Skip to content

Use of uninitialised value in adjust_strength() src/cdef_apply_tmpl.c

Reproduced with commit c0351e1b

Steps to reproduce:

  1. build dav1d with CFLAGS="-Og -g"
  2. replay testcase with valgrind -q ./dav1d_fuzzer testcase.ivf

testcase.ivf

Conditional jump or move depends on uninitialised value(s)
   at 0x16AE42: adjust_strength (cdef_apply_tmpl.c:76)
   by 0x16B089: dav1d_cdef_brow_8bpc (cdef_apply_tmpl.c:171)
   by 0x13D48E: dav1d_filter_sbrow_8bpc (recon_tmpl.c:1474)
   by 0x11B3D3: dav1d_decode_frame (decode.c:2673)
   by 0x11C5D5: dav1d_submit_frame (decode.c:3040)
   by 0x10EFA3: dav1d_parse_obus (obu.c:1137)
   by 0x10B2AB: dav1d_decode (lib.c:201)
   by 0x109E40: LLVMFuzzerTestOneInput (dav1d_fuzzer.c:101)
   by 0x109FE5: main (main.c:112)

Conditional jump or move depends on uninitialised value(s)
   at 0x16AE49: adjust_strength (cdef_apply_tmpl.c:77)
   by 0x16B089: dav1d_cdef_brow_8bpc (cdef_apply_tmpl.c:171)
   by 0x13D48E: dav1d_filter_sbrow_8bpc (recon_tmpl.c:1474)
   by 0x11B3D3: dav1d_decode_frame (decode.c:2673)
   by 0x11C5D5: dav1d_submit_frame (decode.c:3040)
   by 0x10EFA3: dav1d_parse_obus (obu.c:1137)
   by 0x10B2AB: dav1d_decode (lib.c:201)
   by 0x109E40: LLVMFuzzerTestOneInput (dav1d_fuzzer.c:101)
   by 0x109FE5: main (main.c:112)

   ...
Edited by Tyson Smith
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

VideoLAN code repository instance