ref: e0a05e5e1a73d0b2b0eb78f4a9c251ffa7331bb1
parent: 33d16d816f127e2ce5a927d7d93d04a52b04a888
author: Janne Grunau <[email protected]>
date: Wed Oct 31 05:18:57 EDT 2018
fuzzing: avoid a undefined left shift for lossless coded blocks Test case: clusterfuzz-testcase-minimized-dav1d_fuzzer-5733716937146368, credits to oss-fuzz.
--- a/src/recon_tmpl.c
+++ b/src/recon_tmpl.c
@@ -265,7 +265,11 @@
const TxfmInfo *const t_dim = &dav1d_txfm_dimensions[ytx];
const int txw = t_dim->w, txh = t_dim->h;
- if (depth < 2 && tx_split[depth] & (1 << (y_off * 4 + x_off))) {
+ /* y_off can be larger than 3 since lossless blocks use TX_4X4 but can't
+ * be splitted. Aviods an undefined left shift. */
+ if (depth < 2 && tx_split[depth] &&
+ tx_split[depth] & (1 << (y_off * 4 + x_off)))
+ {
const enum RectTxfmSize sub = t_dim->sub;
const TxfmInfo *const sub_t_dim = &dav1d_txfm_dimensions[sub];
const int txsw = sub_t_dim->w, txsh = sub_t_dim->h;