Prevent timeouts such as this one in CI:

553/878 dav1d:testdata-8 / autostitch-480p-240p-160p  TIMEOUT 30.02 s

See dav1d#297.

Reported in dav1d#295

See dav1d#294.

Janne Grunau authored 5 years ago and Jean-Baptiste Kempf committed 5 years ago

Use the wrapping capabilities of meson test.
`meson test --wrap ../tests/dav1d-test-data/wrap_mt.sh` will append
the values of the environment variables FRAMETHREADS and TILETHREADS
as '--framethreads' and '--tilethreads' command line parameters.
If the varables are not set it will default to 2 frame and tile threads.

Reported in dav1d#288

 ../../src/dav1d/src/recon_tmpl.c:786:54: runtime error: signed integer overflow: 65524 * 65348 cannot be represented in type 'int'
    #0 0x58cd72 in warp_affine /src/dav1d/src/recon_tmpl.c:786:54
    #1 0x5877c1 in dav1d_recon_b_inter_16bpc /src/dav1d/src/recon_tmpl.c:1271:19
    #2 0x4e24f4 in decode_b /src/dav1d/src/decode.c:1859:17
    #3 0x4d20b8 in decode_sb /src/dav1d/src/decode.c:2248:17
    #4 0x4d136d in dav1d_decode_tile_sbrow /src/dav1d/src/decode.c:2557:13
    #5 0x4cd2f7 in dav1d_tile_task /src/dav1d/src/thread_task.c:95:29
    #6 0x7ff0337736b9 in start_thread
    #7 0x7ff032b7e41c in clone /build/glibc-LK5gWL/glibc-2.23/sysdeps/unix/sysv/linux/x86_64/clone.S:109

AddressSanitizer:DEADLYSIGNAL
=================================================================
==18085==ERROR: AddressSanitizer: ABRT on unknown address 0xd7e9000046a5 (pc 0x7f4fbbfac602 bp 0x7f4fb5df1ec0 sp 0x7f4fb5df1d98 T2)
    @     0x7f4fbbf9722d  clone
AddressSanitizer:DEADLYSIGNAL
    #0 0x7f4fbbfac601 in __GI_raise (/usr/grte/v4/lib64/libc.so.6+0x4c601)
    #1 0x55758890d6b3 in base_logging::LogMessage::FailWithoutStackTrace() base/logging.cc:1246:3
    #2 0x557588912c1f in base_logging::LogMessage::SendToLog() base/logging.cc:1129:7
    #3 0x557588913a43 in base_logging::LogMessage::Flush() base/logging.cc:902:3
    #4 0x55758890d6f8 in base_logging::LogMessageFatal::~LogMessageFatal() base/logging.cc:1484:3
    #5 0x55758890db27 in __assert_fail base/logging.cc:84:3
    #6 0x55758871e405 in dav1d_prepare_intra_edges_16bpc third_party/dav1d/src/ipred_prepare_tmpl.c:89:5
    #7 0x55758876bcb8 in dav1d_recon_b_intra_16bpc third_party/dav1d/src/recon_tmpl.c:829:25
    #8 0x5575886a642b in decode_b third_party/dav1d/src/decode.c:1175:13
    #9 0x55758868eb85 in decode_sb third_party/dav1d/src/decode.c:2040:17
    #10 0x55758868d188 in dav1d_decode_tile_sbrow third_party/dav1d/src/decode.c:2542:13
    #11 0x5575887106f2 in dav1d_tile_task third_party/dav1d/src/thread_task.c:128:25
    #12 0x7f4fbc1224e7 in start_thread (/usr/grte/v4/lib64/libpthread.so.0+0x74e7)

This testcase was generated with a modified aomenc to insert sequence
headers before every frame and writing random data into the
encoder_buffer_delay bitsream field. See dav1d!593

Add testcase for #248.

A new sequence starts in the middle of these, unlike samples where the
frame_size_override_flag field is used to signal size changes in a per
frame basis.
The samples were remuxed into ivf from the original Mastroska container
in the libaom suite so they may be decodable with the dav1d CLI.

Tested to be bitexact with the output of aomdec.

==1==ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0x7fcdfe228a00,0x7fcdfe228b00) and [0x7fcdfe228902, 0x7fcdfe228a02) overlap
SCARINESS: 10 (memcpy-param-overlap)
    #0 0x4e99c9 in __asan_memcpy _asan_rtl_
    #1 0x60d4a4 in put_c /src/dav1d/src/mc_tmpl.c:52:9
    #2 0x6075ae in put_bilin_c /src/dav1d/src/mc_tmpl.c:433:9
    #3 0x62f33f in mc /src/dav1d/src/recon_tmpl.c:546:13
    #4 0x626789 in dav1d_recon_b_inter_16bpc /src/dav1d/src/recon_tmpl.c:1170:15
    #5 0x55fa2d in decode_b /src/dav1d/src/decode.c:1322:17
    #6 0x543d8a in decode_sb /src/dav1d/src/decode.c:1957:17
    #7 0x542a68 in dav1d_decode_tile_sbrow /src/dav1d/src/decode.c:2469:13
    #8 0x533455 in dav1d_tile_task /src/dav1d/src/thread_task.c:92:29
    #9 0x7fce056266b9 in start_thread
    #10 0x7fce04a3141c in clone /build/glibc-Cl5G7W/glibc-2.23/sysdeps/unix/sysv/linux/x86_64/clone.S:109
0x7fcdfe228a00 is located 512 bytes inside of 442368-byte region [0x7fcdfe228800,0x7fcdfe294800)
allocated by thread T0 here:
    #0 0x4ec168 in __interceptor_posix_memalign _asan_rtl_
    #1 0x52c5b1 in dav1d_alloc_aligned /src/dav1d/include/common/mem.h:46:9
    #2 0x52c324 in default_picture_allocator /src/dav1d/src/picture.c:60:21
    #3 0x52c057 in fuzz_picture_allocator /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:66:12
    #4 0x52caae in picture_alloc_with_edges /src/dav1d/src/picture.c:125:15
    #5 0x52c7b4 in dav1d_thread_picture_alloc /src/dav1d/src/picture.c:156:9
    #6 0x54f4b3 in dav1d_submit_frame /src/dav1d/src/decode.c:3125:11
    #7 0x53427b in dav1d_parse_obus /src/dav1d/src/obu.c:1412:24
    #8 0x531926 in dav1d_get_picture /src/dav1d/src/lib.c:347:15
    #9 0x52bc70 in LLVMFuzzerTestOneInput /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:156:19
    #10 0x64b15a in ExecuteFilesOnyByOne(int, char**) /src/libfuzzer/afl/afl_driver.cpp:301:5
    #11 0x64b6be in main /src/libfuzzer/afl/afl_driver.cpp:339:12
    #12 0x7fce0494a82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291
Thread T2 created by T0 here:
    #0 0x43694d in __interceptor_pthread_create _asan_rtl_
    #1 0x52f337 in dav1d_open /src/dav1d/src/lib.c:137:17
    #2 0x52baee in LLVMFuzzerTestOneInput /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:118:11
    #3 0x64b15a in ExecuteFilesOnyByOne(int, char**) /src/libfuzzer/afl/afl_driver.cpp:301:5
    #4 0x64b6be in main /src/libfuzzer/afl/afl_driver.cpp:339:12
    #5 0x7fce0494a82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291
0x7fcdfe228902 is located 258 bytes inside of 442368-byte region [0x7fcdfe228800,0x7fcdfe294800)
allocated by thread T0 here:
    #0 0x4ec168 in __interceptor_posix_memalign _asan_rtl_
    #1 0x52c5b1 in dav1d_alloc_aligned /src/dav1d/include/common/mem.h:46:9
    #2 0x52c324 in default_picture_allocator /src/dav1d/src/picture.c:60:21
    #3 0x52c057 in fuzz_picture_allocator /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:66:12
    #4 0x52caae in picture_alloc_with_edges /src/dav1d/src/picture.c:125:15
    #5 0x52c7b4 in dav1d_thread_picture_alloc /src/dav1d/src/picture.c:156:9
    #6 0x54f4b3 in dav1d_submit_frame /src/dav1d/src/decode.c:3125:11
    #7 0x53427b in dav1d_parse_obus /src/dav1d/src/obu.c:1412:24
    #8 0x531926 in dav1d_get_picture /src/dav1d/src/lib.c:347:15
    #9 0x52bc70 in LLVMFuzzerTestOneInput /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:156:19
    #10 0x64b15a in ExecuteFilesOnyByOne(int, char**) /src/libfuzzer/afl/afl_driver.cpp:301:5
    #11 0x64b6be in main /src/libfuzzer/afl/afl_driver.cpp:339:12
    #12 0x7fce0494a82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291

==1==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x5a4a74 in iclip /src/dav1d/include/common/intops.h:44:28
    #1 0x59adbe in put_bilin_c /src/dav1d/src/mc_tmpl.c:417:30
    #2 0x5d91ca in mc /src/dav1d/src/recon_tmpl.c:546:13
    #3 0x5cc844 in dav1d_recon_b_inter_8bpc /src/dav1d/src/recon_tmpl.c:1174:19
    #4 0x4e9f8f in decode_b /src/dav1d/src/decode.c:738:17
    #5 0x4cccc8 in decode_sb /src/dav1d/src/decode.c:1957:17
    #6 0x4c8b69 in dav1d_decode_tile_sbrow /src/dav1d/src/decode.c:2374:17
    #7 0x4ae294 in dav1d_tile_task /src/dav1d/src/thread_task.c:92:29
    #8 0x49f1ae in __msan::MsanThread::ThreadStart() /src/llvm/projects/compiler-rt/lib/msan/msan_thread.cc:77
    #9 0x7f5d7ded16b9 in start_thread
    #10 0x7f5d7d2dc41c in clone /build/glibc-Cl5G7W/glibc-2.23/sysdeps/unix/sysv/linux/x86_64/clone.S:109
  Uninitialized value was stored to memory at
    #0 0x45f31d in __msan_memcpy.part.51 /src/llvm/projects/compiler-rt/lib/msan/msan_interceptors.cc:1490
    #1 0x5a125d in emu_edge_c /src/dav1d/src/mc_tmpl.c:829:9
    #2 0x5d8f12 in mc /src/dav1d/src/recon_tmpl.c:535:13
    #3 0x5cc844 in dav1d_recon_b_inter_8bpc /src/dav1d/src/recon_tmpl.c:1174:19
    #4 0x4e9f8f in decode_b /src/dav1d/src/decode.c:738:17
    #5 0x4cccc8 in decode_sb /src/dav1d/src/decode.c:1957:17
    #6 0x4c8b69 in dav1d_decode_tile_sbrow /src/dav1d/src/decode.c:2374:17
    #7 0x4ae294 in dav1d_tile_task /src/dav1d/src/thread_task.c:92:29
    #8 0x49f1ae in __msan::MsanThread::ThreadStart() /src/llvm/projects/compiler-rt/lib/msan/msan_thread.cc:77
  Uninitialized value was created by a heap allocation
    #0 0x46bd54 in __interceptor_posix_memalign /src/llvm/projects/compiler-rt/lib/msan/msan_interceptors.cc:170
    #1 0x4a13a9 in dav1d_alloc_aligned /src/dav1d/include/common/mem.h:46:9
    #2 0x4a0e48 in default_picture_allocator /src/dav1d/src/picture.c:60:21
    #3 0x4a08c3 in fuzz_picture_allocator /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:66:12
    #4 0x4a1ce8 in picture_alloc_with_edges /src/dav1d/src/picture.c:125:15
    #5 0x4a17c8 in dav1d_thread_picture_alloc /src/dav1d/src/picture.c:156:9
    #6 0x4df71b in dav1d_submit_frame /src/dav1d/src/decode.c:3125:11
    #7 0x4b01eb in dav1d_parse_obus /src/dav1d/src/obu.c:1412:24
    #8 0x4aac80 in dav1d_get_picture /src/dav1d/src/lib.c:347:15
    #9 0x4a00de in LLVMFuzzerTestOneInput /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:156:19
    #10 0x6e69ab in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15
    #11 0x69e956 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6
    #12 0x6af77a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9
    #13 0x69da81 in main /src/libfuzzer/FuzzerMain.cpp:20:10
    #14 0x7f5d7d1f582f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291

==1==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x56c54f in splat_dc /src/dav1d/src/ipred_tmpl.c:45:5
    #1 0x5c3c04 in dav1d_recon_b_intra_8bpc /src/dav1d/src/recon_tmpl.c:837:21
    #2 0x4f1e28 in decode_b /src/dav1d/src/decode.c:1162:13
    #3 0x4cc5d7 in decode_sb /src/dav1d/src/decode.c:2159:17
    #4 0x4cc6de in decode_sb /src/dav1d/src/decode.c:2155:17
    #5 0x4ca610 in dav1d_decode_tile_sbrow /src/dav1d/src/decode.c:2469:13
    #6 0x4ae5e5 in dav1d_tile_task /src/dav1d/src/thread_task.c:128:25
    #7 0x49f1ae in __msan::MsanThread::ThreadStart() /src/llvm/projects/compiler-rt/lib/msan/msan_thread.cc:77
    #8 0x7fa03b2e36b9 in start_thread
    #9 0x7fa03a6ee41c in clone /build/glibc-Cl5G7W/glibc-2.23/sysdeps/unix/sysv/linux/x86_64/clone.S:109
  Uninitialized value was stored to memory at
    #0 0x45f31d in __msan_memcpy.part.51 /src/llvm/projects/compiler-rt/lib/msan/msan_interceptors.cc:1490
    #1 0x67d6ac in dav1d_prepare_intra_edges_8bpc /src/dav1d/src/ipred_prepare_tmpl.c:174:13
    #2 0x5c3987 in dav1d_recon_b_intra_8bpc /src/dav1d/src/recon_tmpl.c:826:25
    #3 0x4f1e28 in decode_b /src/dav1d/src/decode.c:1162:13
    #4 0x4cc5d7 in decode_sb /src/dav1d/src/decode.c:2159:17
    #5 0x4cc6de in decode_sb /src/dav1d/src/decode.c:2155:17
    #6 0x4ca610 in dav1d_decode_tile_sbrow /src/dav1d/src/decode.c:2469:13
    #7 0x4ae5e5 in dav1d_tile_task /src/dav1d/src/thread_task.c:128:25
    #8 0x49f1ae in __msan::MsanThread::ThreadStart() /src/llvm/projects/compiler-rt/lib/msan/msan_thread.cc:77
  Uninitialized value was stored to memory at
    #0 0x45f31d in __msan_memcpy.part.51 /src/llvm/projects/compiler-rt/lib/msan/msan_interceptors.cc:1490
    #1 0x5a4f2f in put_c /src/dav1d/src/mc_tmpl.c:52:9
    #2 0x5d981a in mc /src/dav1d/src/recon_tmpl.c:546:13
    #3 0x5cbee8 in dav1d_recon_b_inter_8bpc /src/dav1d/src/recon_tmpl.c:1170:15
    #4 0x4fcdf7 in decode_b /src/dav1d/src/decode.c:1322:17
    #5 0x4cc5d7 in decode_sb /src/dav1d/src/decode.c:2159:17
    #6 0x4cc4b7 in decode_sb /src/dav1d/src/decode.c:2153:17
    #7 0x4ca610 in dav1d_decode_tile_sbrow /src/dav1d/src/decode.c:2469:13
    #8 0x4ae5e5 in dav1d_tile_task /src/dav1d/src/thread_task.c:128:25
    #9 0x49f1ae in __msan::MsanThread::ThreadStart() /src/llvm/projects/compiler-rt/lib/msan/msan_thread.cc:77
  Uninitialized value was created by a heap allocation
    #0 0x46bd54 in __interceptor_posix_memalign /src/llvm/projects/compiler-rt/lib/msan/msan_interceptors.cc:170
    #1 0x4a13a9 in dav1d_alloc_aligned /src/dav1d/include/common/mem.h:46:9
    #2 0x4a0e48 in default_picture_allocator /src/dav1d/src/picture.c:60:21
    #3 0x4a08c3 in fuzz_picture_allocator /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:66:12
    #4 0x4a1ce8 in picture_alloc_with_edges /src/dav1d/src/picture.c:125:15
    #5 0x4a17c8 in dav1d_thread_picture_alloc /src/dav1d/src/picture.c:156:9
    #6 0x4df71b in dav1d_submit_frame /src/dav1d/src/decode.c:3125:11
    #7 0x4b01eb in dav1d_parse_obus /src/dav1d/src/obu.c:1412:24
    #8 0x4aac80 in dav1d_get_picture /src/dav1d/src/lib.c:347:15
    #9 0x4a00de in LLVMFuzzerTestOneInput /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:156:19
    #10 0x6e6ffb in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15
    #11 0x69efa6 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6
    #12 0x6afdca in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9
    #13 0x69e0d1 in main /src/libfuzzer/FuzzerMain.cpp:20:10
    #14 0x7fa03a60782f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291

==1==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x578b54 in iclip /src/dav1d/include/common/intops.h:44:12
    #1 0x5799ef in inv_txfm_add_c /src/dav1d/src/itx_tmpl.c:87:17
    #2 0x5780ad in inv_txfm_add_dct_dct_32x8_c /src/dav1d/src/itx_tmpl.c:145:1
    #3 0x5d37a5 in dav1d_recon_b_inter_8bpc /src/dav1d/src/recon_tmpl.c:1566:29
    #4 0x4fce77 in decode_b /src/dav1d/src/decode.c:1322:17
    #5 0x4cdf35 in decode_sb /src/dav1d/src/decode.c:2072:17
    #6 0x4ca690 in dav1d_decode_tile_sbrow /src/dav1d/src/decode.c:2469:13
    #7 0x4ae5e5 in dav1d_tile_task /src/dav1d/src/thread_task.c:128:25
    #8 0x49f1ae in __msan::MsanThread::ThreadStart() /src/llvm/projects/compiler-rt/lib/msan/msan_thread.cc:77
    #9 0x7ff6957dc6b9 in start_thread
    #10 0x7ff694be741c in clone /build/glibc-Cl5G7W/glibc-2.23/sysdeps/unix/sysv/linux/x86_64/clone.S:109
  Uninitialized value was stored to memory at
    #0 0x45f31d in __msan_memcpy.part.51 /src/llvm/projects/compiler-rt/lib/msan/msan_interceptors.cc:1490
    #1 0x5a3c6f in put_c /src/dav1d/src/mc_tmpl.c:52:9
    #2 0x5d855a in mc /src/dav1d/src/recon_tmpl.c:546:13
    #3 0x5cbbd4 in dav1d_recon_b_inter_8bpc /src/dav1d/src/recon_tmpl.c:1174:19
    #4 0x4fce77 in decode_b /src/dav1d/src/decode.c:1322:17
    #5 0x4cdf35 in decode_sb /src/dav1d/src/decode.c:2072:17
    #6 0x4ca690 in dav1d_decode_tile_sbrow /src/dav1d/src/decode.c:2469:13
    #7 0x4ae5e5 in dav1d_tile_task /src/dav1d/src/thread_task.c:128:25
    #8 0x49f1ae in __msan::MsanThread::ThreadStart() /src/llvm/projects/compiler-rt/lib/msan/msan_thread.cc:77
  Uninitialized value was created by a heap allocation
    #0 0x46bd54 in __interceptor_posix_memalign /src/llvm/projects/compiler-rt/lib/msan/msan_interceptors.cc:170
    #1 0x4a13a9 in dav1d_alloc_aligned /src/dav1d/include/common/mem.h:46:9
    #2 0x4a0e48 in default_picture_allocator /src/dav1d/src/picture.c:60:21
    #3 0x4a08c3 in fuzz_picture_allocator /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:66:12
    #4 0x4a1ce8 in picture_alloc_with_edges /src/dav1d/src/picture.c:125:15
    #5 0x4a17c8 in dav1d_thread_picture_alloc /src/dav1d/src/picture.c:156:9
    #6 0x4df79b in dav1d_submit_frame /src/dav1d/src/decode.c:3125:11
    #7 0x4aff75 in dav1d_parse_obus /src/dav1d/src/obu.c:1410:24
    #8 0x4aac80 in dav1d_get_picture /src/dav1d/src/lib.c:347:15
    #9 0x4a00de in LLVMFuzzerTestOneInput /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:156:19
    #10 0x6e4dfb in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15
    #11 0x69cda6 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6
    #12 0x6adbca in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9
    #13 0x69bed1 in main /src/libfuzzer/FuzzerMain.cpp:20:10
    #14 0x7ff694b0082f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291

==1==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x56ed14 in iclip /src/dav1d/include/common/intops.h:44:12
    #1 0x5692b7 in ipred_z2_c /src/dav1d/src/ipred_tmpl.c:545:22
    #2 0x5c2944 in dav1d_recon_b_intra_8bpc /src/dav1d/src/recon_tmpl.c:837:21
    #3 0x4f1ea8 in decode_b /src/dav1d/src/decode.c:1162:13
    #4 0x4cd6b8 in decode_sb /src/dav1d/src/decode.c:2016:17
    #5 0x4ccf88 in decode_sb /src/dav1d/src/decode.c:1998:21
    #6 0x4ca690 in dav1d_decode_tile_sbrow /src/dav1d/src/decode.c:2469:13
    #7 0x4ae5e5 in dav1d_tile_task /src/dav1d/src/thread_task.c:128:25
    #8 0x49f1ae in __msan::MsanThread::ThreadStart() /src/llvm/projects/compiler-rt/lib/msan/msan_thread.cc:77
    #9 0x7fcc00f236b9 in start_thread
    #10 0x7fcc0032e41c in clone /build/glibc-Cl5G7W/glibc-2.23/sysdeps/unix/sysv/linux/x86_64/clone.S:109
  Uninitialized value was stored to memory at
    #0 0x569855 in ipred_z2_c /src/dav1d/src/ipred_tmpl.c:520:14
    #1 0x5c2944 in dav1d_recon_b_intra_8bpc /src/dav1d/src/recon_tmpl.c:837:21
    #2 0x4f1ea8 in decode_b /src/dav1d/src/decode.c:1162:13
    #3 0x4cd6b8 in decode_sb /src/dav1d/src/decode.c:2016:17
    #4 0x4ccf88 in decode_sb /src/dav1d/src/decode.c:1998:21
    #5 0x4ca690 in dav1d_decode_tile_sbrow /src/dav1d/src/decode.c:2469:13
    #6 0x4ae5e5 in dav1d_tile_task /src/dav1d/src/thread_task.c:128:25
    #7 0x49f1ae in __msan::MsanThread::ThreadStart() /src/llvm/projects/compiler-rt/lib/msan/msan_thread.cc:77
  Uninitialized value was stored to memory at
    #0 0x67bfa1 in dav1d_prepare_intra_edges_8bpc /src/dav1d/src/ipred_prepare_tmpl.c:205:26
    #1 0x5c26c7 in dav1d_recon_b_intra_8bpc /src/dav1d/src/recon_tmpl.c:826:25
    #2 0x4f1ea8 in decode_b /src/dav1d/src/decode.c:1162:13
    #3 0x4cd6b8 in decode_sb /src/dav1d/src/decode.c:2016:17
    #4 0x4ccf88 in decode_sb /src/dav1d/src/decode.c:1998:21
    #5 0x4ca690 in dav1d_decode_tile_sbrow /src/dav1d/src/decode.c:2469:13
    #6 0x4ae5e5 in dav1d_tile_task /src/dav1d/src/thread_task.c:128:25
    #7 0x49f1ae in __msan::MsanThread::ThreadStart() /src/llvm/projects/compiler-rt/lib/msan/msan_thread.cc:77
  Uninitialized value was stored to memory at
    #0 0x67bf90 in dav1d_prepare_intra_edges_8bpc /src/dav1d/src/ipred_prepare_tmpl.c:0:16
    #1 0x5c26c7 in dav1d_recon_b_intra_8bpc /src/dav1d/src/recon_tmpl.c:826:25
    #2 0x4f1ea8 in decode_b /src/dav1d/src/decode.c:1162:13
    #3 0x4cd6b8 in decode_sb /src/dav1d/src/decode.c:2016:17
    #4 0x4ccf88 in decode_sb /src/dav1d/src/decode.c:1998:21
    #5 0x4ca690 in dav1d_decode_tile_sbrow /src/dav1d/src/decode.c:2469:13
    #6 0x4ae5e5 in dav1d_tile_task /src/dav1d/src/thread_task.c:128:25
    #7 0x49f1ae in __msan::MsanThread::ThreadStart() /src/llvm/projects/compiler-rt/lib/msan/msan_thread.cc:77
  Uninitialized value was stored to memory at
    #0 0x45f31d in __msan_memcpy.part.51 /src/llvm/projects/compiler-rt/lib/msan/msan_interceptors.cc:1490
    #1 0x5ddffd in dav1d_backup_ipred_edge_8bpc /src/dav1d/src/recon_tmpl.c:1666:5
    #2 0x4cab14 in dav1d_decode_tile_sbrow /src/dav1d/src/decode.c:2479:9
    #3 0x4ae5e5 in dav1d_tile_task /src/dav1d/src/thread_task.c:128:25
    #4 0x49f1ae in __msan::MsanThread::ThreadStart() /src/llvm/projects/compiler-rt/lib/msan/msan_thread.cc:77
  Uninitialized value was stored to memory at
    #0 0x45f31d in __msan_memcpy.part.51 /src/llvm/projects/compiler-rt/lib/msan/msan_interceptors.cc:1490
    #1 0x5a3c6f in put_c /src/dav1d/src/mc_tmpl.c:52:9
    #2 0x5d855a in mc /src/dav1d/src/recon_tmpl.c:546:13
    #3 0x5cac28 in dav1d_recon_b_inter_8bpc /src/dav1d/src/recon_tmpl.c:1170:15
    #4 0x4fce77 in decode_b /src/dav1d/src/decode.c:1322:17
    #5 0x4ccd48 in decode_sb /src/dav1d/src/decode.c:1957:17
    #6 0x4ca690 in dav1d_decode_tile_sbrow /src/dav1d/src/decode.c:2469:13
    #7 0x4ae5e5 in dav1d_tile_task /src/dav1d/src/thread_task.c:128:25
    #8 0x49f1ae in __msan::MsanThread::ThreadStart() /src/llvm/projects/compiler-rt/lib/msan/msan_thread.cc:77
  Uninitialized value was created by a heap allocation
    #0 0x46bd54 in __interceptor_posix_memalign /src/llvm/projects/compiler-rt/lib/msan/msan_interceptors.cc:170
    #1 0x4a13a9 in dav1d_alloc_aligned /src/dav1d/include/common/mem.h:46:9
    #2 0x4a0e48 in default_picture_allocator /src/dav1d/src/picture.c:60:21
    #3 0x4a08c3 in fuzz_picture_allocator /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:66:12
    #4 0x4a1ce8 in picture_alloc_with_edges /src/dav1d/src/picture.c:125:15
    #5 0x4a17c8 in dav1d_thread_picture_alloc /src/dav1d/src/picture.c:156:9
    #6 0x4df79b in dav1d_submit_frame /src/dav1d/src/decode.c:3125:11
    #7 0x4aff75 in dav1d_parse_obus /src/dav1d/src/obu.c:1410:24
    #8 0x4aac80 in dav1d_get_picture /src/dav1d/src/lib.c:347:15
    #9 0x4a00de in LLVMFuzzerTestOneInput /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:156:19
    #10 0x6e4dfb in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15
    #11 0x69cda6 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6
    #12 0x6adbca in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9
    #13 0x69bed1 in main /src/libfuzzer/FuzzerMain.cpp:20:10
    #14 0x7fcc0024782f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291

Janne Grunau authored 6 years ago and Jean-Baptiste Kempf committed 6 years ago

../../src/dav1d/src/itx_1d.c:803:40: runtime error: signed integer overflow: -924106 * 2896 cannot be represented in type 'int'
     #0 0x4b9192 in inv_adst16_1d /src/dav1d/src/itx_1d.c:803:40
     #1 0x4b3e5d in inv_txfm_add_c /src/dav1d/src/itx_tmpl.c:0
     #2 0x4b289f in inv_txfm_add_adst_identity_16x4_c /src/dav1d/src/itx_tmpl.c:140:1
    #3 0x4d6b47 in read_coef_tree /src/dav1d/src/recon_tmpl.c:353:17
    #4 0x4dd7b4 in dav1d_recon_b_inter_16bpc /src/dav1d/src/recon_tmpl.c:1505:21
    #5 0x44ccc7 in decode_b /src/dav1d/src/decode.c:1827:17
    #6 0x43d2e9 in decode_sb /src/dav1d/src/decode.c:2072:17
    #7 0x43dbd3 in decode_sb /src/dav1d/src/decode.c:2005:21
    #8 0x43cd41 in decode_sb /src/dav1d/src/decode.c:2155:17
    #9 0x43c041 in dav1d_decode_tile_sbrow /src/dav1d/src/decode.c:2469:13

Janne Grunau authored 6 years ago and Jean-Baptiste Kempf committed 6 years ago

../../src/dav1d/src/itx_1d.c:46:27: runtime error: signed integer overflow: 1007563 * 2896 cannot be represented in type 'int'
    #0 0x4b45a0 in inv_dct4_1d /src/dav1d/src/itx_1d.c:46:27
    #1 0x4b4c0c in inv_dct8_1d /src/dav1d/src/itx_1d.c:63:5
    #2 0x4b3cdd in inv_txfm_add_c /src/dav1d/src/itx_tmpl.c:0
    #3 0x4b18df in inv_txfm_add_dct_identity_8x8_c /src/dav1d/src/itx_tmpl.c:137:1
    #4 0x4d69c7 in read_coef_tree /src/dav1d/src/recon_tmpl.c:353:17
    #5 0x4dd634 in dav1d_recon_b_inter_16bpc /src/dav1d/src/recon_tmpl.c:1505:21
    #6 0x44cc67 in decode_b /src/dav1d/src/decode.c:1827:17
    #7 0x43cdf4 in decode_sb /src/dav1d/src/decode.c:1957:17
    #8 0x43dd58 in decode_sb /src/dav1d/src/decode.c:2008:21
    #9 0x43daf3 in decode_sb /src/dav1d/src/decode.c:2005:21
    #10 0x43dd58 in decode_sb /src/dav1d/src/decode.c:2008:21
    #11 0x43d26d in decode_sb /src/dav1d/src/decode.c:1998:21
    #12 0x43bf61 in dav1d_decode_tile_sbrow /src/dav1d/src/decode.c:2469:13
    #13 0x440d34 in dav1d_decode_frame /src/dav1d/src/decode.c:2836:29
    #14 0x444af5 in dav1d_submit_frame /src/dav1d/src/decode.c:3287:20
    #15 0x4340ec in dav1d_parse_obus /src/dav1d/src/obu.c:1411:24
    #16 0x43232e in dav1d_get_picture /src/dav1d/src/lib.c:327:15
    #17 0x42f182 in LLVMFuzzerTestOneInput /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:129:19

Janne Grunau authored 6 years ago and Jean-Baptiste Kempf committed 6 years ago

third_party/dav1d/src/itx_1d.c:843:44: runtime error: signed integer overflow: 409458 * 5793 cannot be represented in type 'int'
    #0 0x55e622a461da in inv_identity16_1d third_party/dav1d/src/itx_1d.c:843:44
    #1 0x55e622a4154f in inv_txfm_add_c third_party/dav1d/src/itx_tmpl.c
    #2 0x55e622a408ac in inv_txfm_add_identity_identity_16x16_c third_party/dav1d/src/itx_tmpl.c:142:1
    #3 0x55e622a80a6a in dav1d_recon_b_intra_16bpc third_party/dav1d/src/recon_tmpl.c:890:29
    #4 0x55e6229b9b9e in decode_b third_party/dav1d/src/decode.c:1162:13
    #5 0x55e6229a1abb in decode_sb third_party/dav1d/src/decode.c:2072:17
    #6 0x55e62299f07b in dav1d_decode_tile_sbrow third_party/dav1d/src/decode.c:2469:13
    #7 0x55e6229a959c in dav1d_decode_frame third_party/dav1d/src/decode.c:2838:29
    #8 0x55e6229af362 in dav1d_submit_frame third_party/dav1d/src/decode.c:3302:20
    #9 0x55e6229f0a92 in dav1d_parse_obus third_party/dav1d/src/obu.c:1410:24
    #10 0x55e622a19666 in dav1d_get_picture third_party/dav1d/src/lib.c:347:15
    #11 0x55e622989759 in LLVMFuzzerTestOneInput third_party/dav1d/tests/libfuzzer/dav1d_fuzzer.c:156:19

==1==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 40 byte(s) in 1 object(s) allocated from:
    #0 0x4eb5ff in malloc _asan_rtl_
    #1 0x52eb17 in dav1d_ref_wrap /src/dav1d/src/ref.c:58:21
    #2 0x52e96c in dav1d_ref_create /src/dav1d/src/ref.c:46:11
    #3 0x592299 in dav1d_cdf_thread_alloc /src/dav1d/src/cdf.c:4182:16
    #4 0x5511af in dav1d_submit_frame /src/dav1d/src/decode.c:3114:15
    #5 0x534fb0 in dav1d_parse_obus /src/dav1d/src/obu.c:1410:24
    #6 0x532017 in dav1d_get_picture /src/dav1d/src/lib.c:347:15
    #7 0x52bffb in LLVMFuzzerTestOneInput /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:129:19
    #8 0x6808b5 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15
    #9 0x6560dd in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6
    #10 0x661926 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9
    #11 0x65575c in main /src/libfuzzer/FuzzerMain.cpp:20:10
    #12 0x7f185d17982f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291
Indirect leak of 20824 byte(s) in 1 object(s) allocated from:
    #0 0x4ec488 in __interceptor_posix_memalign _asan_rtl_
    #1 0x52ea4d in dav1d_alloc_aligned /src/dav1d/include/common/mem.h:46:9
    #2 0x52e952 in dav1d_ref_create /src/dav1d/src/ref.c:41:18
    #3 0x592299 in dav1d_cdf_thread_alloc /src/dav1d/src/cdf.c:4182:16
    #4 0x5511af in dav1d_submit_frame /src/dav1d/src/decode.c:3114:15
    #5 0x534fb0 in dav1d_parse_obus /src/dav1d/src/obu.c:1410:24
    #6 0x532017 in dav1d_get_picture /src/dav1d/src/lib.c:347:15
    #7 0x52bffb in LLVMFuzzerTestOneInput /src/dav1d/tests/libfuzzer/dav1d_fuzzer.c:129:19
    #8 0x6808b5 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15
    #9 0x6560dd in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6
    #10 0x661926 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9
    #11 0x65575c in main /src/libfuzzer/FuzzerMain.cpp:20:10
    #12 0x7f185d17982f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291
SUMMARY: AddressSanitizer: 20864 byte(s) leaked in 2 allocation(s).