From c6b75a196636a7a72c46c3f2b78dde4f162767d3 Mon Sep 17 00:00:00 2001
From: James Zern <jzern@google.com>
Date: Thu, 12 Dec 2019 23:23:39 -0800
Subject: [PATCH] lossless_(enc_|)sse2: avoid offsetting a NULL pointer

PredictorSub0_SSE2 doesn't use 'upper' (neither does
VP8LPredictorsSub_C[0]); just pass NULL when dealing with trailing
pixels to avoid undefined behavior when offsetting a NULL pointer

BUG=chromium:1026858,oss-fuzz:19430

Change-Id: I08be8899ed2e34f26aaee34defe68dbd0fe216d3
---
 src/dsp/lossless_enc_sse2.c | 3 ++-
 src/dsp/lossless_sse2.c     | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/dsp/lossless_enc_sse2.c b/src/dsp/lossless_enc_sse2.c
index 8adc5213..e676f6fd 100644
--- a/src/dsp/lossless_enc_sse2.c
+++ b/src/dsp/lossless_enc_sse2.c
@@ -455,8 +455,9 @@ static void PredictorSub0_SSE2(const uint32_t* in, const uint32_t* upper,
     _mm_storeu_si128((__m128i*)&out[i], res);
   }
   if (i != num_pixels) {
-    VP8LPredictorsSub_C[0](in + i, upper + i, num_pixels - i, out + i);
+    VP8LPredictorsSub_C[0](in + i, NULL, num_pixels - i, out + i);
   }
+  (void)upper;
 }
 
 #define GENERATE_PREDICTOR_1(X, IN)                                           \
diff --git a/src/dsp/lossless_sse2.c b/src/dsp/lossless_sse2.c
index 17d75764..aef0cee1 100644
--- a/src/dsp/lossless_sse2.c
+++ b/src/dsp/lossless_sse2.c
@@ -191,8 +191,9 @@ static void PredictorAdd0_SSE2(const uint32_t* in, const uint32_t* upper,
     _mm_storeu_si128((__m128i*)&out[i], res);
   }
   if (i != num_pixels) {
-    VP8LPredictorsAdd_C[0](in + i, upper + i, num_pixels - i, out + i);
+    VP8LPredictorsAdd_C[0](in + i, NULL, num_pixels - i, out + i);
   }
+  (void)upper;
 }
 
 // Predictor1: left.