From 72e51701c7558321b7fed8b8988b1775d63f16fd Mon Sep 17 00:00:00 2001
From: Tom Anderson <thomasanderson@chromium.org>
Date: Fri, 11 Nov 2022 01:29:16 +0000
Subject: [PATCH] [MSAN] Suppress false-positive in
 HTTPTransportLibcurl::WriteResponseBody

This bug was found when trying to upgrading the MSAN bots from Ubuntu
18.04 (where this codepath was not hit) to 20.04.  The following MSAN
error is produced when running HTTPTransport/HTTPTransport.*

==3496553==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x5616c540ad7d in __is_long buildtools/third_party/libc++/trunk/include/string:1674:33
    #1 0x5616c540ad7d in size buildtools/third_party/libc++/trunk/include/string:1069:17
    #2 0x5616c540ad7d in crashpad::(anonymous namespace)::HTTPTransportLibcurl::WriteResponseBody(char*, unsigned long, unsigned long, void*) third_party/crashpad/crashpad/util/net/http_transport_libcurl.cc:528:50
    ...
    SUMMARY: MemorySanitizer: use-of-uninitialized-value buildtools/third_party/libc++/trunk/include/string:1674:33 in __is_long
  ORIGIN: invalid (0). Might be a bug in MemorySanitizer origin tracking.

The memory is initialized in http_transport_test.cc:293, but MSAN gets
confused.  Given the message output by MSAN (ORIGIN: invalid (0).
Might be a bug in MemorySanitizer origin tracking), this appears
to be a bug in MSAN, not crashpad, so this CL suppresses the error.

Bug: chromium: 1260217
Change-Id: I2d6a46e3489816270cc1fee776793ffafe0147e4
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4015160
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Thomas Anderson <thomasanderson@chromium.org>
---
 util/net/http_transport_libcurl.cc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/util/net/http_transport_libcurl.cc b/util/net/http_transport_libcurl.cc
index f9f14c05..d5c9177f 100644
--- a/util/net/http_transport_libcurl.cc
+++ b/util/net/http_transport_libcurl.cc
@@ -522,6 +522,10 @@ size_t HTTPTransportLibcurl::WriteResponseBody(char* buffer,
                                                size_t size,
                                                size_t nitems,
                                                void* userdata) {
+#if defined(MEMORY_SANITIZER)
+  // Work around an MSAN false-positive in passing `userdata`.
+  __msan_unpoison(&userdata, sizeof(userdata));
+#endif
   std::string* response_body = reinterpret_cast<std::string*>(userdata);
 
   // This libcurl callback mimics the silly stdio-style fread() interface: size