<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/96772>96772</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            libfuzzer passes null pointers to functions whose parameters are marked __non_null
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          apasel422
      </td>
    </tr>
</table>

<pre>
    [`Fuzzer::FileToVector`](https://github.com/llvm/llvm-project/blob/b579aacc30bc02e8430c0b59af644f52ece71160/compiler-rt/lib/fuzzer/FuzzerIO.cpp#L41) returns a `std::vector` whose `data` pointer is `nullptr` when the given file is empty.

Eventually, some of these `nullptr`s are passed as arguments to functions whose parameters are annotated as `__nonnull` (at least on some platforms), e.g. `memcpy`. Even though the 0-size is properly propagated, it is apparently still undefined behavior to pass null pointers in these cases, resulting in the UndefinedBehaviorSanitizer (correctly) flagging such instances.

- [`memcpy` example](https://github.com/llvm/llvm-project/blob/dead8f845f2549db5dec16b59b80d3e321948674/compiler-rt/lib/fuzzer/FuzzerLoop.cpp#L599) / [glibc declaration](https://sourceware.org/git/?p=glibc.git;a=blob;f=string/string.h;h=d2d5c5f1f91490bcc499d1391f9c9573f642bb99;hb=HEAD#l43)
- [`memcmp` example](https://github.com/llvm/llvm-project/blob/dead8f845f2549db5dec16b59b80d3e321948674/compiler-rt/lib/fuzzer/FuzzerLoop.cpp#L583) / [glibc declaration](https://sourceware.org/git/?p=glibc.git;a=blob;f=string/string.h;h=d2d5c5f1f91490bcc499d1391f9c9573f642bb99;hb=HEAD#l64)

Originally found in https://issues.chromium.org/issues/349505543.
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzUVU2P5CYQ_TX0BY2FAX9w8GEmvVYirbSHfFxXGAqbBIMFuDc9vz7C7tnVJpGSKKe92O4qXvFe8bqQKdnZAwyoeUHN9SL3vIQ4yE0mcJzSyxT0_Ui2ZNxfXyEi9ozY82gd_BR-AZVDRC1BzRXRfsl5SyVPR0TH2eZlnyoVVkRH525vr6cthl9BZUTHyYWpvJpOSKkUI5MiFHrOiCJTI6RpOTcNBQVdXbcE0VGFdbMO4lMseGcL3Jy86HgS_OFDpbYNUfae14gKHCHv0ScsMWpJyvoUcHujjj8tIUHJaZllCWzB-gwR21Sifnduy4-V4HFeAM_2Bh4b66AsgnXL9wqRKyLP5_PdDXzepXN3RL_DKayAgynIc6MvJROWEfAmUwKNZfk17yv4nHAO2OxeZRt8elDcZJQrZIgnSnofsswnELXk40cffCldqCLay4wdyJRx8CeFzclsQlwToqLwgmquCnCFVW131JIKF-I4L2Gfl0MoeUr29RC5xbBBdPfjQ85l31LD5pKU2yYj-OzuOGXrHN69BmM9aDzBIm82xCKo6MSF4VuLE7b-0RYlE6RSMULaXbZ-fuTwz2-1Xh6lfpTeZvsKsahUIUZQuXRaYOPkPBdo2tWCrU9ZegXpq7N5wqebP6vG8LtcNwf_z8MapO5NzxtDGy701GhQdTs1YuqJZsBoLXjfdvzfefh9CNubixshijZEx8J8dnZSWINyMsrijr-jncIeFXySEaoQ51NHybBxQ-x6lKhKiL1IxK6HAvZiELumHK0vgPOjWhB7WRC7aqob1ZjaiJoLMinFhdA1E7URSjQdMy2n0yREWT4hdv3-3fMVUeY4K177S9_X7Vvoe8--2b63_HPfz-eHaGfry0TCJuxelz_X19xtSjukSi0xrHZfHwLOKKIj46IhTcNZddED04IJeYGh7mrB67rr-WUZFG0ZVboD0ZKOGSM6qHvZAigx8bYmFztQQjlpaVtzygivamkMbw1oTUwPvEWcwCqtq8pZFwaXY_9BtF1HL05O4NJxGVHq4RM-kojScnHF4fDHtM8JceJsyulLlWyzg8HZ6Tzuc-D-eRT988RdZfwNND4G7ccCvuzRDf_ZuZ97esq6DfSPAAAA__9GS2pE">