diff --git a/expat/memory-sanitizer-blacklist.txt b/expat/memory-sanitizer-blacklist.txt
new file mode 100644
index 00000000..166e6a14
--- /dev/null
+++ b/expat/memory-sanitizer-blacklist.txt
@@ -0,0 +1,6 @@
+# Line "hash_secret_salt = generate_hash_secret_salt(parser);"
+# is mis-reported as use-of-uninitialized-value because
+# its call to writeRandomBytes_getrandom uses syscall
+# SYS_getrandom and MemorySanitizer does not seem to understand that
+# as writing bytes to that memory (which it does).
+fun:startParsing
diff --git a/expat/qa.sh b/expat/qa.sh
index cb11b87a..56bc3492 100755
--- a/expat/qa.sh
+++ b/expat/qa.sh
@@ -55,7 +55,7 @@ main() {
         ;;
     memory)
         # http://clang.llvm.org/docs/MemorySanitizer.html
-        BASE_FLAGS+=" -fsanitize=memory -fno-omit-frame-pointer -g -O2"
+        BASE_FLAGS+=" -fsanitize=memory -fno-omit-frame-pointer -g -O2 -fsanitize-memory-track-origins -fsanitize-blacklist=memory-sanitizer-blacklist.txt"
         ;;
     ncc)
         # http://students.ceid.upatras.gr/~sxanth/ncc/