mc: use PXSTRIDE consistently in {put,prep}_8tap_scaled_c

Fixes a heap buffer overflow with high bit depth scaled reference frames
in clusterfuzz-testcase-minimized-dav1d_fuzzer_mt-5652139771166720.
Credits to oss-fuzz.

1 files changed, 6 insertions, 4 deletions

diff --git a/src/mc_tmpl.c b/src/mc_tmpl.c
index d63b145..add9b0c 100644
--- a/src/mc_tmpl.c
+++ b/src/mc_tmpl.c
@@ -149,12 +149,13 @@ put_8tap_c(pixel *dst, ptrdiff_t dst_stride,
 
 static NOINLINE void
 put_8tap_scaled_c(pixel *dst, const ptrdiff_t dst_stride,
-                  const pixel *src, const ptrdiff_t src_stride,
+                  const pixel *src, ptrdiff_t src_stride,
                   const int w, int h, const int mx, int my,
                   const int dx, const int dy, const int filter_type)
 {
     int tmp_h = (((h - 1) * dy + my) >> 10) + 8;
     coef mid[128 * (256 + 7)], *mid_ptr = mid;
+    src_stride = PXSTRIDE(src_stride);
 
     src -= src_stride * 3;
     do {
@@ -170,7 +171,7 @@ put_8tap_scaled_c(pixel *dst, const ptrdiff_t dst_stride,
         }
 
         mid_ptr += 128;
-        src += PXSTRIDE(src_stride);
+        src += src_stride;
     } while (--tmp_h);
 
     mid_ptr = mid + 128 * 3;
@@ -241,12 +242,13 @@ prep_8tap_c(coef *tmp, const pixel *src, ptrdiff_t src_stride,
 }
 
 static NOINLINE void
-prep_8tap_scaled_c(coef *tmp, const pixel *src, const ptrdiff_t src_stride,
+prep_8tap_scaled_c(coef *tmp, const pixel *src, ptrdiff_t src_stride,
                    const int w, int h, const int mx, int my,
                    const int dx, const int dy, const int filter_type)
 {
     int tmp_h = (((h - 1) * dy + my) >> 10) + 8;
     coef mid[128 * (256 + 7)], *mid_ptr = mid;
+    src_stride = PXSTRIDE(src_stride);
 
     src -= src_stride * 3;
     do {
@@ -262,7 +264,7 @@ prep_8tap_scaled_c(coef *tmp, const pixel *src, const ptrdiff_t src_stride,
         }
 
         mid_ptr += 128;
-        src += PXSTRIDE(src_stride);
+        src += src_stride;
     } while (--tmp_h);
 
     mid_ptr = mid + 128 * 3;