Avoid the &arr[0] expression if arr may be NULL.
Change &arr[0] to the equivalent expression arr if arr may be a null
pointer.
This should fix the UBSAN runtime error at av1/common/quant_common.c:230:
applying zero offset to null pointer.
Also assert that cm->giqmatrix[qmlevel][plane][tx_size] and
cm->gqmatrix[qmlevel][plane][tx_size] are NULL only if qmlevel is equal
to NUM_QM_LEVELS - 1, matching the code in av1_qm_init().
BUG=oss-fuzz:19420
Change-Id: I1efde50c97bb395b0ffed2d73cb68b90ea63103d
(cherry picked from commit 6a715fb963f9323a9c95e104bbb1953f06523c37)
diff --git a/av1/common/quant_common.c b/av1/common/quant_common.c
index 365d26c..b9e9230 100644
--- a/av1/common/quant_common.c
+++ b/av1/common/quant_common.c
@@ -259,11 +259,15 @@
const qm_val_t *av1_iqmatrix(AV1_COMMON *cm, int qmlevel, int plane,
TX_SIZE tx_size) {
- return &cm->giqmatrix[qmlevel][plane][tx_size][0];
+ assert(cm->giqmatrix[qmlevel][plane][tx_size] != NULL ||
+ qmlevel == NUM_QM_LEVELS - 1);
+ return cm->giqmatrix[qmlevel][plane][tx_size];
}
const qm_val_t *av1_qmatrix(AV1_COMMON *cm, int qmlevel, int plane,
TX_SIZE tx_size) {
- return &cm->gqmatrix[qmlevel][plane][tx_size][0];
+ assert(cm->gqmatrix[qmlevel][plane][tx_size] != NULL ||
+ qmlevel == NUM_QM_LEVELS - 1);
+ return cm->gqmatrix[qmlevel][plane][tx_size];
}
#define QM_TOTAL_SIZE 3344
@@ -286,6 +290,7 @@
cm->gqmatrix[q][c][t] = NULL;
cm->giqmatrix[q][c][t] = NULL;
} else if (t != qm_tx_size) { // Reuse matrices for 'qm_tx_size'
+ assert(t > qm_tx_size);
cm->gqmatrix[q][c][t] = cm->gqmatrix[q][c][qm_tx_size];
cm->giqmatrix[q][c][t] = cm->giqmatrix[q][c][qm_tx_size];
} else {