memory sanitizer: not tracking memory initialization with getrandom #852
Description
The fuzzing of expat by oss-fuzz turned up a false positive because msan isn't tracking memory writes by the new Linux getrandom interface. This can be either used via a syscall or via the new getrandom() function in latest glibc versions.
msan should intercept those calls and properly track them.
Here's a minimal example that shows both variants (compiled with -DSYSCALL gives the syscall interface variant, without it uses the getrandom() call). It shouldn't show any use of uninitialized memory (unless you pass more than 4 parameters), but it does:
#include <unistd.h>
#include <sys/syscall.h>
#include <sys/random.h>
int main(int argc, char** argv) {
unsigned char x[5];
#ifdef SYSCALL
syscall(SYS_getrandom, x, 5, 0);
#else
getrandom(x, 5, 0);
#endif
if(x[argc]) return 1;
}
Compiled with msan it says:
==15128==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x490179 in main /tmp/syscall-getrandom.c:12:5
#1 0x7f1d39a96520 in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.25-r4/work/glibc-2.25/csu/../csu/libc-start.c:295
#2 0x41a1b9 in _start (/tmp/a.out+0x41a1b9)
SUMMARY: MemorySanitizer: use-of-uninitialized-value /tmp/syscall-getrandom.c:12:5 in main