mirror of
https://github.com/nyanmisaka/ffmpeg-rockchip.git
synced 2025-10-25 01:41:31 +08:00
checkasm/hevc_pel: Fix stack buffer overreads
This patch increases several stack buffers in order to fix stack-buffer-overflows (e.g. in put_hevc_qpel_uni_hv_9 in line 814 of hevcdsp_template.c) detected with ASAN in the hevc_pel checkasm test. The buffers are increased by the minimal amount necessary in order not to mask potential future bugs. Reviewed-by: Martin Storsjö <martin@martin.st> Reviewed-by: "zhilizhao(赵志立)" <quinkblack@foxmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
This commit is contained in:
@@ -40,10 +40,12 @@ static const int offsets[] = {0, 255, -1 };
|
|||||||
do { \
|
do { \
|
||||||
uint32_t mask = pixel_mask[bit_depth - 8]; \
|
uint32_t mask = pixel_mask[bit_depth - 8]; \
|
||||||
int k; \
|
int k; \
|
||||||
for (k = 0; k < BUF_SIZE; k += 4) { \
|
for (k = 0; k < BUF_SIZE + SRC_EXTRA; k += 4) { \
|
||||||
uint32_t r = rnd() & mask; \
|
uint32_t r = rnd() & mask; \
|
||||||
AV_WN32A(buf0 + k, r); \
|
AV_WN32A(buf0 + k, r); \
|
||||||
AV_WN32A(buf1 + k, r); \
|
AV_WN32A(buf1 + k, r); \
|
||||||
|
if (k >= BUF_SIZE) \
|
||||||
|
continue; \
|
||||||
r = rnd(); \
|
r = rnd(); \
|
||||||
AV_WN32A(dst0 + k, r); \
|
AV_WN32A(dst0 + k, r); \
|
||||||
AV_WN32A(dst1 + k, r); \
|
AV_WN32A(dst1 + k, r); \
|
||||||
@@ -65,10 +67,13 @@ static const int offsets[] = {0, 255, -1 };
|
|||||||
#define src0 (buf0 + 2 * 4 * MAX_PB_SIZE) /* hevc qpel functions read data from negative src pointer offsets */
|
#define src0 (buf0 + 2 * 4 * MAX_PB_SIZE) /* hevc qpel functions read data from negative src pointer offsets */
|
||||||
#define src1 (buf1 + 2 * 4 * MAX_PB_SIZE)
|
#define src1 (buf1 + 2 * 4 * MAX_PB_SIZE)
|
||||||
|
|
||||||
|
/* FIXME: Does the need for SRC_EXTRA for these tests indicate a bug? */
|
||||||
|
#define SRC_EXTRA 8
|
||||||
|
|
||||||
static void checkasm_check_hevc_qpel(void)
|
static void checkasm_check_hevc_qpel(void)
|
||||||
{
|
{
|
||||||
LOCAL_ALIGNED_32(uint8_t, buf0, [BUF_SIZE]);
|
LOCAL_ALIGNED_32(uint8_t, buf0, [BUF_SIZE + SRC_EXTRA]);
|
||||||
LOCAL_ALIGNED_32(uint8_t, buf1, [BUF_SIZE]);
|
LOCAL_ALIGNED_32(uint8_t, buf1, [BUF_SIZE + SRC_EXTRA]);
|
||||||
LOCAL_ALIGNED_32(uint8_t, dst0, [BUF_SIZE]);
|
LOCAL_ALIGNED_32(uint8_t, dst0, [BUF_SIZE]);
|
||||||
LOCAL_ALIGNED_32(uint8_t, dst1, [BUF_SIZE]);
|
LOCAL_ALIGNED_32(uint8_t, dst1, [BUF_SIZE]);
|
||||||
|
|
||||||
@@ -111,8 +116,8 @@ static void checkasm_check_hevc_qpel(void)
|
|||||||
|
|
||||||
static void checkasm_check_hevc_qpel_uni(void)
|
static void checkasm_check_hevc_qpel_uni(void)
|
||||||
{
|
{
|
||||||
LOCAL_ALIGNED_32(uint8_t, buf0, [BUF_SIZE]);
|
LOCAL_ALIGNED_32(uint8_t, buf0, [BUF_SIZE + SRC_EXTRA]);
|
||||||
LOCAL_ALIGNED_32(uint8_t, buf1, [BUF_SIZE]);
|
LOCAL_ALIGNED_32(uint8_t, buf1, [BUF_SIZE + SRC_EXTRA]);
|
||||||
LOCAL_ALIGNED_32(uint8_t, dst0, [BUF_SIZE]);
|
LOCAL_ALIGNED_32(uint8_t, dst0, [BUF_SIZE]);
|
||||||
LOCAL_ALIGNED_32(uint8_t, dst1, [BUF_SIZE]);
|
LOCAL_ALIGNED_32(uint8_t, dst1, [BUF_SIZE]);
|
||||||
|
|
||||||
@@ -152,8 +157,8 @@ static void checkasm_check_hevc_qpel_uni(void)
|
|||||||
|
|
||||||
static void checkasm_check_hevc_qpel_uni_w(void)
|
static void checkasm_check_hevc_qpel_uni_w(void)
|
||||||
{
|
{
|
||||||
LOCAL_ALIGNED_32(uint8_t, buf0, [BUF_SIZE]);
|
LOCAL_ALIGNED_32(uint8_t, buf0, [BUF_SIZE + SRC_EXTRA]);
|
||||||
LOCAL_ALIGNED_32(uint8_t, buf1, [BUF_SIZE]);
|
LOCAL_ALIGNED_32(uint8_t, buf1, [BUF_SIZE + SRC_EXTRA]);
|
||||||
LOCAL_ALIGNED_32(uint8_t, dst0, [BUF_SIZE]);
|
LOCAL_ALIGNED_32(uint8_t, dst0, [BUF_SIZE]);
|
||||||
LOCAL_ALIGNED_32(uint8_t, dst1, [BUF_SIZE]);
|
LOCAL_ALIGNED_32(uint8_t, dst1, [BUF_SIZE]);
|
||||||
|
|
||||||
@@ -200,8 +205,8 @@ static void checkasm_check_hevc_qpel_uni_w(void)
|
|||||||
|
|
||||||
static void checkasm_check_hevc_qpel_bi(void)
|
static void checkasm_check_hevc_qpel_bi(void)
|
||||||
{
|
{
|
||||||
LOCAL_ALIGNED_32(uint8_t, buf0, [BUF_SIZE]);
|
LOCAL_ALIGNED_32(uint8_t, buf0, [BUF_SIZE + SRC_EXTRA]);
|
||||||
LOCAL_ALIGNED_32(uint8_t, buf1, [BUF_SIZE]);
|
LOCAL_ALIGNED_32(uint8_t, buf1, [BUF_SIZE + SRC_EXTRA]);
|
||||||
LOCAL_ALIGNED_32(uint8_t, dst0, [BUF_SIZE]);
|
LOCAL_ALIGNED_32(uint8_t, dst0, [BUF_SIZE]);
|
||||||
LOCAL_ALIGNED_32(uint8_t, dst1, [BUF_SIZE]);
|
LOCAL_ALIGNED_32(uint8_t, dst1, [BUF_SIZE]);
|
||||||
LOCAL_ALIGNED_32(int16_t, ref0, [BUF_SIZE]);
|
LOCAL_ALIGNED_32(int16_t, ref0, [BUF_SIZE]);
|
||||||
@@ -244,8 +249,8 @@ static void checkasm_check_hevc_qpel_bi(void)
|
|||||||
|
|
||||||
static void checkasm_check_hevc_qpel_bi_w(void)
|
static void checkasm_check_hevc_qpel_bi_w(void)
|
||||||
{
|
{
|
||||||
LOCAL_ALIGNED_32(uint8_t, buf0, [BUF_SIZE]);
|
LOCAL_ALIGNED_32(uint8_t, buf0, [BUF_SIZE + SRC_EXTRA]);
|
||||||
LOCAL_ALIGNED_32(uint8_t, buf1, [BUF_SIZE]);
|
LOCAL_ALIGNED_32(uint8_t, buf1, [BUF_SIZE + SRC_EXTRA]);
|
||||||
LOCAL_ALIGNED_32(uint8_t, dst0, [BUF_SIZE]);
|
LOCAL_ALIGNED_32(uint8_t, dst0, [BUF_SIZE]);
|
||||||
LOCAL_ALIGNED_32(uint8_t, dst1, [BUF_SIZE]);
|
LOCAL_ALIGNED_32(uint8_t, dst1, [BUF_SIZE]);
|
||||||
LOCAL_ALIGNED_32(int16_t, ref0, [BUF_SIZE]);
|
LOCAL_ALIGNED_32(int16_t, ref0, [BUF_SIZE]);
|
||||||
@@ -294,6 +299,9 @@ static void checkasm_check_hevc_qpel_bi_w(void)
|
|||||||
report("qpel_bi_w");
|
report("qpel_bi_w");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#undef SRC_EXTRA
|
||||||
|
#define SRC_EXTRA 0
|
||||||
|
|
||||||
static void checkasm_check_hevc_epel(void)
|
static void checkasm_check_hevc_epel(void)
|
||||||
{
|
{
|
||||||
LOCAL_ALIGNED_32(uint8_t, buf0, [BUF_SIZE]);
|
LOCAL_ALIGNED_32(uint8_t, buf0, [BUF_SIZE]);
|
||||||
|
Reference in New Issue
Block a user