Similarly, Valgrind detected this error:

https://build.chromium.org/p/chromium.memory.fyi/builders/Chromium%20OS%20%28valgrind%29%283%29/builds/41797

Use of uninitialised value of size 8
modp_b64_encode (third_party/modp_b64/modp_b64.cc:91)
base::Base64Encode(base::BasicStringPiece<std::basic_string<char, std::char_traits<char>, std::allocator<char> > > const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> >*) (base/base64.cc:18)
remoting::protocol::(anonymous namespace)::EncodeBinaryValueToXml(buzz::StaticQName const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (remoting/protocol/spake2_authenticator.cc:47)
remoting::protocol::Spake2Authenticator::GetNextMessage() (remoting/protocol/spake2_authenticator.cc:269)
remoting::protocol::AuthenticatorTestBase::ContinueAuthExchangeWith(remoting::protocol::Authenticator*, remoting::protocol::Authenticator*, bool, bool) (remoting/protocol/authenticator_test_base.cc:104)
Suppression (error hash=#99578F322FD96DEF#):
For more info on using suppressions see http://dev.chromium.org/developers/tree-sheriffs/sheriff-details-chromium/memory-sheriff#TOC-Suppressing-memory-reports
{
<insert_a_suppression_name_here>
Memcheck:Uninitialized
fun:modp_b64_encode
fun:_ZN4base12Base64EncodeERKNS_16BasicStringPieceISsEEPSs
fun:_ZN8remoting8protocol12_GLOBAL__N_122EncodeBinaryValueToXmlERKN4buzz11StaticQNameERKSs
fun:_ZN8remoting8protocol19Spake2Authenticator14GetNextMessageEv
fun:_ZN8remoting8protocol21AuthenticatorTestBase24ContinueAuthExchangeWithEPNS0_13AuthenticatorES3_bb
}

UninitCondition
Conditional jump or move depends on uninitialised value(s)
remoting::protocol::Spake2Authenticator::ProcessMessageInternal(buzz::XmlElement const*) (remoting/protocol/spake2_authenticator.cc:235)
remoting::protocol::Spake2Authenticator::ProcessMessage(buzz::XmlElement const*, base::Callback<void ()> const&) (remoting/protocol/spake2_authenticator.cc:154)
remoting::protocol::AuthenticatorTestBase::ContinueAuthExchangeWith(remoting::protocol::Authenticator*, remoting::protocol::Authenticator*, bool, bool) (remoting/protocol/authenticator_test_base.cc:109)
Suppression (error hash=#17DC1A8F9E43A2F4#):
For more info on using suppressions see http://dev.chromium.org/developers/tree-sheriffs/sheriff-details-chromium/memory-sheriff#TOC-Suppressing-memory-reports
{
<insert_a_suppression_name_here>
Memcheck:Uninitialized
fun:_ZN8remoting8protocol19Spake2Authenticator22ProcessMessageInternalEPKN4buzz10XmlElementE
fun:_ZN8remoting8protocol19Spake2Authenticator14ProcessMessageEPKN4buzz10XmlElementERKN4base8CallbackIFvvEEE
fun:_ZN8remoting8protocol21AuthenticatorTestBase24ContinueAuthExchangeWithEPNS0_13AuthenticatorES3_bb
}

Actually reassigning to davidben. Please work with arnarb to work this out:

MSAN gave a nice explanation of why this is happening - in third_party/boringssl/src/crypto/curve25519/curve25519.c, x25519_ge_scalarmult() declares a struct ge_cached named |selected|. |selected| is initialized via cmov_cached(), which just calls fe_cmov() for each struct member. struct fe is initialized in fe_cmov() as |f|, where we have:

----
int32_t x = f[i] ^ g[i];
x &= b;
f[i] ^= x;
----

... the value we set in f[i] depends on the uninitialized value in f[i]. :\ Should |selected| be zeroed out before calling cmov_cached() ?

FTR, https://codereview.chromium.org/1778223003/ reverted the tests, so the memory.fyi remoting tests should go green.

This is constant-time code which is always a little funny like this. equal(j, index) will be one for exactly one iteration of the loop. At that iteration in the loop, fe_cmov will set f to g and in the other iterations it will leave it alone.

But, sure, we can initialize it to zero to shut the sanitizers up.

https://boringssl-review.googlesource.com/7415

The following revision refers to this bug:
  https://boringssl.googlesource.com/boringssl.git/+/08791e6756c3fbee0ef1bdc104a74ab212501bb6

commit 08791e6756c3fbee0ef1bdc104a74ab212501bb6
Author: David Benjamin <davidben@google.com>
Date: Thu Mar 10 17:41:19 2016

Appease sanitizers in x25519_ge_scalarmult.

Although exactly one iteration of cmov_cached will always initialize selected,
it ends up messing with uninitialized memory. Initialize |selected| before the
loop.

BUG= 593540 

Change-Id: I5921843f68c6dd1dc7f752538825bc43ba75df4a
Reviewed-on: https://boringssl-review.googlesource.com/7415
Reviewed-by: Arnar Birgisson <arnarb@google.com>
Reviewed-by: David Benjamin <davidben@google.com>

[modify] https://crrev.com/08791e6756c3fbee0ef1bdc104a74ab212501bb6/crypto/curve25519/curve25519.c

I'll roll BoringSSL shortly and then this will get picked up.

 Issue 593912  has been merged into this issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a82a64f7655b8d7bab7fd9ac347ffe4a52b11d6b

commit a82a64f7655b8d7bab7fd9ac347ffe4a52b11d6b
Author: davidben <davidben@chromium.org>
Date: Fri Mar 11 07:09:58 2016

Roll src/third_party/boringssl/src ba70118d8..a857159dd

https://boringssl.googlesource.com/boringssl/+log/ba70118d8ea7bb0232554bbd70606703bde5bde3..a857159dd61204bfe93bd8e2f00448434e8b0b99

BUG= 593540 
TBR=svaldez@chromium.org

Review URL: https://codereview.chromium.org/1786463002

Cr-Commit-Position: refs/heads/master@{#380565}

[modify] https://crrev.com/a82a64f7655b8d7bab7fd9ac347ffe4a52b11d6b/DEPS

This should be fixed now.