From patchwork Mon Mar 30 08:22:52 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jun Zhao X-Patchwork-Id: 18504 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id E24C144893D for ; Mon, 30 Mar 2020 11:31:37 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id CB23B68B6D8; Mon, 30 Mar 2020 11:31:37 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-qv1-f66.google.com (mail-qv1-f66.google.com [209.85.219.66]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 6F58868AF8D for ; Mon, 30 Mar 2020 11:31:31 +0300 (EEST) Received: by mail-qv1-f66.google.com with SMTP id bp12so4466073qvb.7 for ; Mon, 30 Mar 2020 01:31:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=uJ905Ny5ApPvE5YJjcZVO96TPNe/r2UYC/wXop7FkVw=; b=Lp7I8TF98v7nE9vlN7USmfye1EEeFdQc6nsY1GQt+lnQPbhRJqxO0N/ze9SSiBGYLN fntERazS1J8l1Htat7EeyJu92QwNSolvz48Ccf5jpNL3/HVNrrn709XirBhvDR6Tixct NqnR5QRrs3FW3IjOrvpS+1k0G5a0E934nCTUAOekz9MRJoKgCcimzXSyf+CYaAgnC6z9 DEbhwXiEEMIx/rZCPuLVKtUGhzxQvgx3woFgnFLRZPEMrnaQuCMJmUwiQ9kOdv9ckaKJ Q/faGg7iUdFkVxX6Hl6uIWMzt5DMw1UBJbQ/fSyRUx0qpGHDKZJfRSxEryZqwCKAh1Wc 9w9w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=uJ905Ny5ApPvE5YJjcZVO96TPNe/r2UYC/wXop7FkVw=; b=S6ctZZuI6qiFvA38kTwRJ0Fs5f2jMXzqejg3kG7PgBQrII0p0vJWte36AGlsOv9+lq irF49nujIsaTQkMX/QOqDBCdS7Y3TONTqrYAE7zvRcVMU4AuA11InuN22AC8LV93BqQ9 29L3CbyeJePs/aeYZmDthbc1soikrdhVC03bzkFshb9x9dJRawCyWJ8X97dB2BcSOKef PU9hjVYZNicsp8dN9zX5775lNbYbVOhM4xsJ0aK07NvIXftZ5aq8uMqFh5jIMhhw8fmB 4tCehWgVOt0fBS9VCCgOB2FVbh4hSGKkeSaA3NxK2RJbSpFvZzKA+/Z19UXDqFNy4kvV a6Vw== X-Gm-Message-State: ANhLgQ1pwbvlE4c2ALaXVtLI80o9RSjYXVyLZMI5S/ZSItNP2iJDCpws vDSpdrgUayLkMciv/XtaSVtehUmfLI4HVOqGNCg= X-Google-Smtp-Source: ADFU+vvtkp+wRsQlPpjZTljf+ZUS0tS8xQ8pCX6Ehz8E/mowX7VSKYGByy2RNzOW2sjhb0Mz6C0x0A== X-Received: by 2002:aa7:9f94:: with SMTP id z20mr11268477pfr.261.1585556606587; Mon, 30 Mar 2020 01:23:26 -0700 (PDT) Received: from localhost.localdomain ([49.51.162.193]) by smtp.gmail.com with ESMTPSA id w2sm3510261pff.195.2020.03.30.01.23.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 30 Mar 2020 01:23:25 -0700 (PDT) From: Jun Zhao To: ffmpeg-devel@ffmpeg.org Date: Mon, 30 Mar 2020 16:22:52 +0800 Message-Id: <1585556574-31762-2-git-send-email-mypopydev@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1585556574-31762-1-git-send-email-mypopydev@gmail.com> References: <1585556574-31762-1-git-send-email-mypopydev@gmail.com> Subject: [FFmpeg-devel] [PATCH V1 2/4] lavc/hevcdec: fix the HEVC decoder crash when memory over-read X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: qoroliang MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" From: qoroliang Fix an occasional crash for hevc decoder in ARM 64 platform, the root cause is the memory over read(read cross the memory boundary) in SAO NENO functions ff_hevc_sao_band_filter_neon_8 and ff_hevc_sao_edge_filter_neon_8. After this fix, the crash disapper in the massive Android phone test. Signed-off-by: qoroliang --- libavcodec/arm/hevcdsp_sao_neon.S | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/libavcodec/arm/hevcdsp_sao_neon.S b/libavcodec/arm/hevcdsp_sao_neon.S index 3471679..8fd9d1e 100644 --- a/libavcodec/arm/hevcdsp_sao_neon.S +++ b/libavcodec/arm/hevcdsp_sao_neon.S @@ -35,10 +35,10 @@ function ff_hevc_sao_band_filter_neon_8, export=1 vmov.u16 q15, #1 vmov.u8 q14, #32 0: pld [r1] - vld1.8 {d16}, [r1], r3 cmp r5, #4 beq 4f 8: subs r4, #1 + vld1.8 {d16}, [r1], r3 vshr.u8 d17, d16, #3 // index = [src>>3] vshll.u8 q9, d17, #1 // lowIndex = 2*index vadd.u16 q11, q9, q15 // highIndex = (2*index+1) << 8 @@ -54,7 +54,6 @@ function ff_hevc_sao_band_filter_neon_8, export=1 vaddw.u8 q13, q12, d16 vqmovun.s16 d8, q13 vst1.8 d8, [r0], r2 - vld1.8 {d16}, [r1], r3 bne 8b subs r5, #8 beq 99f @@ -65,6 +64,7 @@ function ff_hevc_sao_band_filter_neon_8, export=1 mov r1, r7 b 0b 4: subs r4, #1 + vld1.32 {d16[0]}, [r1], r3 vshr.u8 d17, d16, #3 // src>>3 vshll.u8 q9, d17, #1 // lowIndex = 2*index vadd.u16 q11, q9, q15 // highIndex = (2*index+1) << 8 @@ -80,7 +80,6 @@ function ff_hevc_sao_band_filter_neon_8, export=1 vaddw.u8 q13, q12, d16 vqmovun.s16 d14, q13 vst1.32 d14[0], [r0], r2 - vld1.32 {d16[0]}, [r1], r3 bne 4b b 99f 99: @@ -110,12 +109,12 @@ function ff_hevc_sao_edge_filter_neon_8, export=1 mov r11, r1 add r11, r9 // src[x + b_stride] pld [r1] - vld1.8 {d16}, [r1], r3 // src[x] 8x8bit - vld1.8 {d17}, [r10], r3 // src[x + a_stride] - vld1.8 {d18}, [r11], r3 // src[x + b_stride] cmp r5, #4 beq 4f 8: subs r4, #1 + vld1.8 {d16}, [r1], r3 // src[x] 8x8bit + vld1.8 {d17}, [r10], r3 // src[x + a_stride] + vld1.8 {d18}, [r11], r3 // src[x + b_stride] vcgt.u8 d8, d16, d17 vshr.u8 d9, d8, #7 vclt.u8 d8, d16, d17 @@ -136,9 +135,6 @@ function ff_hevc_sao_edge_filter_neon_8, export=1 vaddw.u8 q12, q11, d16 vqmovun.s16 d26, q12 vst1.8 d26, [r0], r2 - vld1.8 {d16}, [r1], r3 // src[x] 8x8bit - vld1.8 {d17}, [r10], r3 // src[x + a_stride] - vld1.8 {d18}, [r11], r3 // src[x + b_stride] bne 8b subs r5, #8 beq 99f @@ -149,6 +145,9 @@ function ff_hevc_sao_edge_filter_neon_8, export=1 mov r1, r7 b 0b 4: subs r4, #1 + vld1.32 {d16[0]}, [r1], r3 + vld1.32 {d17[0]}, [r10], r3 // src[x + a_stride] + vld1.32 {d18[0]}, [r11], r3 // src[x + b_stride] vcgt.u8 d8, d16, d17 vshr.u8 d9, d8, #7 vclt.u8 d8, d16, d17 @@ -169,9 +168,6 @@ function ff_hevc_sao_edge_filter_neon_8, export=1 vaddw.u8 q12, q11, d16 vqmovun.s16 d26, q12 vst1.32 d26[0], [r0], r2 - vld1.32 {d16[0]}, [r1], r3 - vld1.32 {d17[0]}, [r10], r3 // src[x + a_stride] - vld1.32 {d18[0]}, [r11], r3 // src[x + b_stride] bne 4b b 99f 99: