From 7574c5576138894f892360ee49e8014752977fcd Mon Sep 17 00:00:00 2001
From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Date: Sun, 22 Jun 2025 22:36:00 +0200
Subject: [PATCH] avcodec/indeo3: Fix UB pointer arithmetic

Fixes the following error when running with Clang-UBSan:
src/libavcodec/indeo3.c:556:26: runtime error: applying non-zero offset 2560 to null pointer
This fixes the indeo3-2 FATE test.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
---
 libavcodec/indeo3.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/libavcodec/indeo3.c b/libavcodec/indeo3.c
index fbabd4b6ad..59d7f12bf4 100644
--- a/libavcodec/indeo3.c
+++ b/libavcodec/indeo3.c
@@ -691,9 +691,11 @@ static int decode_cell(Indeo3DecodeContext *ctx, AVCodecContext *avctx,
             }
 
             zoom_fac = mode == 10;
-            error = decode_cell_data(ctx, cell, block, ref_block, plane->pitch,
-                                     zoom_fac, 1, mode, delta, swap_quads,
-                                     &data_ptr, last_ptr);
+            av_assert2(!ref_block);
+            error = decode_cell_data(ctx, cell, block,
+                                     block /* dummy to avoid UB pointer arithmetic */,
+                                     plane->pitch, zoom_fac, 1, mode, delta,
+                                     swap_quads, &data_ptr, last_ptr);
         }
         break;
     default: