Skip to content

dav1d:dav1d_fuzzer_mt - assert() fail: y < h && x < w

Reproducible with 585ac462

third_party/dav1d/dav1d_fuzzer_mt: Running 1 inputs 1 time(s) each.
Running: /tmp/fuzz-input-4f968
F0319 10:13:39.108072   18299 logging.cc:84] assert.h assertion failed at third_party/dav1d/src/ipred_prepare_tmpl.c:89 in enum IntraPredMode dav1d_prepare_intra_edges_16bpc(const int, const int, const int, const int, const int, const int, const enum EdgeFlags, const pixel *const, const ptrdiff_t, const pixel *, enum IntraPredMode, int *const, const int, const int, const int, pixel *const, const int): y < h && x < w
F0319 10:13:39.108033   18298 logging.cc:84] assert.h assertion failed at third_party/dav1d/src/ipred_prepare_tmpl.c:89 in enum IntraPredMode dav1d_prepare_intra_edges_16bpc(const int, const int, const int, const int, const int, const int, const enum EdgeFlags, const pixel *const, const ptrdiff_t, const pixel *, enum IntraPredMode, int *const, const int, const int, const int, pixel *const, const int): y < h && x < w
*** Check failure stack trace: ***
*** Check failure stack trace: ***
    @     0x557588912a07  base_logging::LogMessage::SendToLog()
    @     0x557588912a07  base_logging::LogMessage::SendToLog()
    @     0x557588913a44  base_logging::LogMessage::Flush()
    @     0x557588913a44  base_logging::LogMessage::Flush()
    @     0x55758890d6f9  base_logging::LogMessageFatal::~LogMessageFatal()
    @     0x55758890d6f9  base_logging::LogMessageFatal::~LogMessageFatal()
    @     0x55758890db28  __assert_fail
    @     0x55758890db28  __assert_fail
    @     0x55758871e406  dav1d_prepare_intra_edges_16bpc
    @     0x55758871e406  dav1d_prepare_intra_edges_16bpc
    @     0x55758876bcb9  dav1d_recon_b_intra_16bpc
    @     0x55758876bcb9  dav1d_recon_b_intra_16bpc
    @     0x5575886a642c  decode_b
    @     0x5575886a642c  decode_b
    @     0x55758868eb86  decode_sb
    @     0x55758868eb86  decode_sb
    @     0x55758868d189  dav1d_decode_tile_sbrow
    @     0x55758868d189  dav1d_decode_tile_sbrow
    @     0x5575887106f3  dav1d_tile_task
    @     0x7f4fbc1224e8  start_thread
    @     0x5575887106f3  dav1d_tile_task
    @     0x7f4fbc1224e8  start_thread
    @     0x7f4fbbf9722d  clone
AddressSanitizer:DEADLYSIGNAL
=================================================================
==18085==ERROR: AddressSanitizer: ABRT on unknown address 0xd7e9000046a5 (pc 0x7f4fbbfac602 bp 0x7f4fb5df1ec0 sp 0x7f4fb5df1d98 T2)
    @     0x7f4fbbf9722d  clone
AddressSanitizer:DEADLYSIGNAL
    #0 0x7f4fbbfac601 in __GI_raise (/usr/grte/v4/lib64/libc.so.6+0x4c601)
    #1 0x55758890d6b3 in base_logging::LogMessage::FailWithoutStackTrace() base/logging.cc:1246:3
    #2 0x557588912c1f in base_logging::LogMessage::SendToLog() base/logging.cc:1129:7
    #3 0x557588913a43 in base_logging::LogMessage::Flush() base/logging.cc:902:3
    #4 0x55758890d6f8 in base_logging::LogMessageFatal::~LogMessageFatal() base/logging.cc:1484:3
    #5 0x55758890db27 in __assert_fail base/logging.cc:84:3
    #6 0x55758871e405 in dav1d_prepare_intra_edges_16bpc third_party/dav1d/src/ipred_prepare_tmpl.c:89:5
    #7 0x55758876bcb8 in dav1d_recon_b_intra_16bpc third_party/dav1d/src/recon_tmpl.c:829:25
    #8 0x5575886a642b in decode_b third_party/dav1d/src/decode.c:1175:13
    #9 0x55758868eb85 in decode_sb third_party/dav1d/src/decode.c:2040:17
    #10 0x55758868d188 in dav1d_decode_tile_sbrow third_party/dav1d/src/decode.c:2542:13
    #11 0x5575887106f2 in dav1d_tile_task third_party/dav1d/src/thread_task.c:128:25
    #12 0x7f4fbc1224e7 in start_thread (/usr/grte/v4/lib64/libpthread.so.0+0x74e7)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: ABRT (/usr/grte/v4/lib64/libc.so.6+0x4c601) in __GI_raise
Thread T2 created by T0 here:
    #0 0x5575886564da in __interceptor_pthread_create third_party/llvm/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:209:3
    #1 0x55758870bcc3 in dav1d_open third_party/dav1d/src/lib.c:154:21
    #2 0x5575886843b5 in LLVMFuzzerTestOneInput third_party/dav1d/tests/libfuzzer/dav1d_fuzzer.c:118:11
    #3 0x557588845a1a in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) third_party/llvm/llvm/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:529:15
    #4 0x55758882a8a1 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) third_party/llvm/llvm/projects/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:286:6
    #5 0x557588831d71 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) third_party/llvm/llvm/projects/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:715:9
    #6 0x557588852452 in main third_party/llvm/llvm/projects/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10
    #7 0x7f4fbbf98bbc in __libc_start_main (/usr/grte/v4/lib64/libc.so.6+0x38bbc)
    #8 0x5575885da848 in _start /usr/grte/v4/debug-src/src/csu/../sysdeps/x86_64/start.S:108

==18085==ABORTING

fuzz-input-4f968

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

VideoLAN code repository instance