Skip to content

oss-fuzz: Add a test case for hbd flag change

=================================================================
==71453==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x629000009a40 at pc 0x00010dad0530 bp 0x7ffee25c2ab0 sp 0x7ffee25c2278
READ of size 948 at 0x629000009a40 thread T0
    #0 0x10dad052f in __asan_memcpy+0x1af (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x4652f)
    #1 0x10d8b6cf7 in backup_lpf lr_apply_tmpl.c:88
    #2 0x10d8b6157 in dav1d_lr_copy_lpf_16bpc lr_apply_tmpl.c:148
    #3 0x10d9064f3 in dav1d_filter_sbrow_deblock_rows_16bpc recon_tmpl.c:2076
    #4 0x10d908e96 in dav1d_filter_sbrow_16bpc recon_tmpl.c:2154
    #5 0x10d723442 in dav1d_decode_frame_main decode.c:3331
    #6 0x10d724123 in dav1d_decode_frame decode.c:3396
    #7 0x10d72d11a in dav1d_submit_frame decode.c:3767
    #8 0x10d7ce192 in dav1d_parse_obus obu.c:1608
    #9 0x10d90dbe9 in gen_picture lib.c:394
    #10 0x10d90db12 in dav1d_send_data lib.c:424
    #11 0x10d63b888 in LLVMFuzzerTestOneInput dav1d_fuzzer.c:164
    #12 0x10d63c7c1 in main main.c:94
    #13 0x7fff20626f3c in start+0x0 (libdyld.dylib:x86_64+0x15f3c)

0x629000009a40 is located 0 bytes to the right of 18496-byte region [0x629000005200,0x629000009a40)
allocated by thread T0 here:
    #0 0x10dad2b73 in wrap_posix_memalign+0xb3 (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x48b73)
    #1 0x10d71ee5f in dav1d_alloc_aligned mem.h:66
    #2 0x10d71a8f6 in dav1d_decode_frame_init decode.c:3127
    #3 0x10d723d13 in dav1d_decode_frame decode.c:3378
    #4 0x10d72d11a in dav1d_submit_frame decode.c:3767
    #5 0x10d7ce192 in dav1d_parse_obus obu.c:1608
    #6 0x10d90dbe9 in gen_picture lib.c:394
    #7 0x10d90db12 in dav1d_send_data lib.c:424
    #8 0x10d63b888 in LLVMFuzzerTestOneInput dav1d_fuzzer.c:164
    #9 0x10d63c7c1 in main main.c:94
    #10 0x7fff20626f3c in start+0x0 (libdyld.dylib:x86_64+0x15f3c)
Edited by Victorien Le Couviour--Tuffet

Merge request reports