The one place for your designs
To enable design management, you'll need to meet the requirements. If you need help, reach out to our support team for assistance.
oss-fuzz: superres issues, heap overflow and uninitilized values
Since the issues are probably related all test cases in a single issue.
- heap overflow in setup_tile:
==1==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61900000052a at pc 0x00000054bfd7 bp
0x7f222a875b90 sp 0x7f222a875b88
WRITE of size 2 at 0x61900000052a thread T4
SCARINESS: 43 (2-byte-write-heap-buffer-overflow-far-from-bounds)
#0 0x54bfd6 in setup_tile /src/dav1d/src/decode.c:2257:36
#1 0x547f4d in dav1d_decode_frame /src/dav1d/src/decode.c:2768:13
#2 0x531d5f in dav1d_frame_task /src/dav1d/src/thread_task.c:44:9
#3 0x7f22316ee6b9 in start_threadclusterfuzz-testcase-minimized-dav1d_fuzzer_mt-5646860283281408
- use of uninitilized value in resize_c/iclip:
==1==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x601684 in iclip /src/dav1d/include/common/intops.h:44:28
#1 0x5fec4d in resize_c /src/dav1d/src/mc_tmpl.c:794:22
#2 0x63b224 in dav1d_filter_sbrow_16bpc /src/dav1d/src/recon_tmpl.c:1620:13
#3 0x4d2bff in dav1d_decode_frame /src/dav1d/src/decode.c:2882:25
#4 0x4aa79d in dav1d_frame_task /src/dav1d/src/thread_task.c:44:9
#5 0x49f1ae in __msan::MsanThread::ThreadStart() /src/llvm/projects/compiler-rt/lib/msan/msan_thread.cc:77
#6 0x7f73351be6b9 in start_threadclusterfuzz-testcase-minimized-dav1d_fuzzer_mt-5741861168218112
- use of uninitilized value in resize_c/iclip:
==1==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x58e7d4 in iclip /src/dav1d/include/common/intops.h:44:28
#1 0x58be67 in resize_c /src/dav1d/src/mc_tmpl.c:794:22
#2 0x64e401 in backup_lpf /src/dav1d/src/lr_apply_tmpl.c:77:13
#3 0x64dab9 in dav1d_lr_copy_lpf_8bpc /src/dav1d/src/lr_apply_tmpl.c:135:13
#4 0x5c70a6 in dav1d_filter_sbrow_8bpc /src/dav1d/src/recon_tmpl.c:1591:9
#5 0x4d216e in dav1d_decode_frame /src/dav1d/src/decode.c:2824:25
#6 0x4da976 in dav1d_submit_frame /src/dav1d/src/decode.c:3270:20
#7 0x4acaa5 in dav1d_parse_obus /src/dav1d/src/obu.c:1208:20
#8 0x4a7607 in dav1d_get_picture /src/dav1d/src/lib.c:214:20
#9 0x49ffb9 in LLVMFuzzerTestOneInput /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:107:19
#10 0x6ab0db in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuz
zer/FuzzerLoop.cpp:571:15
#11 0x663086 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/F
uzzerDriver.cpp:280:6
#12 0x673eaa in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)
) /src/libfuzzer/FuzzerDriver.cpp:713:9
#13 0x6621b1 in main /src/libfuzzer/FuzzerMain.cpp:20:10
#14 0x7f26f631982f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291
#15 0x41e8e8 in _startclusterfuzz-testcase-minimized-dav1d_fuzzer-5658693757042688