fuzz/mutator_aux: make sure msan is triggered

consume() does a read over a chunk of data to make sure it is
addressable and completely initialised. that, however, is not enough
to trigger msan - you need to either branch on uninitialised memory,
or use __msan_check_mem_is_initialized(). for clarity, opt for the
latter.

fuzz/libfuzzer.c

@@ -12,10 +12,6 @@
 
 #include "mutator_aux.h"
 
-#ifdef WITH_MSAN
-#include <sanitizer/msan_interface.h>
-#endif
-
 static bool debug;
 static unsigned long long test_fail;
 static unsigned long long test_total;

fuzz/mutator_aux.c

@@ -35,6 +35,10 @@ consume(const void *body, size_t len)
 	const volatile uint8_t *ptr = body;
 	volatile uint8_t x = 0;
 
+#ifdef WITH_MSAN
+	__msan_check_mem_is_initialized(body, len);
+#endif
+
 	while (len--)
 		x ^= *ptr++;
 }

fuzz/mutator_aux.h

@@ -23,6 +23,7 @@
 
 #if defined(__has_feature)
 # if  __has_feature(memory_sanitizer)
+#  include <sanitizer/msan_interface.h>
 #  define NO_MSAN	__attribute__((no_sanitize("memory")))
 #  define WITH_MSAN	1
 # endif