ossfuzz issues #22
Description
Within FFmpegs ossfuzz 2 issues seem to originate from libtheora. Iam not sure where to send these, as our libtheora maintainer seems inactive since many years and the libtheora mailman page is also 404. So i just put these here. If theres some other place i should have send this to or where i should send such future issues. Tell me, otherwise backtraces are below and testsamples can be provided to anyone who wants to look into this (but will likely require a setup of ffmpeg and ossfuzz with the right library versions to replicate or that ossfuzz docker thing). Testsamples also should become publically available automatically by google on the URLs below in a few days
https://issues.oss-fuzz.com/issues/409917731
analyze.c:1214:31: runtime error: left shift of negative value -32
#0 0x5622fe417f65 in oc_mb_activity theora/lib/analyze.c:1214:31
#1 0x5622fe4144d2 in oc_enc_analyze_intra theora/lib/analyze.c:1709:16
#2 0x5622fe3f69cc in oc_enc_compress_keyframe theora/lib/encode.c:1280:3
#3 0x5622fe3f5e02 in th_encode_ycbcr_in theora/lib/encode.c:1758:5
#4 0x5622fe03b79b in encode_frame /src/ffmpeg/libavcodec/libtheoraenc.c:307:14
#5 0x5622fe036adc in ff_encode_encode_cb /src/ffmpeg/libavcodec/encode.c:239:11
#6 0x5622fe037a3d in encode_simple_internal /src/ffmpeg/libavcodec/encode.c:325:15
#7 0x5622fe037a3d in encode_simple_receive_packet /src/ffmpeg/libavcodec/encode.c:339:15
#8 0x5622fe037a3d in encode_receive_packet_internal /src/ffmpeg/libavcodec/encode.c:373:15
#9 0x5622fe03735e in avcodec_send_frame /src/ffmpeg/libavcodec/encode.c:516:15
#10 0x5622fe026b97 in encode /src/ffmpeg/tools/target_enc_fuzzer.c:56:11
#11 0x5622fe026b97 in LLVMFuzzerTestOneInput /src/ffmpeg/tools/target_enc_fuzzer.c:195:15
#12 0x5622fdf88830 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13
#13 0x5622fdf73aa5 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:327:6
#14 0x5622fdf7953f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:862:9
#15 0x5622fdfa47e2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#16 0x7fdcf8db2082 in __libc_start_main /build/glibc-LcI20x/glibc-2.31/csu/libc-start.c:308:16
#17 0x5622fdf6bc8d in _start
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior analyze.c:1214:31
https://issues.oss-fuzz.com/issues/409407670
rate.c:656:24: runtime error: left shift of negative value -4214054593499312
#0 0x5cb0896ee0b0 in oc_enc_select_qi theora/lib/rate.c:0
#1 0x5cb0896e29a2 in oc_enc_compress_keyframe theora/lib/encode.c:1275:24
#2 0x5cb0896e1e02 in th_encode_ycbcr_in theora/lib/encode.c:1758:5
#3 0x5cb08932779b in encode_frame /src/ffmpeg/libavcodec/libtheoraenc.c:307:14
#4 0x5cb089322adc in ff_encode_encode_cb /src/ffmpeg/libavcodec/encode.c:239:11
#5 0x5cb089323a3d in encode_simple_internal /src/ffmpeg/libavcodec/encode.c:325:15
#6 0x5cb089323a3d in encode_simple_receive_packet /src/ffmpeg/libavcodec/encode.c:339:15
#7 0x5cb089323a3d in encode_receive_packet_internal /src/ffmpeg/libavcodec/encode.c:373:15
#8 0x5cb08932335e in avcodec_send_frame /src/ffmpeg/libavcodec/encode.c:516:15
#9 0x5cb089312b97 in encode /src/ffmpeg/tools/target_enc_fuzzer.c:56:11
#10 0x5cb089312b97 in LLVMFuzzerTestOneInput /src/ffmpeg/tools/target_enc_fuzzer.c:195:15
#11 0x5cb089274830 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13
#12 0x5cb08925faa5 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:327:6
#13 0x5cb08926553f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:862:9
#14 0x5cb0892907e2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#15 0x7a53899b6082 in __libc_start_main /build/glibc-LcI20x/glibc-2.31/csu/libc-start.c:308:16
#16 0x5cb089257c8d in _start
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior rate.c:656:24