signed integer overflow in weight_h264_pixels2_9_c()

[tsmith]

Summary of the bug:
UBSan: libavcodec/h264dsp_template.c:98:1: runtime error: signed integer overflow: 256 * 2028513204 cannot be represented in type 'int'

How to reproduce:

% ffmpeg -ivf -i <test_case> -f null -
ffmpeg version N-77718-g72673ad Copyright (c) 2000-2016 the FFmpeg developers
  built with Ubuntu clang version 3.7.1-svn253742-1~exp1 (branches/release_37) (based on LLVM 3.7.1)
  configuration: --cc=clang --cxx=clang++ --disable-libxcb --disable-xlib --disable-logging --disable-ffprobe --disable-ffplay --disable-sdl --disable-ffserver --disable-doc --disable-pthreads --disable-network --disable-d3d11va --disable-dxva2 --disable-vaapi --disable-vda --disable-vdpau --disable-stripping --disable-runtime-cpudetect --disable-securetransport --disable-iconv
  libavutil      55. 12.100 / 55. 12.100
  libavcodec     57. 22.100 / 57. 22.100
  libavformat    57. 21.101 / 57. 21.101
  libavdevice    57.  0.100 / 57.  0.100
  libavfilter     6. 23.100 /  6. 23.100
  libswscale      4.  0.100 /  4.  0.100
  libswresample   2.  0.101 /  2.  0.101
[h264 @ 0x619000005a80] Warning: not compiled with thread support, using thread emulation
[h264 @ 0x619000005a80] sps_id 2 out of range
[h264 @ 0x619000005a80] non-existing PPS 0 referenced
[h264 @ 0x619000005a80] sps_id 2 out of range
[h264 @ 0x619000005a80] non-existing PPS 0 referenced
[h264 @ 0x619000005a80] decode_slice_header error
[h264 @ 0x619000005a80] data partitioning is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented.
[h264 @ 0x619000005a80] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/incoming/ and contact the ffmpeg-devel mailing list. (ffmpeg-devel@ffmpeg.org)
[h264 @ 0x619000005a80] non-existing PPS 0 referenced
[h264 @ 0x619000005a80] decode_slice_header error
[h264 @ 0x619000005a80] FMO not supported
[h264 @ 0x619000005a80] first_mb_in_slice overflow
[h264 @ 0x619000005a80] decode_slice_header error
[h264 @ 0x619000005a80] first_mb_in_slice overflow
[h264 @ 0x619000005a80] decode_slice_header error
[h264 @ 0x619000005a80] number of reference frames (0+2) exceeds max (1; probably corrupt input), discarding one
[ivf @ 0x61b00001f180] decoding for stream 0 failed
Input #0, ivf, from '/home/user/Desktop/ffmpeg/ivf_corpus/d4998b87a0de83ca63ee48ec6b4222e3f7c87999':
  Duration: N/A, bitrate: N/A
    Stream #0:0: Video: h264 (CAVLC 4:4:4) (V264 / 0x34363256), yuv422p9le, 48x128, 4.20 tbr, 4.20 tbn, 8.39 tbc
[wrapped_avframe @ 0x619000003780] Warning: not compiled with thread support, using thread emulation
[h264 @ 0x619000004180] Warning: not compiled with thread support, using thread emulation
[h264 @ 0x619000004180] sps_id 2 out of range
[h264 @ 0x619000004180] Ignoring NAL 1 in global header/extradata
[h264 @ 0x619000004180] Ignoring NAL 3 in global header/extradata
[h264 @ 0x619000004180] Ignoring NAL 1 in global header/extradata
[h264 @ 0x619000004180] FMO not supported
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf57.21.101
    Stream #0:0: Video: wrapped_avframe, yuv422p9le, 48x128, q=2-31, 200 kb/s, 4.20 fps, 4.20 tbn, 4.20 tbc
    Metadata:
      encoder         : Lavc57.22.100 wrapped_avframe
Stream mapping:
  Stream #0:0 -> #0:0 (h264 (native) -> wrapped_avframe (native))
Press [q] to stop, [?] for help
[h264 @ 0x619000004180] FMO not supported
[h264 @ 0x619000004180] reference picture missing during reorder
[h264 @ 0x619000004180] Missing reference picture, default is 0
    Last message repeated 13 times
[h264 @ 0x619000004180] chroma_log2_weight_denom 10 is out of range
[h264 @ 0x619000004180] illegal memory management control operation 32
[h264 @ 0x619000004180] co located POCs unavailable
[h264 @ 0x619000004180] data partitioning is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented.
[h264 @ 0x619000004180] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/incoming/ and contact the ffmpeg-devel mailing list. (ffmpeg-devel@ffmpeg.org)
[h264 @ 0x619000004180] Missing reference picture, default is 0
    Last message repeated 12 times
[h264 @ 0x619000004180] co located POCs unavailable
libavcodec/h264dsp_template.c:98:1: runtime error: signed integer overflow: 256 * 2028513204 cannot be represented in type 'int'
    #0 0x108526b in weight_h264_pixels2_9_c /home/user/code/ffmpeg/libavcodec/h264dsp_template.c:98:1
    #1 0xfd8b5c in hl_motion_422_complex /home/user/code/ffmpeg/libavcodec/h264_mc_template.c:135:17
    #2 0xfd8b5c in hl_decode_mb_complex /home/user/code/ffmpeg/libavcodec/h264_mb_template.c:176
    #3 0x105c63b in decode_slice /home/user/code/ffmpeg/libavcodec/h264_slice.c:2390:21
    #4 0x105ae54 in ff_h264_execute_decode_slices /home/user/code/ffmpeg/libavcodec/h264_slice.c:2550:15
    #5 0xf8ddc1 in decode_nal_units /home/user/code/ffmpeg/libavcodec/h264.c:1647:23
    #6 0xf95900 in h264_decode_frame /home/user/code/ffmpeg/libavcodec/h264.c:1832:17
    #7 0x1a3fc96 in avcodec_decode_video2 /home/user/code/ffmpeg/libavcodec/utils.c:2107:19
    #8 0x589546 in decode_video /home/user/code/ffmpeg/ffmpeg.c:2069:11
    #9 0x589546 in process_input_packet /home/user/code/ffmpeg/ffmpeg.c:2318
    #10 0x5990bc in process_input /home/user/code/ffmpeg/ffmpeg.c:3980:5
    #11 0x5726c6 in transcode_step /home/user/code/ffmpeg/ffmpeg.c:4068:11
    #12 0x5726c6 in transcode /home/user/code/ffmpeg/ffmpeg.c:4122
    #13 0x56f73c in main /home/user/code/ffmpeg/ffmpeg.c:4314:9
    #14 0x7f9f7c36bec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287
    #15 0x466445 in _start (/home/user/Desktop/ffmpeg/ffmpeg_full+0x466445)

[Carl Eugen Hoyos]

Probably a duplicate of ticket #5134, also not reproducible since 772ad714.