oss-fuzz: Assertion 'a >= 0 && a < (1 << bits)' in get_relative_dist src/ref_mvs.c
Reproduced with commit acde4240
Steps to reproduce:
- replay testcase with
./dav1d_fuzzer clusterfuzz-testcase-dav1d_fuzzer-5679083342528512
clusterfuzz-testcase-dav1d_fuzzer-5679083342528512
==1==ERROR: AddressSanitizer: ABRT on unknown address 0x000000000001 (pc 0x7f4217e72428 bp 0x000000698800 sp 0x7ffee4223248 T0)
#0 0x7f4217e72427 in gsignal /build/glibc-Cl5G7W/glibc-2.23/sysdeps/unix/sysv/linux/raise.c:54
#1 0x7f4217e74029 in abort /build/glibc-Cl5G7W/glibc-2.23/stdlib/abort.c:89
#2 0x7f4217e6abd6 in __assert_fail_base /build/glibc-Cl5G7W/glibc-2.23/assert/assert.c:92
#3 0x7f4217e6ac81 in __assert_fail /build/glibc-Cl5G7W/glibc-2.23/assert/assert.c:101
#4 0x57574f in get_relative_dist src/ref_mvs.c:613:3
#5 0x57523f in av1_init_ref_mv_common src/ref_mvs.c:2121:42
#6 0x54a0ba in dav1d_decode_frame src/decode.c:2526:25
#7 0x55088e in dav1d_submit_frame src/decode.c:3041:20
#8 0x5384ef in dav1d_parse_obus src/obu.c:1110:20
#9 0x5356a6 in dav1d_decode src/lib.c:201:20
#10 0x53209b in LLVMFuzzerTestOneInput tests/libfuzzer/dav1d_fuzzer.c:83:19
#11 0x53003e in ExecuteFilesOnyByOne(int, char**) /src/libfuzzer/afl/afl_driver.cpp:301:5
#12 0x5305ae in main /src/libfuzzer/afl/afl_driver.cpp:339:12
Edited by Tyson Smith