oss-fuzz: Assertion 'dc <= (1 << BITDEPTH) - 1' failed in splat_dc() src/ipred.c
Reproduced with commit 46e2a2d0
Steps to reproduce:
- build dav1d with -Dbuildtype=debugoptimized
- replay testcase with
./dav1d_fuzzer clusterfuzz-testcase-minimized-dav1d_fuzzer-5674936551604224
clusterfuzz-testcase-minimized-dav1d_fuzzer-5674936551604224
dav1d_fuzzer: src/ipred.c:44: void splat_dc(pixel *, const ptrdiff_t, const int, const int, const unsigned int): Assertion `dc <= (1 << BITDEPTH) - 1' failed.
==1==ERROR: AddressSanitizer: ABRT on unknown address 0x000000000001 (pc 0x7fa9261b4428 bp 0x00000075cc40 sp 0x7fff3dac4948 T0)
SCARINESS: 10 (signal)
#0 0x7fa9261b4427 in gsignal /build/glibc-Cl5G7W/glibc-2.23/sysdeps/unix/sysv/linux/raise.c:54
#1 0x7fa9261b6029 in abort /build/glibc-Cl5G7W/glibc-2.23/stdlib/abort.c:89
#2 0x7fa9261acbd6 in __assert_fail_base /build/glibc-Cl5G7W/glibc-2.23/assert/assert.c:92
#3 0x7fa9261acc81 in __assert_fail /build/glibc-Cl5G7W/glibc-2.23/assert/assert.c:101
#4 0x6511a6 in splat_dc src/ipred.c:44:5
#5 0x6780f0 in dav1d_recon_b_intra_16bpc src/recon.c:982:25
#6 0x5e5cde in decode_b src/decode.c:1096:13
#7 0x5d4823 in decode_sb src/decode.c:2080:17
#8 0x5d488a in decode_sb src/decode.c:2076:17
#9 0x5d3589 in dav1d_decode_tile_sbrow src/decode.c:2323:13
#10 0x5da35b in dav1d_decode_frame src/decode.c:2668:29
#11 0x5df8bd in dav1d_submit_frame src/decode.c:3041:20
#12 0x5c603a in dav1d_parse_obus src/obu.c:1110:20