intrabc: use visible width/height in mv correction Prevents adjusting intra block copy motion vectors to values pointing out of the current tile. This happens with not entirely visible blocks in a one super block wide/high tile. Fixes an use of uninitilized value in inv_txfm_add_c() with clusterfuzz-testcase-minimized-dav1d_fuzzer_mt-5746740678885376. Credits to oss-fuzz.

commit: 7677c12018ac859374bdd864e42cc394fab878b2 [log] [tgz]
author: Janne Grunau <janne-vlc@jannau.net> Sat Dec 15 15:30:04 2018 +0100
committer: Janne Grunau <janne-vlc@jannau.net> Sat Dec 15 15:49:23 2018 +0100
tree: dfa18cb77e82109e3865346c3215b6bf4dfa804e
parent: 6a95aa56825af40b265363ec73a4790af9a41f28 [diff]
diff --git a/src/decode.c b/src/decode.c
index bacd097..5524c21 100644
--- a/src/decode.c
+++ b/src/decode.c

@@ -1264,8 +1264,8 @@
         }
         int src_left   = t->bx * 4 + (b->mv[0].x >> 3);
         int src_top    = t->by * 4 + (b->mv[0].y >> 3);
-        int src_right  = src_left + bw4 * 4;
-        int src_bottom = src_top  + bh4 * 4;
+        int src_right  = src_left + w4 * 4;
+        int src_bottom = src_top  + h4 * 4;
 
         // check against left or right tile boundary and adjust if necessary
         if (src_left < border_left) {
commit	7677c12018ac859374bdd864e42cc394fab878b2	[log] [tgz]
author	Janne Grunau <janne-vlc@jannau.net>	Sat Dec 15 15:30:04 2018 +0100
committer	Janne Grunau <janne-vlc@jannau.net>	Sat Dec 15 15:49:23 2018 +0100
tree	dfa18cb77e82109e3865346c3215b6bf4dfa804e
parent	6a95aa56825af40b265363ec73a4790af9a41f28 [diff]