diff --git a/common-session.c b/common-session.c
index 41bf5b3..96dd4dc 100644
--- a/common-session.c
+++ b/common-session.c
@@ -152,8 +152,9 @@ void session_loop(void(*loophandler)(void)) {
 
 		timeout.tv_sec = select_timeout();
 		timeout.tv_usec = 0;
-		FD_ZERO(&writefd);
-		FD_ZERO(&readfd);
+		DROPBEAR_FD_ZERO(&writefd);
+		DROPBEAR_FD_ZERO(&readfd);
+
 		dropbear_assert(ses.payload == NULL);
 
 		/* We get woken up when signal handlers write to this pipe.
@@ -204,8 +205,8 @@ void session_loop(void(*loophandler)(void)) {
 			 * want to iterate over channels etc for reading, to handle
 			 * server processes exiting etc. 
 			 * We don't want to read/write FDs. */
-			FD_ZERO(&writefd);
-			FD_ZERO(&readfd);
+			DROPBEAR_FD_ZERO(&writefd);
+			DROPBEAR_FD_ZERO(&readfd);
 		}
 		
 		/* We'll just empty out the pipe if required. We don't do
@@ -406,7 +407,7 @@ static int ident_readln(int fd, char* buf, int count) {
 		return -1;
 	}
 
-	FD_ZERO(&fds);
+	DROPBEAR_FD_ZERO(&fds);
 
 	/* select since it's a non-blocking fd */
 	
diff --git a/dbrandom.c b/dbrandom.c
index 838f8ca..0a55bc5 100644
--- a/dbrandom.c
+++ b/dbrandom.c
@@ -88,7 +88,7 @@ process_file(hash_state *hs, const char *filename,
  			timeout.tv_sec  = 2;
  			timeout.tv_usec = 0;
 
-			FD_ZERO(&read_fds);
+			DROPBEAR_FD_ZERO(&read_fds);
 			FD_SET(readfd, &read_fds);
 			res = select(readfd + 1, &read_fds, NULL, NULL, &timeout);
 			if (res == 0)
diff --git a/dbutil.h b/dbutil.h
index 7d1c3e1..7cb9d68 100644
--- a/dbutil.h
+++ b/dbutil.h
@@ -88,4 +88,11 @@ char * expand_homedir_path(const char *inpath);
 
 void fsync_parent_dir(const char* fn);
 
+#if DROPBEAR_MSAN
+/* FD_ZERO seems to leave some memory uninitialized. clear it to avoid false positives */
+#define DROPBEAR_FD_ZERO(fds) do { memset((fds), 0x0, sizeof(fd_set)); FD_ZERO(fds); } while(0)
+#else
+#define DROPBEAR_FD_ZERO(fds) FD_ZERO(fds)
+#endif
+
 #endif /* DROPBEAR_DBUTIL_H_ */
diff --git a/fuzz-wrapfd.c b/fuzz-wrapfd.c
index 313a110..ed8968a 100644
--- a/fuzz-wrapfd.c
+++ b/fuzz-wrapfd.c
@@ -2,6 +2,8 @@
 #include "includes.h"
 #include "fuzz-wrapfd.h"
 
+#include "dbutil.h"
+
 #include "fuzz.h"
 
 #define IOWRAP_MAXFD (FD_SETSIZE-1)
@@ -195,7 +197,7 @@ int wrapfd_select(int nfds, fd_set *readfds, fd_set *writefds,
 				nset++;
 			}
 		}
-		FD_ZERO(readfds);
+		DROPBEAR_FD_ZERO(readfds);
 
 		if (nset > 0) {
 			/* set one */
@@ -222,7 +224,7 @@ int wrapfd_select(int nfds, fd_set *readfds, fd_set *writefds,
 				nset++;
 			}
 		}
-		FD_ZERO(writefds);
+		DROPBEAR_FD_ZERO(writefds);
 
 		/* set one */
 		if (nset > 0) {
diff --git a/svr-main.c b/svr-main.c
index 6f3144b..0a39b70 100644
--- a/svr-main.c
+++ b/svr-main.c
@@ -178,7 +178,7 @@ static void main_noinetd() {
 	/* incoming connection select loop */
 	for(;;) {
 
-		FD_ZERO(&fds);
+		DROPBEAR_FD_ZERO(&fds);
 		
 		/* listening sockets */
 		for (i = 0; i < listensockcount; i++) {
diff --git a/sysoptions.h b/sysoptions.h
index 0028199..942e724 100644
--- a/sysoptions.h
+++ b/sysoptions.h
@@ -318,4 +318,15 @@ If you test it please contact the Dropbear author */
 
 #define DROPBEAR_TRACKING_MALLOC (DROPBEAR_FUZZ)
 
+/* Used to work around Memory Sanitizer false positives */
+#if defined(__has_feature)
+#  if __has_feature(memory_sanitizer)
+#    define DROPBEAR_MSAN 1
+#  endif
+#endif
+#ifndef DROPBEAR_MSAN 
+#define DROPBEAR_MSAN 0
+#endif
+
+
 /* no include guard for this file */