- Jan 15, 2019
-
-
James Almer authored
-
- Dec 15, 2018
-
-
../../src/dav1d/src/itx_1d.c:803:40: runtime error: signed integer overflow: -924106 * 2896 cannot be represented in type 'int' #0 0x4b9192 in inv_adst16_1d /src/dav1d/src/itx_1d.c:803:40 #1 0x4b3e5d in inv_txfm_add_c /src/dav1d/src/itx_tmpl.c:0 #2 0x4b289f in inv_txfm_add_adst_identity_16x4_c /src/dav1d/src/itx_tmpl.c:140:1 #3 0x4d6b47 in read_coef_tree /src/dav1d/src/recon_tmpl.c:353:17 #4 0x4dd7b4 in dav1d_recon_b_inter_16bpc /src/dav1d/src/recon_tmpl.c:1505:21 #5 0x44ccc7 in decode_b /src/dav1d/src/decode.c:1827:17 #6 0x43d2e9 in decode_sb /src/dav1d/src/decode.c:2072:17 #7 0x43dbd3 in decode_sb /src/dav1d/src/decode.c:2005:21 #8 0x43cd41 in decode_sb /src/dav1d/src/decode.c:2155:17 #9 0x43c041 in dav1d_decode_tile_sbrow /src/dav1d/src/decode.c:2469:13 -
../../src/dav1d/src/itx_1d.c:46:27: runtime error: signed integer overflow: 1007563 * 2896 cannot be represented in type 'int' #0 0x4b45a0 in inv_dct4_1d /src/dav1d/src/itx_1d.c:46:27 #1 0x4b4c0c in inv_dct8_1d /src/dav1d/src/itx_1d.c:63:5 #2 0x4b3cdd in inv_txfm_add_c /src/dav1d/src/itx_tmpl.c:0 #3 0x4b18df in inv_txfm_add_dct_identity_8x8_c /src/dav1d/src/itx_tmpl.c:137:1 #4 0x4d69c7 in read_coef_tree /src/dav1d/src/recon_tmpl.c:353:17 #5 0x4dd634 in dav1d_recon_b_inter_16bpc /src/dav1d/src/recon_tmpl.c:1505:21 #6 0x44cc67 in decode_b /src/dav1d/src/decode.c:1827:17 #7 0x43cdf4 in decode_sb /src/dav1d/src/decode.c:1957:17 #8 0x43dd58 in decode_sb /src/dav1d/src/decode.c:2008:21 #9 0x43daf3 in decode_sb /src/dav1d/src/decode.c:2005:21 #10 0x43dd58 in decode_sb /src/dav1d/src/decode.c:2008:21 #11 0x43d26d in decode_sb /src/dav1d/src/decode.c:1998:21 #12 0x43bf61 in dav1d_decode_tile_sbrow /src/dav1d/src/decode.c:2469:13 #13 0x440d34 in dav1d_decode_frame /src/dav1d/src/decode.c:2836:29 #14 0x444af5 in dav1d_submit_frame /src/dav1d/src/decode.c:3287:20 #15 0x4340ec in dav1d_parse_obus /src/dav1d/src/obu.c:1411:24 #16 0x43232e in dav1d_get_picture /src/dav1d/src/lib.c:327:15 #17 0x42f182 in LLVMFuzzerTestOneInput /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:129:19 -
third_party/dav1d/src/itx_1d.c:843:44: runtime error: signed integer overflow: 409458 * 5793 cannot be represented in type 'int' #0 0x55e622a461da in inv_identity16_1d third_party/dav1d/src/itx_1d.c:843:44 #1 0x55e622a4154f in inv_txfm_add_c third_party/dav1d/src/itx_tmpl.c #2 0x55e622a408ac in inv_txfm_add_identity_identity_16x16_c third_party/dav1d/src/itx_tmpl.c:142:1 #3 0x55e622a80a6a in dav1d_recon_b_intra_16bpc third_party/dav1d/src/recon_tmpl.c:890:29 #4 0x55e6229b9b9e in decode_b third_party/dav1d/src/decode.c:1162:13 #5 0x55e6229a1abb in decode_sb third_party/dav1d/src/decode.c:2072:17 #6 0x55e62299f07b in dav1d_decode_tile_sbrow third_party/dav1d/src/decode.c:2469:13 #7 0x55e6229a959c in dav1d_decode_frame third_party/dav1d/src/decode.c:2838:29 #8 0x55e6229af362 in dav1d_submit_frame third_party/dav1d/src/decode.c:3302:20 #9 0x55e6229f0a92 in dav1d_parse_obus third_party/dav1d/src/obu.c:1410:24 #10 0x55e622a19666 in dav1d_get_picture third_party/dav1d/src/lib.c:347:15 #11 0x55e622989759 in LLVMFuzzerTestOneInput third_party/dav1d/tests/libfuzzer/dav1d_fuzzer.c:156:19
-
- Dec 12, 2018
-
-
- Dec 10, 2018
-
-
Janne Grunau authored
==1==ERROR: LeakSanitizer: detected memory leaks Direct leak of 40 byte(s) in 1 object(s) allocated from: #0 0x4eb5ff in malloc _asan_rtl_ #1 0x52eb17 in dav1d_ref_wrap /src/dav1d/src/ref.c:58:21 #2 0x52e96c in dav1d_ref_create /src/dav1d/src/ref.c:46:11 #3 0x592299 in dav1d_cdf_thread_alloc /src/dav1d/src/cdf.c:4182:16 #4 0x5511af in dav1d_submit_frame /src/dav1d/src/decode.c:3114:15 #5 0x534fb0 in dav1d_parse_obus /src/dav1d/src/obu.c:1410:24 #6 0x532017 in dav1d_get_picture /src/dav1d/src/lib.c:347:15 #7 0x52bffb in LLVMFuzzerTestOneInput /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:129:19 #8 0x6808b5 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15 #9 0x6560dd in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6 #10 0x661926 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9 #11 0x65575c in main /src/libfuzzer/FuzzerMain.cpp:20:10 #12 0x7f185d17982f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291 Indirect leak of 20824 byte(s) in 1 object(s) allocated from: #0 0x4ec488 in __interceptor_posix_memalign _asan_rtl_ #1 0x52ea4d in dav1d_alloc_aligned /src/dav1d/include/common/mem.h:46:9 #2 0x52e952 in dav1d_ref_create /src/dav1d/src/ref.c:41:18 #3 0x592299 in dav1d_cdf_thread_alloc /src/dav1d/src/cdf.c:4182:16 #4 0x5511af in dav1d_submit_frame /src/dav1d/src/decode.c:3114:15 #5 0x534fb0 in dav1d_parse_obus /src/dav1d/src/obu.c:1410:24 #6 0x532017 in dav1d_get_picture /src/dav1d/src/lib.c:347:15 #7 0x52bffb in LLVMFuzzerTestOneInput /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:129:19 #8 0x6808b5 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15 #9 0x6560dd in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6 #10 0x661926 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9 #11 0x65575c in main /src/libfuzzer/FuzzerMain.cpp:20:10 #12 0x7f185d17982f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291 SUMMARY: AddressSanitizer: 20864 byte(s) leaked in 2 allocation(s).
-
- Dec 06, 2018
-
-
Janne Grunau authored
Use a list of name, file, md5 as test definition and loop over it to instantiate tests.
-
Janne Grunau authored
==1==ERROR: LeakSanitizer: detected memory leaks Direct leak of 40 byte(s) in 1 object(s) allocated from: #0 0x4eb5ff in malloc _asan_rtl_ #1 0x52eb07 in dav1d_ref_wrap /src/dav1d/src/ref.c:58:21 #2 0x52e95c in dav1d_ref_create /src/dav1d/src/ref.c:46:11 #3 0x534297 in dav1d_parse_obus /src/dav1d/src/obu.c:1232:25 #4 0x531d13 in dav1d_get_picture /src/dav1d/src/lib.c:318:20 #5 0x52bffb in LLVMFuzzerTestOneInput /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:129:19 #6 0x67e3b5 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15 #7 0x653bdd in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6 #8 0x65f426 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9 #9 0x65325c in main /src/libfuzzer/FuzzerMain.cpp:20:10 #10 0x7fc6ffcc382f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291 Direct leak of 40 byte(s) in 1 object(s) allocated from: #0 0x4eb5ff in malloc _asan_rtl_ #1 0x52eb07 in dav1d_ref_wrap /src/dav1d/src/ref.c:58:21 #2 0x52cf83 in picture_alloc_with_edges /src/dav1d/src/picture.c:134:20 #3 0x52cc04 in dav1d_thread_picture_alloc /src/dav1d/src/picture.c:155:9 #4 0x550f03 in dav1d_submit_frame /src/dav1d/src/decode.c:3120:11 #5 0x534b29 in dav1d_parse_obus /src/dav1d/src/obu.c:1411:24 #6 0x531d13 in dav1d_get_picture /src/dav1d/src/lib.c:318:20 #7 0x52bffb in LLVMFuzzerTestOneInput /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:129:19 #8 0x67e3b5 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15 #9 0x653bdd in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6 #10 0x65f426 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9 #11 0x65325c in main /src/libfuzzer/FuzzerMain.cpp:20:10 #12 0x7fc6ffcc382f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291 Direct leak of 40 byte(s) in 1 object(s) allocated from: #0 0x4eb5ff in malloc _asan_rtl_ #1 0x52eb07 in dav1d_ref_wrap /src/dav1d/src/ref.c:58:21 #2 0x52e95c in dav1d_ref_create /src/dav1d/src/ref.c:46:11 #3 0x535434 in dav1d_parse_obus /src/dav1d/src/obu.c:1271:32 #4 0x531d13 in dav1d_get_picture /src/dav1d/src/lib.c:318:20 #5 0x52bffb in LLVMFuzzerTestOneInput /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:129:19 #6 0x67e3b5 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15 #7 0x653bdd in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6 #8 0x65f426 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9 #9 0x65325c in main /src/libfuzzer/FuzzerMain.cpp:20:10 #10 0x7fc6ffcc382f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291 Indirect leak of 933888 byte(s) in 1 object(s) allocated from: #0 0x4ec488 in __interceptor_posix_memalign _asan_rtl_ #1 0x52c9fd in dav1d_alloc_aligned /src/dav1d/include/common/mem.h:46:9 #2 0x52c753 in default_picture_allocator /src/dav1d/src/picture.c:60:21 #3 0x52c44d in fuzz_picture_allocator /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:52:12 #4 0x52cf28 in picture_alloc_with_edges /src/dav1d/src/picture.c:125:15 #5 0x52cc04 in dav1d_thread_picture_alloc /src/dav1d/src/picture.c:155:9 #6 0x550f03 in dav1d_submit_frame /src/dav1d/src/decode.c:3120:11 #7 0x534b29 in dav1d_parse_obus /src/dav1d/src/obu.c:1411:24 #8 0x531d13 in dav1d_get_picture /src/dav1d/src/lib.c:318:20 #9 0x52bffb in LLVMFuzzerTestOneInput /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:129:19 #10 0x67e3b5 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15 #11 0x653bdd in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6 #12 0x65f426 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9 #13 0x65325c in main /src/libfuzzer/FuzzerMain.cpp:20:10 #14 0x7fc6ffcc382f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291 Indirect leak of 1664 byte(s) in 1 object(s) allocated from: #0 0x4ec488 in __interceptor_posix_memalign _asan_rtl_ #1 0x52ea3d in dav1d_alloc_aligned /src/dav1d/include/common/mem.h:46:9 #2 0x52e942 in dav1d_ref_create /src/dav1d/src/ref.c:41:18 #3 0x535434 in dav1d_parse_obus /src/dav1d/src/obu.c:1271:32 #4 0x531d13 in dav1d_get_picture /src/dav1d/src/lib.c:318:20 #5 0x52bffb in LLVMFuzzerTestOneInput /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:129:19 #6 0x67e3b5 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15 #7 0x653bdd in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6 #8 0x65f426 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9 #9 0x65325c in main /src/libfuzzer/FuzzerMain.cpp:20:10 #10 0x7fc6ffcc382f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291 Indirect leak of 1484 byte(s) in 1 object(s) allocated from: #0 0x4ec488 in __interceptor_posix_memalign _asan_rtl_ #1 0x52ea3d in dav1d_alloc_aligned /src/dav1d/include/common/mem.h:46:9 #2 0x52e942 in dav1d_ref_create /src/dav1d/src/ref.c:41:18 #3 0x534297 in dav1d_parse_obus /src/dav1d/src/obu.c:1232:25 #4 0x531d13 in dav1d_get_picture /src/dav1d/src/lib.c:318:20 #5 0x52bffb in LLVMFuzzerTestOneInput /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:129:19 #6 0x67e3b5 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15 #7 0x653bdd in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6 #8 0x65f426 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9 #9 0x65325c in main /src/libfuzzer/FuzzerMain.cpp:20:10 #10 0x7fc6ffcc382f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291 Indirect leak of 176 byte(s) in 1 object(s) allocated from: #0 0x4eb5ff in malloc _asan_rtl_ #1 0x52cde9 in picture_alloc_with_edges /src/dav1d/src/picture.c:113:39 #2 0x52cc04 in dav1d_thread_picture_alloc /src/dav1d/src/picture.c:155:9 #3 0x550f03 in dav1d_submit_frame /src/dav1d/src/decode.c:3120:11 #4 0x534b29 in dav1d_parse_obus /src/dav1d/src/obu.c:1411:24 #5 0x531d13 in dav1d_get_picture /src/dav1d/src/lib.c:318:20 #6 0x52bffb in LLVMFuzzerTestOneInput /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:129:19 #7 0x67e3b5 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15 #8 0x653bdd in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6 #9 0x65f426 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9 #10 0x65325c in main /src/libfuzzer/FuzzerMain.cpp:20:10 #11 0x7fc6ffcc382f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291 SUMMARY: AddressSanitizer: 937332 byte(s) leaked in 7 allocation(s). -
Janne Grunau authored
Input validation check 'dst->data[0] == ((void*)0)' failed in dav1d_picture_ref! AddressSanitizer:DEADLYSIGNAL ================================================================= ==1==ERROR: AddressSanitizer: ABRT on unknown address 0x000000000001 (pc 0x7f20ab9d3428 bp 0x7fff7836d6d0 sp 0x7fff7836d588 T0) SCARINESS: 10 (signal) #0 0x7f20ab9d3427 in gsignal /build/glibc-Cl5G7W/glibc-2.23/sysdeps/unix/sysv/linux/raise.c:54 #1 0x7f20ab9d5029 in abort /build/glibc-Cl5G7W/glibc-2.23/stdlib/abort.c:89 #2 0x52d6f5 in dav1d_picture_ref /src/dav1d/src/picture.c:0 #3 0x53217c in dav1d_get_picture /src/dav1d/src/lib.c:308:21 #4 0x52c232 in LLVMFuzzerTestOneInput /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:143:15 #5 0x67e3b5 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15 #6 0x653bdd in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6 #7 0x65f426 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9 #8 0x65325c in main /src/libfuzzer/FuzzerMain.cpp:20:10 #9 0x7f20ab9be82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291 #10 0x41c8a8 in _start -
Thread 1 "dav1d_fuzzer" received signal SIGSEGV, Segmentation fault. 0x00007ffff7701877 in apply_to_row_y (out=0x7fffffffb230, in=0x62f000004470, grain_lut=0x7fffffff1140, scaling=0x7fffffff9e90 "", row_num=0) at ../src/film_grain_tmpl.c:282 282 add_noise_y(x, y, grain); (gdb) bt grain_lut=0x7fffffff1140, scaling=0x7fffffff9e90 "", row_num=0) at ../src/film_grain_tmpl.c:282 at ../src/film_grain_tmpl.c:500 at ../src/lib.c:267 at ../tests/libfuzzer/dav1d_fuzzer.c:129 at /var/tmp/portage/sys-libs/compiler-rt-sanitizers-7.0.0/work/compiler-rt-7.0.0.src/lib/fuzzer/Fuzz erLoop.cpp:576 at /var/tmp/portage/sys-libs/compiler-rt-sanitizers-7.0.0/work/compiler-rt-7.0.0.src/lib/fuzzer/Fuzz erDriver.cpp:280 at /var/tmp/portage/sys-libs/compiler-rt-sanitizers-7.0.0/work/compiler-rt-7.0.0.src/lib/fuzzer/Fuzz erDriver.cpp:714 at /var/tmp/portage/sys-libs/compiler-rt-sanitizers-7.0.0/work/compiler-rt-7.0.0.src/lib/fuzzer/Fuzz erMain.cpp:20 -
-
==1==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x5e6d97 in apply_to_row_y /src/dav1d/src/film_grain_tmpl.c:273:17 #1 0x5e1d34 in dav1d_apply_grain_8bpc /src/dav1d/src/film_grain_tmpl.c:482:13 #2 0x4ab9fa in output_image /src/dav1d/src/lib.c:262:9 #3 0x4ab0aa in dav1d_get_picture /src/dav1d/src/lib.c:0 #4 0x4a00de in LLVMFuzzerTestOneInput /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:129:19 #5 0x6de50b in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15 #6 0x6964b6 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6 #7 0x6a72da in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9 #8 0x6955e1 in main /src/libfuzzer/FuzzerMain.cpp:20:10 #9 0x7f48fde2482f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291 -
==19129==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x7ffff76c7c44 in imax include/common/intops.h:36:12 #1 0x7ffff76c0cb7 in selfguided_filter src/looprestoration_tmpl.c:444:32 #2 0x7ffff76bdb5f in selfguided_c src/looprestoration_tmpl.c:558:9 #3 0x7ffff76baae2 in lr_stripe src/lr_apply_tmpl.c:184:13 #4 0x7ffff76b8f8b in lr_sbrow src/lr_apply_tmpl.c:261:13 #5 0x7ffff76b6d22 in dav1d_lr_sbrow_16bpc src/lr_apply_tmpl.c:283:9 #6 0x7ffff770fee3 in dav1d_filter_sbrow_16bpc src/recon_tmpl.c:1622:9 #7 0x7ffff7411ab0 in dav1d_decode_frame src/decode.c:2841:25 #8 0x7ffff7422fd3 in dav1d_submit_frame src/decode.c:3282:20 #9 0x7ffff73ca2c0 in dav1d_parse_obus src/obu.c:1407:24 #10 0x7ffff7735690 in dav1d_get_picture src/lib.c:318:20 #11 0x4c7558 in LLVMFuzzerTestOneInput tests/libfuzzer/dav1d_fuzzer.c:129:19 #12 0x42e182 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /var/tmp/portage/sys-libs/compiler-rt-sanitizers-7.0.0/work/compiler-rt-7.0.0.src/lib/fuzzer/FuzzerLoop.cpp:576:15 #13 0x41fccd in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /var/tmp/portage/sys-libs/compiler-rt-sanitizers-7.0.0/work/compiler-rt-7.0.0.src/lib/fuzzer/FuzzerDriver.cpp:280:6 #14 0x4248a2 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /var/tmp/portage/sys-libs/compiler-rt-sanitizers-7.0.0/work/compiler-rt-7.0.0.src/lib/fuzzer/FuzzerDriver.cpp:714:9 #15 0x44d762 in main /var/tmp/portage/sys-libs/compiler-rt-sanitizers-7.0.0/work/compiler-rt-7.0.0.src/lib/fuzzer/FuzzerMain.cpp:20:10 #16 0x7ffff6423e76 in __libc_start_main (/lib64/libc.so.6+0x21e76)
-
- Dec 05, 2018
-
-
- Dec 04, 2018
-
-
dav1d_fuzzer_mt: ../../src/dav1d/src/ipred_prepare_tmpl.c:88: enum IntraPredMode dav1d_prepare_intra_edges_16bpc(const int, const int, const int, const int, const int, const int, const enum EdgeFlags, const pixel *const, const ptrdiff_t, const pixel *, enum IntraPredMode, int *const, const int, const int, pixel *const): Assertion `y < h && x < w' failed. AddressSanitizer:DEADLYSIGNAL ================================================================= ==1==ERROR: AddressSanitizer: ABRT on unknown address 0x000000000001 (pc 0x7ff09c0a9428 bp 0x000000795ea0 sp 0x7ff096776248 T3) SCARINESS: 10 (signal) dav1d_fuzzer_mt: ../../src/dav1d/src/ipred_prepare_tmpl.c:88: enum IntraPredMode dav1d_prepare_intra_edges_16bpc(const int, const int, const int, const int, const int, const int, const enum EdgeFlags, const pixel *const, const ptrdiff_t, const pixel *, enum IntraPredMode, int *const, const int, const int, pixel *const): Assertion `y < h && x < w' failed. AddressSanitizer:DEADLYSIGNAL #0 0x7ff09c0a9427 in gsignal /build/glibc-Cl5G7W/glibc-2.23/sysdeps/unix/sysv/linux/raise.c:54 #1 0x7ff09c0ab029 in abort /build/glibc-Cl5G7W/glibc-2.23/stdlib/abort.c:89 #2 0x7ff09c0a1bd6 in __assert_fail_base /build/glibc-Cl5G7W/glibc-2.23/assert/assert.c:92 #3 0x7ff09c0a1c81 in __assert_fail /build/glibc-Cl5G7W/glibc-2.23/assert/assert.c:101 #4 0x64b1a3 in dav1d_prepare_intra_edges_16bpc /src/dav1d/src/ipred_prepare_tmpl.c:88:5 #5 0x626c87 in dav1d_recon_b_intra_16bpc /src/dav1d/src/recon_tmpl.c:820:25 #6 0x559de4 in decode_b /src/dav1d/src/decode.c:1162:13 #7 0x544f5c in decode_sb /src/dav1d/src/decode.c:1957:17 #8 0x5439eb in dav1d_decode_tile_sbrow /src/dav1d/src/decode.c:2469:13 #9 0x5339c6 in dav1d_tile_task /src/dav1d/src/thread_task.c:125:25 #10 0x7ff09cd706b9 in start_thread -
==1==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x00000000001c (pc 0x7f0f94103ec2 bp 0x7fff324b9e10 sp 0x7fff324b9d18 T1) ==1==The signal is caused by a READ memory access. ==1==Hint: address points to the zero page. #0 0x7f0f94103ec1 in memcpy-avx-unaligned.S:50 /build/glibc-Cl5G7W/glibc-2.23/sysdeps/x86_64/multiarch/memcpy-avx-unaligned.S:50 #1 0x439e62 in parse_frame_hdr /src/dav1d/src/obu.c:1044:78 #2 0x4341b3 in dav1d_parse_obus /src/dav1d/src/obu.c:1274:20 #3 0x4322ae in dav1d_get_picture /src/dav1d/src/lib.c:317:20 #4 0x42f182 in LLVMFuzzerTestOneInput /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:129:19 #5 0x503ef8 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15 #6 0x4f4512 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6 #7 0x4f818b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9 #8 0x4f4298 in main /src/libfuzzer/FuzzerMain.cpp:20:10 #9 0x7f0f93fd682f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291 #10 0x405cd8 in _start
-
- Nov 28, 2018
-
-
Janne Grunau authored
-
==1==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x5a2c04 in iclip /src/dav1d/include/common/intops.h:44:28 #1 0x5a3ee1 in put_8tap_scaled_c /src/dav1d/src/mc_tmpl.c:0 #2 0x597b07 in put_8tap_smooth_scaled_c /src/dav1d/src/mc_tmpl.c:330:1 #3 0x5d71c7 in mc /src/dav1d/src/recon_tmpl.c:593:13 #4 0x5cf67d in dav1d_recon_b_inter_8bpc /src/dav1d/src/recon_tmpl.c:1299:27 #5 0x501f0f in decode_b /src/dav1d/src/decode.c:1827:17 #6 0x4ccced in decode_sb /src/dav1d/src/decode.c:1961:17 #7 0x4cd802 in decode_sb /src/dav1d/src/decode.c:2005:21 #8 0x4cd802 in decode_sb /src/dav1d/src/decode.c:2005:21 #9 0x4cd802 in decode_sb /src/dav1d/src/decode.c:2005:21 #10 0x4c9833 in dav1d_decode_tile_sbrow /src/dav1d/src/decode.c:2469:13 #11 0x4ad905 in dav1d_tile_task /src/dav1d/src/thread_task.c:125:25 #12 0x49f1ae in __msan::MsanThread::ThreadStart() /src/llvm/projects/compiler-rt/lib/msan/msan_thread.cc:77 -
==1==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x000000000010 (pc 0x00000043665f bp 0x7fff587b6710 sp 0x7fff587b6640 T1) ==1==The signal is caused by a READ memory access. ==1==Hint: address points to the zero page. #0 0x43665e in parse_frame_hdr /src/dav1d/src/obu.c:464:49 #1 0x434120 in dav1d_parse_obus /src/dav1d/src/obu.c:1271:20 #2 0x43222e in dav1d_get_picture /src/dav1d/src/lib.c:317:20 #3 0x42f167 in LLVMFuzzerTestOneInput /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:117:19 #4 0x503eb8 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15 #5 0x4f44d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6 #6 0x4f814b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9 #7 0x4f4258 in main /src/libfuzzer/FuzzerMain.cpp:20:10 #8 0x7fa36446682f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291 #9 0x405cd8 in _start -
==1==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x6722a4 in iclip /src/dav1d/include/common/intops.h:44:12 #1 0x6694f0 in generate_grain_y /src/dav1d/src/film_grain_tmpl.c:105:25 #2 0x667d8c in dav1d_apply_grain_10bpc /src/dav1d/src/film_grain_tmpl.c:486:5 #3 0x4ab6b8 in output_image /src/dav1d/src/lib.c:266:9 #4 0x4aacda in dav1d_get_picture /src/dav1d/src/lib.c:0 #5 0x4a0259 in LLVMFuzzerTestOneInput /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:131:15 #6 0x6ddf1b in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15 #7 0x695ec6 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6 #8 0x6a6cea in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9 #9 0x694ff1 in main /src/libfuzzer/FuzzerMain.cpp:20:10 #10 0x7f0de309882f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291 #11 0x41e8e8 in _start Uninitialized value was created by a heap allocation #0 0x46bd54 in __interceptor_posix_memalign /src/llvm/projects/compiler-rt/lib/msan/msan_interceptors.cc:170 #1 0x4a5019 in dav1d_alloc_aligned /src/dav1d/include/common/mem.h:46:9 #2 0x4a4e69 in dav1d_ref_create /src/dav1d/src/ref.c:41:18 #3 0x4b00c9 in dav1d_parse_obus /src/dav1d/src/obu.c:1265:32 #4 0x4aa30f in dav1d_get_picture /src/dav1d/src/lib.c:317:20 #5 0x49ffda in LLVMFuzzerTestOneInput /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:117:19 #6 0x6ddf1b in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15 #7 0x695ec6 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6 #8 0x6a6cea in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9 #9 0x694ff1 in main /src/libfuzzer/FuzzerMain.cpp:20:10 #10 0x7f0de309882f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291 -
dav1d_fuzzer_mt: ../../src/dav1d/src/msac.c:79: unsigned int msac_decode_symbol(MsacContext *const, const uint16_t *const, const unsigned int): Assertion `!cdf[n_symbols - 1]' failed. UndefinedBehaviorSanitizer:DEADLYSIGNAL ==1==ERROR: UndefinedBehaviorSanitizer: ABRT on unknown address 0x000000000001 (pc 0x7f797c702428 bp 0x0000005b05eb sp 0x7f797a247a88 T12) #0 0x7f797c702427 in gsignal /build/glibc-Cl5G7W/glibc-2.23/sysdeps/unix/sysv/linux/raise.c:54 #1 0x7f797c704029 in abort /build/glibc-Cl5G7W/glibc-2.23/stdlib/abort.c:89 #2 0x7f797c6fabd6 in __assert_fail_base /build/glibc-Cl5G7W/glibc-2.23/assert/assert.c:92 #3 0x7f797c6fac81 in __assert_fail /build/glibc-Cl5G7W/glibc-2.23/assert/assert.c:101 #4 0x45f047 in msac_decode_symbol /src/dav1d/src/msac.c:79:5 #5 0x45fadd in msac_decode_symbol_adapt /src/dav1d/src/msac.c:159:26 #6 0x43c3ce in decode_sb /src/dav1d/src/decode.c:1940:18 #7 0x43b664 in dav1d_decode_tile_sbrow /src/dav1d/src/decode.c:2464:13 #8 0x432d6e in dav1d_tile_task /src/dav1d/src/thread_task.c:89:29 #9 0x7f797d3c96b9 in start_thread -
==1==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x59bbd4 in iclip /src/dav1d/include/common/intops.h:44:28 #1 0x599267 in resize_c /src/dav1d/src/mc_tmpl.c:794:22 #2 0x6797e1 in backup_lpf /src/dav1d/src/lr_apply_tmpl.c:77:13 #3 0x6787aa in dav1d_lr_copy_lpf_8bpc /src/dav1d/src/lr_apply_tmpl.c:115:9 #4 0x5d4247 in dav1d_filter_sbrow_8bpc /src/dav1d/src/recon_tmpl.c:1584:9 #5 0x4d579e in dav1d_decode_frame /src/dav1d/src/decode.c:2830:25 #6 0x4de348 in dav1d_submit_frame /src/dav1d/src/decode.c:3271:20 #7 0x4adb6e in dav1d_parse_obus /src/dav1d/src/obu.c:1314:20 #8 0x4a7c1a in dav1d_get_picture /src/dav1d/src/lib.c:271:20 #9 0x49ffcc in LLVMFuzzerTestOneInput /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:117:19 #10 0x6d646b in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15 #11 0x68e416 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6 #12 0x69f23a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9 #13 0x68d541 in main /src/libfuzzer/FuzzerMain.cpp:20:10 #14 0x7f79941b682f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291 #15 0x41e8e8 in _start
-
- Nov 26, 2018
-
-
Janne Grunau authored
-
Janne Grunau authored
Use with `meson test --setup=sanitizer`, multiplies the timeouts by 3.
-
-
- Nov 24, 2018
-
-
Discovered by apply_to_row_y(). ==1==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffc5e8ea0a1 (pc 0x0000004e362c bp 0x7ffc5e8daef0 sp 0x7ffc5e8dadc0 T1) #0 0x4e362b in apply_to_row_y /src/dav1d/src/film_grain_tmpl.c:283:17 #1 0x4e1d0a in dav1d_apply_grain_10bpc /src/dav1d/src/film_grain_tmpl.c:504:13 #2 0x431a14 in output_image /src/dav1d/src/lib.c:199:9 #3 0x431864 in dav1d_get_picture /src/dav1d/src/lib.c:0 #4 0x42f252 in LLVMFuzzerTestOneInput /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:131:15 #5 0x502a88 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15 #6 0x501e55 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:480:3 #7 0x5044a7 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:783:7 #8 0x504845 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:806:3 #9 0x4f6f3e in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:764:6 #10 0x4f2e28 in main /src/libfuzzer/FuzzerMain.cpp:20:10 #11 0x7f2438c2c82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291 #12 0x405cd8 in _start SUMMARY: UndefinedBehaviorSanitizer: stack-overflow (/mnt/scratch0/clusterfuzz/slave-bot/builds/clusterfuzz-builds_dav1d_1dba850c6be01aadc39811634b000cc38db48773/revisions/dav1d_fuzzer_mt+0x4e362b) -
==1==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x5e2f34 in iclip /src/dav1d/include/common/intops.h:44:12 #1 0x5e027e in apply_to_row_uv /src/dav1d/src/film_grain_tmpl.c:431:17 #2 0x5d9647 in dav1d_apply_grain_8bpc /src/dav1d/src/film_grain_tmpl.c:507:13 #3 0x4a89e3 in output_image /src/dav1d/src/lib.c:197:9 #4 0x4a8345 in dav1d_get_picture /src/dav1d/src/lib.c:0 #5 0x49ffa7 in LLVMFuzzerTestOneInput /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:117:19 #6 0x6d552b in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15 #7 0x68d4d6 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6 #8 0x69e2fa in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9 #9 0x68c601 in main /src/libfuzzer/FuzzerMain.cpp:20:10 #10 0x7f5e5cd2082f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291 #11 0x41e8e8 in _start Uninitialized value was created by a heap allocation #0 0x46bd54 in __interceptor_posix_memalign /src/llvm/projects/compiler-rt/lib/msan/msan_interceptors.cc:170 #1 0x4a1119 in dav1d_alloc_aligned /src/dav1d/include/common/mem.h:46:9 #2 0x4a0ba8 in default_picture_allocator /src/dav1d/src/picture.c:59:21 #3 0x4a0623 in fuzz_picture_allocator /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:52:12 #4 0x4a1a57 in picture_alloc_with_edges /src/dav1d/src/picture.c:130:15 #5 0x4a14df in dav1d_thread_picture_alloc /src/dav1d/src/picture.c:162:9 #6 0x4db033 in dav1d_submit_frame /src/dav1d/src/decode.c:3098:11 #7 0x4ad743 in dav1d_parse_obus /src/dav1d/src/obu.c:1292:20 #8 0x4a7994 in dav1d_get_picture /src/dav1d/src/lib.c:251:20 #9 0x49ffa7 in LLVMFuzzerTestOneInput /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:117:19 #10 0x6d552b in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15 #11 0x68d4d6 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6 #12 0x69e2fa in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9 #13 0x68c601 in main /src/libfuzzer/FuzzerMain.cpp:20:10 #14 0x7f5e5cd2082f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291 SUMMARY: MemorySanitizer: use-of-uninitialized-value (/mnt/scratch0/clusterfuzz/slave-bot/builds/clusterfuzz-builds_dav1d_3cefbaa25c2c6bbdc887bbe62141145645bd0466/revisions/dav1d_fuzzer+0x5e2f34)
-
- Nov 23, 2018
-
-
Janne Grunau authored
-
Janne Grunau authored
-
- Nov 22, 2018
-
-
Janne Grunau authored
-
Janne Grunau authored
-
Janne Grunau authored
-
Janne Grunau authored
-
Janne Grunau authored
-
- Nov 21, 2018
-
-
Janne Grunau authored
-
-
Janne Grunau authored
Adds option for the aomdec path (useful for using the av1-normative branch), the output bit depth and the test suite name.
-
- Nov 20, 2018
-
-
Janne Grunau authored
-
Janne Grunau authored
==1==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61900000056a at pc 0x00000054ba74 bp 0x7ffe7d7347d0 sp 0x7ffe7d7347c8 WRITE of size 2 at 0x61900000056a thread T0 SCARINESS: 43 (2-byte-write-heap-buffer-overflow-far-from-bounds) #0 0x54ba73 in setup_tile /src/dav1d/src/decode.c:2258:36 #1 0x547bce in dav1d_decode_frame /src/dav1d/src/decode.c:2772:13 #2 0x54e4a2 in dav1d_submit_frame /src/dav1d/src/decode.c:3275:20 #3 0x533012 in dav1d_parse_obus /src/dav1d/src/obu.c:1296:20 #4 0x52fd80 in dav1d_get_picture /src/dav1d/src/lib.c:250:20 #5 0x52bc30 in LLVMFuzzerTestOneInput /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:107:19 #6 0x6428da in ExecuteFilesOnyByOne(int, char**) /src/libfuzzer/afl/afl_driver.cpp:301:5 #7 0x642e3e in main /src/libfuzzer/afl/afl_driver.cpp:339:12 #8 0x7f8b301cb82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291 #9 0x41c588 in _start Address 0x61900000056a is a wild pointer. SUMMARY: AddressSanitizer: heap-buffer-overflow (/mnt/scratch0/clusterfuzz/slave-bot/builds/clusterfuzz-builds-afl_dav1d_14dece08e8908088de8b5a0461ecc512e82f4c5d/revisions/dav1d_fuzzer+0x54ba73) Shadow bytes around the buggy address: 0x0c327fff8050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c327fff8060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c327fff8070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c327fff8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c327fff8090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c327fff80a0: fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]fa fa 0x0c327fff80b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c327fff80c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c327fff80d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c327fff80e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c327fff80f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right red -
Janne Grunau authored
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../src/dav1d/src/film_grain_tmpl.c:431:17 in ../../src/dav1d/src/film_grain_tmpl.c:431:17: runtime error: left shift of negative value -128 #0 0x4a504c in apply_to_row_uv /src/dav1d/src/film_grain_tmpl.c:431:17 #1 0x4a1209 in dav1d_apply_grain_8bpc /src/dav1d/src/film_grain_tmpl.c:511:17 #2 0x4319c5 in output_image /src/dav1d/src/lib.c:196:9 #3 0x431609 in dav1d_get_picture /src/dav1d/src/lib.c:264:16 #4 0x42f126 in LLVMFuzzerTestOneInput /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:107:19 #5 0x4fc7e8 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15 #6 0x4ece02 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6 #7 0x4f0a7b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9 #8 0x4ecb88 in main /src/libfuzzer/FuzzerMain.cpp:20:10 #9 0x7f982d12482f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291 #10 0x405cd8 in _start
-
