This integer overflow comes from the setup for distribution of work when multiple decoding threads are used.
See the linked article for details.
This bug is a duplicate of the repository state immediately before the fix to a bug disclosed by Google Project Zero last year. The intent is to observe whether or not competitors can find the same bug now.
See https://googleprojectzero.blogspot.com/2024/10/effective-fuzzing-dav1d-case-study.html and https://project-zero.issues.chromium.org/issues/42451651
dav1d is an extremely widely used decoding library that’s in just about everything- Chrome, iOS, Android…It’s the AV1 software decoder currently, its Rust rewrite notwithstanding. A potentially exploitable memory safety bug in it is dangerous to a great many people.