oss-fuzz: ASSERT "np > 0 && np <= 8" in derive_warpmv
Steps to reproduce
- possibly build with
-Db_sanitize=undefined
- run
./dav1d_fuzzer_mt clusterfuzz-testcase-minimized-dav1d_fuzzer_mt-5687624891629568
clusterfuzz-testcase-minimized-dav1d_fuzzer_mt-5687624891629568
dav1d_fuzzer_mt: ../../src/dav1d/src/decode.c:326: void derive_warpmv(const Dav1dTileContext *const, const int, const int, const uint64_t *, const struct mv, WarpedMotionParams *const): Assertion `np > 0 && np <= 8' failed.
UndefinedBehaviorSanitizer:DEADLYSIGNAL
==1==ERROR: UndefinedBehaviorSanitizer: ABRT on unknown address 0x000000000001 (pc 0x7f5c4aae5428 bp 0x00000058b958 sp 0x7f5c48e2b708 T15)
#0 0x7f5c4aae5427 in gsignal /build/glibc-Cl5G7W/glibc-2.23/sysdeps/unix/sysv/linux/raise.c:54
#1 0x7f5c4aae7029 in abort /build/glibc-Cl5G7W/glibc-2.23/stdlib/abort.c:89
#2 0x7f5c4aaddbd6 in __assert_fail_base /build/glibc-Cl5G7W/glibc-2.23/assert/assert.c:92
#3 0x7f5c4aaddc81 in __assert_fail /build/glibc-Cl5G7W/glibc-2.23/assert/assert.c:101
#4 0x450c15 in derive_warpmv /src/dav1d/src/decode.c:326:5
#5 0x4427a7 in decode_b /src/dav1d/src/decode.c:734:17
#6 0x43ac6f in decode_sb /src/dav1d/src/decode.c:1926:17
#7 0x43b99c in decode_sb /src/dav1d/src/decode.c:1974:21
#8 0x439453 in dav1d_decode_tile_sbrow /src/dav1d/src/decode.c:2239:17
#9 0x43246e in dav1d_tile_task /src/dav1d/src/thread_task.c:89:29
#10 0x7f5c4b7ac6b9 in start_thread
#11 0x7f5c4abb741c in clone /build/glibc-Cl5G7W/glibc-2.23/sysdeps/unix/sysv/linux/x86_64/clone.S:109