Skip to content

oss-fuzz: negative-size-param in dav1d_backup_ipred_edge_8bpc() src/recon_tmpl.c

Reproduced with commit acde4240

Steps to reproduce:

  1. build dav1d with AddressSanitizer (-fsanitize=address)
  2. replay testcase with ./dav1d_fuzzer clusterfuzz-testcase-minimized-dav1d_fuzzer-5707479116152832

clusterfuzz-testcase-minimized-dav1d_fuzzer-5707479116152832

==1==ERROR: AddressSanitizer: negative-size-param: (size=-56)
    #0 0x4ea203 in __asan_memcpy _asan_rtl_
    #1 0x5b70ad in dav1d_backup_ipred_edge_8bpc src/recon_tmpl.c:1504:5
    #2 0x54510f in dav1d_decode_tile_sbrow src/decode.c:2333:9
    #3 0x54b691 in dav1d_decode_frame src/decode.c:2668:29
    #4 0x55088e in dav1d_submit_frame src/decode.c:3041:20
    #5 0x5384ef in dav1d_parse_obus src/obu.c:1110:20
    #6 0x5356a6 in dav1d_decode src/lib.c:201:20
    #7 0x53209b in LLVMFuzzerTestOneInput tests/libfuzzer/dav1d_fuzzer.c:83:19
    #8 0x53003e in ExecuteFilesOnyByOne(int, char**) /src/libfuzzer/afl/afl_driver.cpp:301:5
    #9 0x5305ae in main /src/libfuzzer/afl/afl_driver.cpp:339:12
    #10 0x7fd8f519782f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

VideoLAN code repository instance