From patchwork Thu Jun 20 21:52:31 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Ross <pross@xvid.org>
X-Patchwork-Id: 13651
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
X-Original-To: patchwork@ffaux-bg.ffmpeg.org
Delivered-To: patchwork@ffaux-bg.ffmpeg.org
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by ffaux.localdomain (Postfix) with ESMTP id 34E4D4488CD
	for <patchwork@ffaux-bg.ffmpeg.org>;
	Fri, 21 Jun 2019 00:52:57 +0300 (EEST)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 107F068A702;
	Fri, 21 Jun 2019 00:52:57 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mx.sdf.org (mx.sdf.org [205.166.94.20])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id E28CA689998
	for <ffmpeg-devel@ffmpeg.org>; Fri, 21 Jun 2019 00:52:50 +0300 (EEST)
Received: from 902037a0ecf43865a2785e8179c466bf
	(pa49-199-220-149.pa.vic.optusnet.com.au [49.199.220.149])
	(authenticated (128 bits))
	by mx.sdf.org (8.15.2/8.14.5) with ESMTPSA id x5KLqaOG018206
	(using TLSv1.2 with cipher AES256-GCM-SHA384 (256 bits) verified NO)
	for <ffmpeg-devel@ffmpeg.org>; Thu, 20 Jun 2019 21:52:44 GMT
Date: Fri, 21 Jun 2019 07:52:31 +1000
From: Peter Ross <pross@xvid.org>
To: ffmpeg-devel@ffmpeg.org
Message-ID: 
 <b2f31e5ab70f7da8251768f1e851d19aa1eb6adf.1561067349.git.pross@xvid.org>
MIME-Version: 1.0
User-Agent: Mutt/1.10.1 (2018-07-13)
Subject: [FFmpeg-devel] [PATCH] vp4: prevent unaligned memory access in loop
	filter
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <http://ffmpeg.org/mailman/options/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <http://ffmpeg.org/pipermail/ffmpeg-devel/>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <http://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches
	<ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

VP4 applies a loop filter during motion compensation, causing the block offset
will often by unaligned. This produces a bus error on some platforms, namely
ARMv7 NEON.

This patch adds a unaligned version of the loop filter function pointer
to VP3DSPContext.

Reported-by: Mike Melanson <mike@multimedia.cx>
---
 libavcodec/vp3.c             | 10 ++++++++--
 libavcodec/vp3dsp.c          |  4 ++--
 libavcodec/vp3dsp.h          |  2 ++
 libavcodec/x86/vp3dsp_init.c |  4 ++--
 4 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c
index a6f759ebf5..822d95b4e9 100644
--- a/libavcodec/vp3.c
+++ b/libavcodec/vp3.c
@@ -2025,11 +2025,17 @@ static int vp4_mc_loop_filter(Vp3DecodeContext *s, int plane, int motion_x, int
              plane_width,
              plane_height);
 
+#define safe_loop_filter(name, ptr, stride, bounding_values) \
+    if ((uintptr_t)(ptr) & 7) \
+        s->vp3dsp.name##_unaligned(ptr, stride, bounding_values); \
+    else \
+        s->vp3dsp.name(ptr, stride, bounding_values);
+
         if (x_offset)
-            s->vp3dsp.h_loop_filter(loop + loop_stride + x_offset + 1, loop_stride, bounding_values);
+            safe_loop_filter(h_loop_filter, loop + loop_stride + x_offset + 1, loop_stride, bounding_values);
 
         if (y_offset)
-            s->vp3dsp.v_loop_filter(loop + (y_offset + 1)*loop_stride + 1, loop_stride, bounding_values);
+            safe_loop_filter(v_loop_filter, loop + (y_offset + 1)*loop_stride + 1, loop_stride, bounding_values);
     }
 
     for (i = 0; i < 9; i++)
diff --git a/libavcodec/vp3dsp.c b/libavcodec/vp3dsp.c
index ac4c57441c..f485fba1f6 100644
--- a/libavcodec/vp3dsp.c
+++ b/libavcodec/vp3dsp.c
@@ -449,8 +449,8 @@ av_cold void ff_vp3dsp_init(VP3DSPContext *c, int flags)
     c->idct_put      = vp3_idct_put_c;
     c->idct_add      = vp3_idct_add_c;
     c->idct_dc_add   = vp3_idct_dc_add_c;
-    c->v_loop_filter = vp3_v_loop_filter_8_c;
-    c->h_loop_filter = vp3_h_loop_filter_8_c;
+    c->v_loop_filter = c->v_loop_filter_unaligned = vp3_v_loop_filter_8_c;
+    c->h_loop_filter = c->h_loop_filter_unaligned = vp3_h_loop_filter_8_c;
 
     if (ARCH_ARM)
         ff_vp3dsp_init_arm(c, flags);
diff --git a/libavcodec/vp3dsp.h b/libavcodec/vp3dsp.h
index 32b2cad0ef..3b849ec05d 100644
--- a/libavcodec/vp3dsp.h
+++ b/libavcodec/vp3dsp.h
@@ -43,6 +43,8 @@ typedef struct VP3DSPContext {
     void (*idct_dc_add)(uint8_t *dest, ptrdiff_t stride, int16_t *block);
     void (*v_loop_filter)(uint8_t *src, ptrdiff_t stride, int *bounding_values);
     void (*h_loop_filter)(uint8_t *src, ptrdiff_t stride, int *bounding_values);
+    void (*v_loop_filter_unaligned)(uint8_t *src, ptrdiff_t stride, int *bounding_values);
+    void (*h_loop_filter_unaligned)(uint8_t *src, ptrdiff_t stride, int *bounding_values);
 } VP3DSPContext;
 
 void ff_vp3dsp_v_loop_filter_12(uint8_t *first_pixel, ptrdiff_t stride, int *bounding_values);
diff --git a/libavcodec/x86/vp3dsp_init.c b/libavcodec/x86/vp3dsp_init.c
index 1ba9576431..ba47e1c6cd 100644
--- a/libavcodec/x86/vp3dsp_init.c
+++ b/libavcodec/x86/vp3dsp_init.c
@@ -59,8 +59,8 @@ av_cold void ff_vp3dsp_init_x86(VP3DSPContext *c, int flags)
         c->idct_dc_add = ff_vp3_idct_dc_add_mmxext;
 
         if (!(flags & AV_CODEC_FLAG_BITEXACT)) {
-            c->v_loop_filter = ff_vp3_v_loop_filter_mmxext;
-            c->h_loop_filter = ff_vp3_h_loop_filter_mmxext;
+            c->v_loop_filter = c->v_loop_filter_unaligned = ff_vp3_v_loop_filter_mmxext;
+            c->h_loop_filter = c->v_loop_filter_unaligned = ff_vp3_h_loop_filter_mmxext;
         }
     }