ref: 06331de10cae5b7813380c6204c30e7a888f0580
parent: 77bbf721e7fc6225258645ec4ef9f34b0464867f
author: Janne Grunau <[email protected]>
date: Mon Nov 26 17:51:54 EST 2018
mc/svc: adjust frame-mt wait scanline for 8-tap filter Fixes use of uninitialized values in clusterfuzz-testcase-minimized-dav1d_fuzzer_mt-5767052292259840. Credits to oss-fuzz.
--- a/src/recon_tmpl.c
+++ b/src/recon_tmpl.c
@@ -567,7 +567,7 @@
const int bottom =
((pos_y + (bh4 * v_mul - 1) * f->svc[refidx][1].step) >> 10) + 1;
- if (dav1d_thread_picture_wait(refp, bottom, PLANE_TYPE_Y + !!pl))
+ if (dav1d_thread_picture_wait(refp, bottom + 4, PLANE_TYPE_Y + !!pl))
return -1;
if (DEBUG_BLOCK_INFO)
printf("Off %dx%d [%d,%d,%d], size %dx%d [%d,%d]\n",