Skip to content

oss-fuzz: global-buffer-overflow in obmc() src/recon_tmpl.c

Reproduced with commit 48a7486a

Steps to reproduce:

  1. build dav1d with AddressSanitizer (-fsanitize=address)
  2. replay testcase with ./dav1d_fuzzer_mt clusterfuzz-testcase-dav1d_fuzzer_mt-5702455078158336

clusterfuzz-testcase-dav1d_fuzzer_mt-5702455078158336

==1==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000007616ed at pc 0x0000005dff66 bp 0x7f2a2c3742f0 sp 0x7f2a2c3742e8
READ of size 1 at 0x0000007616ed thread T5
SCARINESS: 22 (1-byte-read-global-buffer-overflow-far-from-bounds)
    #0 0x5dff65 in obmc src/recon_tmpl.c:588:26
    #1 0x5d63ac in dav1d_recon_b_inter_8bpc src/recon_tmpl.c:1126:23
    #2 0x54eeba in decode_b src/decode.c:736:17
    #3 0x542117 in decode_sb src/decode.c:1932:17
    #4 0x5409a1 in decode_sb src/decode.c:1886:16
    #5 0x5409a1 in decode_sb src/decode.c:1886:16
    #6 0x53e65d in dav1d_decode_tile_sbrow src/decode.c:2238:17
    #7 0x5316a0 in dav1d_tile_task src/thread_task.c:89:29
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

VideoLAN code repository instance