-kashapov
|
Consider the following program:
test.c:
```c
#include <stdio.h>
#include <stdarg.h>
#include <stdint.h>
int test_args(int count, ...);
typedef struct test_str { int64_t a; int64_t b; } test_str;
void msan_va_args(int count, ...) {
va_list ap;
va_start(ap, count);
int c = va_arg(ap, int);
printf("c = %d\n", c);
va_end(ap);
}
int main(int argc, char **argv) {
test_str str;
test_args(4, str, str, str, str);
}
```
nosan.c:
```c
#include <stdarg.h>
#include <stdint.h>
void msan_va_args(int count, ...);
int test_args(int count, ...) {
int tmp = 9;
msan_va_args(1, tmp);
return 0;
}
```
Notice, that we passed an initialized argument to the function here.
Compile it whith following instrumentation:
```bash
$ clang-19 test.c -ggdb3 -c -o obj/test.o -fsanitize=memory,undefined
$ clang-19 nosan.c -ggdb3 -c -o obj/nosan.o
$ clang-19 obj/nosan.o obj/test.o -o a.out -fsanitize=memory,undefined
```
So, `nosan.c` is compiled without MemorySanitizer instrumentation.
We get an output:
```
$ ./a.out
==28083==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x5db78e2d5003 in msan_va_args /home/user/test_san/test.c:12:5
#1 0x5db78e2d4c63 in test_args /home/user/test_san/nosan.c:8:5
#2 0x5db78e2d512d in main /home/user/test_san/test.c:18:5
#3 0x778b7a229d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#4 0x778b7a229e3f in __libc_start_main csu/../csu/libc-start.c:392:3
#5 0x5db78e23d2e4 in _start (/home/user/test_san/a.out+0x322e4)
SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/user/test_san/test.c:13:5 in msan_va_args
Exiting
```
Is this an expected behaviour? If not, how should memory sanitizer behave, when linked against a non-instrumented code?
@vitalybuka @EugeneZelenko
![]()
_______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
