Glossary

MemorySanitizer (MSan)

A detector for uses of uninitialized memory in C/C++ programs, catching a class of bugs that ASan misses.

MemorySanitizer (MSan) is an LLVM instrumentation tool that tracks every bit of memory for initialization state and reports when uninitialized bytes flow into a conditional branch or are returned to the caller. Uninitialized reads are a common source of information-disclosure vulnerabilities — reading from uninitialized stack or heap bytes can leak cryptographic material or pointer values across security boundaries. MSan carries roughly 3x overhead and requires that all linked code (including system libraries) be compiled with MSan instrumentation; linking uninstrumented libraries produces false positives. For this reason, MSan is typically used in a dedicated fuzzing environment with a fully-instrumented libc. It should not be combined in the same build as AddressSanitizer — each sanitizer requires its own build.

AddressSanitizer (ASan)

A fast memory-error detector that catches heap/stack buffer overflows, use-after-free, and similar bugs at runtime.

UndefinedBehaviorSanitizer (UBSan)

A runtime checker that detects C/C++ undefined behavior — signed overflow, null dereference, misaligned access, and more.

Instrumentation

The process of inserting probes into a program at compile or binary rewrite time to collect runtime information for the fuzzer.

Fuzz Testing

Automated software testing that generates many semi-random inputs to find crashes, hangs, and security vulnerabilities.

libFuzzer

An in-process, coverage-guided fuzzing library built into LLVM that links directly into the target binary.

MemorySanitizer (MSan)

Related