Skip to content

oss-fuzz: integer overflow in boxsum5sqr()

Running command: /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_dav1d_1dba850c6be01aadc39811634b000cc38db48773/revisions/dav1d_fuzzer_mt -timeout=25 -rss_limit_mb=2048 -runs=100 /fuzz-1
	INFO: Seed: 380585682
	INFO: Loaded 1 modules   (17535 inline 8-bit counters): 17535 [0x86d418, 0x871897),
	INFO: Loaded 1 PC tables (17535 PCs): 17535 [0x871898,0x8b6088),
	/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_dav1d_1dba850c6be01aadc39811634b000cc38db48773/revisions/dav1d_fuzzer_mt: Running 1 inputs 100 time(s) each.
	Running: /fuzz-1
	../../src/dav1d/src/looprestoration_tmpl.c:382:32: runtime error: signed integer overflow: 65520 * 65520 cannot be represented in type 'int'
	    #0 0x55b260 in boxsum5sqr /src/dav1d/src/looprestoration_tmpl.c:382:32
	    #1 0x559522 in selfguided_filter /src/dav1d/src/looprestoration_tmpl.c:431:9
	    #2 0x558455 in selfguided_c /src/dav1d/src/looprestoration_tmpl.c:562:9
	    #3 0x5c1160 in lr_stripe /src/dav1d/src/lr_apply_tmpl.c:0
	    #4 0x5c0ba7 in lr_sbrow /src/dav1d/src/lr_apply_tmpl.c:271:13
	    #5 0x5c26b6 in dav1d_lr_sbrow_16bpc /src/dav1d/src/lr_apply_tmpl.c:310:13
	    #6 0x577750 in dav1d_filter_sbrow_16bpc /src/dav1d/src/recon_tmpl.c:2009:9
	    #7 0x4d5822 in dav1d_decode_frame /src/dav1d/src/decode.c:3069:25
	    #8 0x4b4064 in dav1d_frame_task /src/dav1d/src/thread_task.c:45:25
	    #9 0x7f426dedc6b9 in start_thread

clusterfuzz-testcase-minimized-dav1d_fuzzer_mt-5076736684851200

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

VideoLAN code repository instance