Use of uninitialised value in decode_coefs() src/recon_tmpl.c
Reproduced with commit c0351e1b
Steps to reproduce:
- build dav1d with CFLAGS="-Og -g"
- replay testcase with Valgrind
valgrind -q ./dav1d_fuzzer testcase.ivf
Conditional jump or move depends on uninitialised value(s)
at 0x14BB56: decode_coefs (recon_tmpl.c:105)
by 0x14CEAA: read_coef_tree (recon_tmpl.c:309)
by 0x15042F: dav1d_recon_b_inter_16bpc (recon_tmpl.c:1376)
by 0x113F4F: decode_b (decode.c:1258)
by 0x118EE8: decode_sb (decode.c:1876)
by 0x118FA9: decode_sb (decode.c:1917)
by 0x118FA9: decode_sb (decode.c:1917)
by 0x11A230: dav1d_decode_tile_sbrow (decode.c:2323)
by 0x11B3B1: dav1d_decode_frame (decode.c:2668)
by 0x11C5D5: dav1d_submit_frame (decode.c:3040)
by 0x10EFA3: dav1d_parse_obus (obu.c:1137)
by 0x10B2AB: dav1d_decode (lib.c:201)