ref: 7677c12018ac859374bdd864e42cc394fab878b2
parent: 6a95aa56825af40b265363ec73a4790af9a41f28
author: Janne Grunau <janne-vlc@jannau.net>
date: Sat Dec 15 10:30:04 EST 2018
intrabc: use visible width/height in mv correction Prevents adjusting intra block copy motion vectors to values pointing out of the current tile. This happens with not entirely visible blocks in a one super block wide/high tile. Fixes an use of uninitilized value in inv_txfm_add_c() with clusterfuzz-testcase-minimized-dav1d_fuzzer_mt-5746740678885376. Credits to oss-fuzz.
--- a/src/decode.c
+++ b/src/decode.c
@@ -1264,8 +1264,8 @@
}
int src_left = t->bx * 4 + (b->mv[0].x >> 3);
int src_top = t->by * 4 + (b->mv[0].y >> 3);
- int src_right = src_left + bw4 * 4;
- int src_bottom = src_top + bh4 * 4;
+ int src_right = src_left + w4 * 4;
+ int src_bottom = src_top + h4 * 4;
// check against left or right tile boundary and adjust if necessary
if (src_left < border_left) {