stack-buffer-overflow in av1_get_fwd_ref_ctx() src/env.h
Found with commit 6ac49461
Steps to reproduce:
- build dav1d with AddressSanitizer
- run attached testcase with dav1d executable ./dav1d -i testcase.ivf -o out.ivf
==16685==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f5715e6411c at pc 0x0000005684b7 bp 0x7fffe9513c90 sp 0x7fffe9513c88
READ of size 4 at 0x7f5715e6411c thread T0
#0 0x5684b6 in av1_get_fwd_ref_ctx src/env.h:367:52
#1 0x5684b6 in decode_b src/decode.c:1525
#2 0x532161 in decode_sb src/decode.c
#3 0x5315d0 in decode_sb src/decode.c:2070:17
#4 0x52fcb7 in dav1d_decode_tile_sbrow src/decode.c:2319:13
#5 0x53d42d in dav1d_decode_frame src/decode.c:2662:29
#6 0x545acf in dav1d_submit_frame src/decode.c:3032:20
#7 0x51c43e in dav1d_parse_obus src/obu.c:1079:20
#8 0x517504 in dav1d_decode src/lib.c:193:20
#9 0x51294d in LLVMFuzzerTestOneInput tests/libfuzzer/dav1d_fuzzer.c:75:19
Address 0x7f5715e6411c is located in stack of thread T0 at offset 284 in frame
#0 0x54763f in decode_b src/decode.c:674