ref: d253401a59bf27e9a015c23a1aaf45b36f25d8e3
parent: 4d3b6c153ba787adacabaa5e0e3b6e229b144c5a
author: Janne Grunau <[email protected]>
date: Fri Nov 9 13:13:38 EST 2018
frame-mt: do not derive_warpmv intrabc blocks Fixes an use-of-uninitialized-value in decode_b() with clusterfuzz-testcase-minimized-dav1d_fuzzer_mt-5674585370918912. Credits to oss-fuzz.
--- a/src/decode.c
+++ b/src/decode.c
@@ -727,7 +727,9 @@
#undef set_ctx
}
} else {
- if (b->comp_type == COMP_INTER_NONE && b->motion_mode == MM_WARP) {
+ if (f->frame_hdr.frame_type & 1 /* not intrabc */ &&
+ b->comp_type == COMP_INTER_NONE && b->motion_mode == MM_WARP)
+ {
uint64_t mask[2] = { 0, 0 };
find_matching_ref(t, intra_edge_flags, bw4, bh4, w4, h4,
have_left, have_top, b->ref[0], mask);