Assertion 'seg_id < 8' failed in get_prev_frame_segid() src/decode.c
Reproduced with commit c1b0808c
Steps to reproduce:
- replay testcase with
./dav1d_fuzzer testcase.ivf
dav1d_fuzzer: src/decode.c:680: unsigned int get_prev_frame_segid(const Dav1dFrameContext *const, const int, const int, const int, int, const uint8_t *, const ptrdiff_t): Assertion `seg_id < 8' failed.
==20435==ERROR: AddressSanitizer: ABRT on unknown address 0x03e800004fd3 (pc 0x7f9b81967e97 bp 0x7f9b81ae07d8 sp 0x7fff1547e5f0 T0)
#0 0x7f9b81967e96 in __libc_signal_restore_set /build/glibc-OTsEL5/glibc-2.27/signal/../sysdeps/unix/sysv/linux/nptl-signals.h:80
#1 0x7f9b81967e96 in gsignal /build/glibc-OTsEL5/glibc-2.27/signal/../sysdeps/unix/sysv/linux/raise.c:48
#2 0x7f9b81969800 in abort /build/glibc-OTsEL5/glibc-2.27/stdlib/abort.c:79
#3 0x7f9b81959399 in __assert_fail_base /build/glibc-OTsEL5/glibc-2.27/assert/assert.c:92
#4 0x7f9b81959411 in __assert_fail /build/glibc-OTsEL5/glibc-2.27/assert/assert.c:101
#5 0x5a0ba0 in get_prev_frame_segid src/decode.c:680:5
#6 0x5a0ba0 in decode_b src/decode.c:773
#7 0x54f56a in decode_sb src/decode.c:2050:17
#8 0x54c396 in dav1d_decode_tile_sbrow src/decode.c:2464:13
#9 0x55af6d in dav1d_decode_frame src/decode.c:2825:29
#10 0x5637ca in dav1d_submit_frame src/decode.c:3271:20
#11 0x532411 in dav1d_parse_obus src/obu.c:1314:20
#12 0x52cda8 in dav1d_get_picture src/lib.c:271:20
#13 0x526650 in LLVMFuzzerTestOneInput tests/libfuzzer/dav1d_fuzzer.c:117:19
#14 0x526dbf in main tests/libfuzzer/main.c:116:13