【环境信息】
x86
【测试版本】
Name: LibRaw
Version: 0.20.2

【注意事项】
受影响版本排查（受影响/不受影响）
1、master
2、openEuler-20.03-LTS-SP3
3、openEuler-20.03-LTS-SP1
4、openEuler-20.03-LTS-SP2
5、openEuler-20.03-LTS
6、openEuler-21.03
7、openEuler-20.03-LTS-Next
8、openEuler-21.09
9、openEuler-22.03-LTS
10、openEuler-22.03-LTS-Next
11、openEuler-20.09
12、openEuler-23.03
一、【测试步骤】
1、编译
python3 infra/helper.py build_fuzzers --sanitizer memory libraw
2、执行
python3 infra/helper.py run_fuzzer libraw libraw_fuzzer

【报错信息】
NG: MemorySanitizer: use-of-uninitialized-value
#0 0x7b4fb5 in LibRaw::median4(int*) /src/libraw/src/decoders/smal.cpp:122:9
#1 0x7b54b4 in LibRaw::fill_holes(int) /src/libraw/src/decoders/smal.cpp:144:23
#2 0x7b66fb in LibRaw::smal_v9_load_raw() /src/libraw/src/decoders/smal.cpp:178:5
#3 0x523ffa in LibRaw::unpack() /src/libraw/src/decoders/unpack.cpp:411:7
#4 0x521d6b in LLVMFuzzerTestOneInput /src/libraw_fuzzer.cc:47:20
#5 0x4594e1 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15
#6 0x458c25 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3
#7 0x45acf7 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19
#8 0x45b775 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocatorfuzzer::SizedFile >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:832:5
#9 0x44a74e in fuzzer::FuzzerDriver(int*, char***, int ()(unsigned char const, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:826:6
#10 0x472f22 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10
#11 0x7f799e85482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#12 0x41ee58 in _start (/out/libraw_fuzzer+0x41ee58)

Uninitialized value was stored to memory at
#0 0x7b559b in LibRaw::fill_holes(int) /src/libraw/src/decoders/smal.cpp:141:14
#1 0x7b66fb in LibRaw::smal_v9_load_raw() /src/libraw/src/decoders/smal.cpp:178:5
#2 0x523ffa in LibRaw::unpack() /src/libraw/src/decoders/unpack.cpp:411:7
#3 0x521d6b in LLVMFuzzerTestOneInput /src/libraw_fuzzer.cc:47:20
#4 0x4594e1 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15
#5 0x458c25 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3
#6 0x45acf7 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19
#7 0x45b775 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocatorfuzzer::SizedFile >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:832:5
#8 0x44a74e in fuzzer::FuzzerDriver(int*, char***, int ()(unsigned char const, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:826:6
#9 0x472f22 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10
#10 0x7f799e85482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Uninitialized value was created by a heap allocation
#0 0x4d28ad in malloc /src/llvm-project/compiler-rt/lib/msan/msan_interceptors.cpp:901:3
#1 0x5708be in libraw_memmgr::malloc(unsigned long) /src/libraw/./libraw/libraw_alloc.h:49:17
#2 0x56f51f in LibRaw::malloc(unsigned long) /src/libraw/src/utils/utils_libraw.cpp:256:20
#3 0x523625 in LibRaw::unpack() /src/libraw/src/decoders/unpack.cpp:360:37
#4 0x521d6b in LLVMFuzzerTestOneInput /src/libraw_fuzzer.cc:47:20
#5 0x4594e1 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15
#6 0x458c25 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3
#7 0x45acf7 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19
#8 0x45b775 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocatorfuzzer::SizedFile >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:832:5
#9 0x44a74e in fuzzer::FuzzerDriver(int*, char***, int ()(unsigned char const, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:826:6
#10 0x472f22 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10
#11 0x7f799e85482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: MemorySanitizer: use-of-uninitialized-value /src/libraw/src/decoders/smal.cpp:122:9 in LibRaw::median4(int*)
Unique heap origins: 318
Stack depot allocated bytes: 30944
Unique origin histories: 3776
History depot allocated bytes: 90624
Exiting
MS: 2 CopyPart-ChangeBit-; base unit: 371c15442b7534211ae36112545af7292ba5ea5a
0x49,0x49,0x9,0x43,0x0,0x0,0x0,0xff,0xff,0xff,0xff,0xd3,0x29,0xd3,0xd3,0xd3,0xd3,0xd3,0xd3,0xf8,0x49,0x0,0x50,0x0,0xa,0xa,0x50,0xa,0xa,0x0,0x0,0xc7,0xf8,0x50,0xa,0xf8,0x50,0x0,0xa,0x50,0x0,0xa,0x50,0xa,0xa,0x0,0xa,0xa,0x50,0x0,0xf8,0x50,0x0,0xa,0x50,0xa,0xa,0x0,0x0,0x50,0x0,0xa,0xa,0xd3,0xd3,0x50,0xa,
II\x09C\x00\x00\x00\xff\xff\xff\xff\xd3)\xd3\xd3\xd3\xd3\xd3\xd3\xf8I\x00P\x00\x0a\x0aP\x0a\x0a\x00\x00\xc7\xf8P\x0a\xf8P\x00\x0aP\x00\x0aP\x0a\x0a\x00\x0a\x0aP\x00\xf8P\x00\x0aP\x0a\x0a\x00\x00P\x00\x0a\x0a\xd3\xd3P\x0a
artifact_prefix='./'; Test unit written to ./crash-14724c6189abc1920f639979cf44036bcc87f759
Base64: SUkJQwAAAP/////TKdPT09PT0/hJAFAACgpQCgoAAMf4UAr4UAAKUAAKUAoKAAoKUAD4UAAKUAoKAABQAAoK09NQCg==
【预期结果】
运行无异常

【实际结果】
./crash-14724c6189abc1920f639979cf44036bcc87f759

【复现步骤】
python3 infra/helper.py reproduce libraw libraw_fuzzer ./crash-14724c6189abc1920f639979cf44036bcc87f759