ref: 8bef2dc2c7fc86f1763a494a26aaf2c97eca6f9f
parent: f1d6eb934aa11bfb3c0093ab3920c09a0b19bc10
author: Janne Grunau <[email protected]>
date: Sat Nov 17 05:17:15 EST 2018
set chroma width/height correctly for 422/444 in dav1d_read_coef_blocks Fixes unaligned writes while splatting coefs for skip blocks with clusterfuzz-testcase-minimized-dav1d_fuzzer_mt-5684725352497152 and clusterfuzz-testcase-minimized-dav1d_fuzzer_mt-5728508249112576.
--- a/src/recon_tmpl.c
+++ b/src/recon_tmpl.c
@@ -367,7 +367,7 @@
const int cbx4 = bx4 >> ss_hor, cby4 = by4 >> ss_ver;
const uint8_t *const b_dim = dav1d_block_dimensions[bs];
const int bw4 = b_dim[0], bh4 = b_dim[1];
- const int cbw4 = (bw4 + 1) >> ss_hor, cbh4 = (bh4 + 1) >> ss_ver;
+ const int cbw4 = (bw4 + ss_hor) >> ss_hor, cbh4 = (bh4 + ss_ver) >> ss_ver;
const int has_chroma = f->seq_hdr.layout != DAV1D_PIXEL_LAYOUT_I400 &&
(bw4 > ss_hor || t->bx & 1) &&
(bh4 > ss_ver || t->by & 1);