crash in put_weighted_pred_avg_16_fallback
Closed this issue · 1 comments
novomesk commented
Testfile: segfault.zip
heif-convert clusterfuzz-testcase-minimized-kimgio_heif_fuzzer-6680294020481024.heic output3.png
Thread 1 "heif-convert" received signal SIGSEGV, Segmentation fault.
#0 0x00007ffff73b0c32 in put_weighted_pred_avg_16_fallback (dst=0x0, dststride=0, src1=0x7ffffffefef0, src2=0x7fffffff1ef0, srcstride=64, width=64, height=32, bit_depth=9) at fallback-motion.cc:246
#1 0x00007ffff73bbfd8 in acceleration_functions::put_weighted_pred_avg (this=this@entry=0x55555557cde0, _dst=_dst@entry=0x0, dststride=dststride@entry=0, src1=src1@entry=0x7ffffffefef0, src2=src2@entry=0x7fffffff1ef0, srcstride=srcstride@entry=64,
width=64, height=32, bit_depth=9) at ../libde265/acceleration.h:251
#2 0x00007ffff73bbac4 in generate_inter_prediction_samples (ctx=ctx@entry=0x55555557cd30, shdr=shdr@entry=0x555555586ae0, img=img@entry=0x555555587070, xC=xC@entry=0, yC=yC@entry=0, xB=xB@entry=0, yB=0, nCS=64, nPbW=64, nPbH=32, vi=0x7fffffff7f8c)
at motion.cc:544
#3 0x00007ffff73bbf48 in decode_prediction_unit (ctx=0x55555557cd30, shdr=0x555555586ae0, img=0x555555587070, motion=..., xC=xC@entry=0, yC=yC@entry=0, xB=0, yB=0, nCS=64, nPbW=64, nPbH=32, partIdx=0) at motion.cc:2155
#4 0x00007ffff73c6fa3 in read_prediction_unit (tctx=tctx@entry=0x7fffffff8280, xC=xC@entry=0, yC=yC@entry=0, xB=xB@entry=0, yB=yB@entry=0, nPbW=nPbW@entry=64, nPbH=32, ctDepth=0, nCS=64, partIdx=0) at slice.cc:4136
#5 0x00007ffff73c9848 in read_coding_unit (tctx=tctx@entry=0x7fffffff8280, x0=x0@entry=0, y0=y0@entry=0, log2CbSize=log2CbSize@entry=6, ctDepth=ctDepth@entry=0) at slice.cc:4500
#6 0x00007ffff73c9d8e in read_coding_quadtree (tctx=tctx@entry=0x7fffffff8280, x0=x0@entry=0, y0=y0@entry=0, log2CbSize=6, ctDepth=ctDepth@entry=0) at slice.cc:4652
#7 0x00007ffff73c9e6d in read_coding_tree_unit (tctx=tctx@entry=0x7fffffff8280) at slice.cc:2861
#8 0x00007ffff73ca13f in decode_substream (tctx=tctx@entry=0x7fffffff8280, block_wpp=block_wpp@entry=false, first_independent_substream=first_independent_substream@entry=true) at slice.cc:4741
#9 0x00007ffff73ca531 in read_slice_segment_data (tctx=tctx@entry=0x7fffffff8280) at slice.cc:5054
#10 0x00007ffff73a9bd4 in decoder_context::decode_slice_unit_sequential (this=this@entry=0x55555557cd30, imgunit=imgunit@entry=0x55555559ffc0, sliceunit=sliceunit@entry=0x5555555a0270) at decctx.cc:852
#11 0x00007ffff73aa088 in decoder_context::decode_slice_unit_parallel (this=this@entry=0x55555557cd30, imgunit=imgunit@entry=0x55555559ffc0, sliceunit=sliceunit@entry=0x5555555a0270) at decctx.cc:954
#12 0x00007ffff73aa16d in decoder_context::decode_some (this=this@entry=0x55555557cd30, did_work=did_work@entry=0x7fffffffcc50) at decctx.cc:739
#13 0x00007ffff73ab358 in decoder_context::read_slice_NAL (this=this@entry=0x55555557cd30, reader=..., nal=nal@entry=0x55555557e980, nal_hdr=...) at decctx.cc:697
#14 0x00007ffff73ab491 in decoder_context::decode_NAL (this=this@entry=0x55555557cd30, nal=0x55555557e980) at decctx.cc:1239
#15 0x00007ffff73ab711 in decoder_context::decode (this=0x55555557cd30, more=0x7fffffffcd74) at decctx.cc:1327
#16 0x00007ffff73a33da in de265_decode (de265ctx=<optimized out>, more=<optimized out>) at de265.cc:362
#17 0x00007ffff7f6e3bc in libde265_v1_decode_image (decoder_raw=0x55555557b8c0, out_img=0x7fffffffce30) at plugins/heif_decoder_libde265.cc:325
#18 0x00007ffff7f522ce in heif::HeifContext::decode_image_planar (this=0x5555555780f0, ID=<optimized out>, img=std::shared_ptr<heif::HeifPixelImage> (empty) = {...}, out_colorspace=out_colorspace@entry=heif_colorspace_RGB,
options=options@entry=0x55555557bde0, alphaImage=false) at heif_context.cc:1190
#19 0x00007ffff7f5338b in heif::HeifContext::decode_image_user (this=<optimized out>, ID=<optimized out>, img=std::shared_ptr<heif::HeifPixelImage> (empty) = {...}, out_colorspace=heif_colorspace_RGB, out_chroma=heif_chroma_interleaved_RGB,
options=0x55555557bde0) at heif_context.cc:1095
#20 0x00007ffff7f465db in heif_decode_image (in_handle=0x55555557be80, out_img=0x7fffffffd0f8, colorspace=<optimized out>, chroma=<optimized out>, options=<optimized out>) at heif.cc:950
#21 0x00005555555597ae in main (argc=<optimized out>, argv=<optimized out>) at heif_convert.cc:372