[FFmpeg-devel] [PATCH V1 2/4] lavc/hevcdec: fix the HEVC decoder crash when memory over-read
mypopy at gmail.com
mypopy at gmail.com
Sat Apr 11 16:54:49 EEST 2020
On Mon, Mar 30, 2020 at 4:52 PM mypopy at gmail.com <mypopy at gmail.com> wrote:
>
> On Mon, Mar 30, 2020 at 4:31 PM Jun Zhao <mypopydev at gmail.com> wrote:
> >
> > From: qoroliang <qoroliang at tencent.com>
> >
> > Fix an occasional crash for hevc decoder in ARM 64 platform, the
> typo: it's ARM 32 bits platform, not 64,
> fixed in local
> > root cause is the memory over read(read cross the memory boundary)
> > in SAO NENO functions ff_hevc_sao_band_filter_neon_8 and
> > ff_hevc_sao_edge_filter_neon_8.
> >
> > After this fix, the crash disapper in the massive Android phone
> > test.
> >
Ping, this issue will lead to some crash in ARM device, so pls help
to review the fix, thx.
> > Signed-off-by: qoroliang <qoroliang at tencent.com>
> > ---
> > libavcodec/arm/hevcdsp_sao_neon.S | 20 ++++++++------------
> > 1 file changed, 8 insertions(+), 12 deletions(-)
> >
> > diff --git a/libavcodec/arm/hevcdsp_sao_neon.S b/libavcodec/arm/hevcdsp_sao_neon.S
> > index 3471679..8fd9d1e 100644
> > --- a/libavcodec/arm/hevcdsp_sao_neon.S
> > +++ b/libavcodec/arm/hevcdsp_sao_neon.S
> > @@ -35,10 +35,10 @@ function ff_hevc_sao_band_filter_neon_8, export=1
> > vmov.u16 q15, #1
> > vmov.u8 q14, #32
> > 0: pld [r1]
> > - vld1.8 {d16}, [r1], r3
> > cmp r5, #4
> > beq 4f
> > 8: subs r4, #1
> > + vld1.8 {d16}, [r1], r3
> > vshr.u8 d17, d16, #3 // index = [src>>3]
> > vshll.u8 q9, d17, #1 // lowIndex = 2*index
> > vadd.u16 q11, q9, q15 // highIndex = (2*index+1) << 8
> > @@ -54,7 +54,6 @@ function ff_hevc_sao_band_filter_neon_8, export=1
> > vaddw.u8 q13, q12, d16
> > vqmovun.s16 d8, q13
> > vst1.8 d8, [r0], r2
> > - vld1.8 {d16}, [r1], r3
> > bne 8b
> > subs r5, #8
> > beq 99f
> > @@ -65,6 +64,7 @@ function ff_hevc_sao_band_filter_neon_8, export=1
> > mov r1, r7
> > b 0b
> > 4: subs r4, #1
> > + vld1.32 {d16[0]}, [r1], r3
> > vshr.u8 d17, d16, #3 // src>>3
> > vshll.u8 q9, d17, #1 // lowIndex = 2*index
> > vadd.u16 q11, q9, q15 // highIndex = (2*index+1) << 8
> > @@ -80,7 +80,6 @@ function ff_hevc_sao_band_filter_neon_8, export=1
> > vaddw.u8 q13, q12, d16
> > vqmovun.s16 d14, q13
> > vst1.32 d14[0], [r0], r2
> > - vld1.32 {d16[0]}, [r1], r3
> > bne 4b
> > b 99f
> > 99:
> > @@ -110,12 +109,12 @@ function ff_hevc_sao_edge_filter_neon_8, export=1
> > mov r11, r1
> > add r11, r9 // src[x + b_stride]
> > pld [r1]
> > - vld1.8 {d16}, [r1], r3 // src[x] 8x8bit
> > - vld1.8 {d17}, [r10], r3 // src[x + a_stride]
> > - vld1.8 {d18}, [r11], r3 // src[x + b_stride]
> > cmp r5, #4
> > beq 4f
> > 8: subs r4, #1
> > + vld1.8 {d16}, [r1], r3 // src[x] 8x8bit
> > + vld1.8 {d17}, [r10], r3 // src[x + a_stride]
> > + vld1.8 {d18}, [r11], r3 // src[x + b_stride]
> > vcgt.u8 d8, d16, d17
> > vshr.u8 d9, d8, #7
> > vclt.u8 d8, d16, d17
> > @@ -136,9 +135,6 @@ function ff_hevc_sao_edge_filter_neon_8, export=1
> > vaddw.u8 q12, q11, d16
> > vqmovun.s16 d26, q12
> > vst1.8 d26, [r0], r2
> > - vld1.8 {d16}, [r1], r3 // src[x] 8x8bit
> > - vld1.8 {d17}, [r10], r3 // src[x + a_stride]
> > - vld1.8 {d18}, [r11], r3 // src[x + b_stride]
> > bne 8b
> > subs r5, #8
> > beq 99f
> > @@ -149,6 +145,9 @@ function ff_hevc_sao_edge_filter_neon_8, export=1
> > mov r1, r7
> > b 0b
> > 4: subs r4, #1
> > + vld1.32 {d16[0]}, [r1], r3
> > + vld1.32 {d17[0]}, [r10], r3 // src[x + a_stride]
> > + vld1.32 {d18[0]}, [r11], r3 // src[x + b_stride]
> > vcgt.u8 d8, d16, d17
> > vshr.u8 d9, d8, #7
> > vclt.u8 d8, d16, d17
> > @@ -169,9 +168,6 @@ function ff_hevc_sao_edge_filter_neon_8, export=1
> > vaddw.u8 q12, q11, d16
> > vqmovun.s16 d26, q12
> > vst1.32 d26[0], [r0], r2
> > - vld1.32 {d16[0]}, [r1], r3
> > - vld1.32 {d17[0]}, [r10], r3 // src[x + a_stride]
> > - vld1.32 {d18[0]}, [r11], r3 // src[x + b_stride]
> > bne 4b
> > b 99f
> > 99:
> > --
> > 2.7.4
More information about the ffmpeg-devel
mailing list