mirror of
https://git.ffmpeg.org/ffmpeg.git
synced 2025-01-05 06:40:03 +00:00
845e92fd6a
In ff_put_pixels_clamped_mmx(), there are two assembly code blocks. In the first block (in the unrolled loop), the instructions "movq 8%3, %%mm1 \n\t", and so forth, have problems. From above instruction, it is clear what the programmer wants: a load from p + 8. But this assembly code doesn’t guarantee that. It only works if the compiler puts p in a register to produce an instruction like this: "movq 8(%edi), %mm1". During compiler optimization, it is possible that the compiler will be able to constant propagate into p. Suppose p = &x[10000]. Then operand 3 can become 10000(%edi), where %edi holds &x. And the instruction becomes "movq 810000(%edx)". That is, it will stride by 810000 instead of 8. This will cause a segmentation fault. This error was fixed in the second block of the assembly code, but not in the unrolled loop. How to reproduce: This error is exposed when we build using Intel C++ Compiler, with IPO+PGO optimization enabled. Crashed when decoding an MJPEG video. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> |
||
---|---|---|
.. | ||
ac3dsp_mmx.c | ||
ac3dsp.asm | ||
cabac.h | ||
cavsdsp_mmx.c | ||
dct32_sse.asm | ||
deinterlace.asm | ||
dnxhd_mmx.c | ||
dsputil_mmx_avg_template.c | ||
dsputil_mmx_qns_template.c | ||
dsputil_mmx_rnd_template.c | ||
dsputil_mmx.c | ||
dsputil_mmx.h | ||
dsputil_yasm.asm | ||
dsputilenc_mmx.c | ||
dsputilenc_yasm.asm | ||
fdct_mmx.c | ||
fft_3dn2.c | ||
fft_3dn.c | ||
fft_mmx.asm | ||
fft.c | ||
fft.h | ||
fmtconvert_mmx.c | ||
fmtconvert.asm | ||
h264_chromamc_10bit.asm | ||
h264_chromamc.asm | ||
h264_deblock_10bit.asm | ||
h264_deblock.asm | ||
h264_i386.h | ||
h264_idct_10bit.asm | ||
h264_idct.asm | ||
h264_intrapred_10bit.asm | ||
h264_intrapred_init.c | ||
h264_intrapred.asm | ||
h264_qpel_10bit.asm | ||
h264_qpel_mmx.c | ||
h264_weight_10bit.asm | ||
h264_weight.asm | ||
h264dsp_mmx.c | ||
idct_mmx_xvid.c | ||
idct_mmx.c | ||
idct_sse2_xvid.c | ||
idct_xvid.h | ||
imdct36_sse.asm | ||
lpc_mmx.c | ||
Makefile | ||
mathops.h | ||
mlpdsp.c | ||
motion_est_mmx.c | ||
mpegaudiodec_mmx.c | ||
mpegvideo_mmx_template.c | ||
mpegvideo_mmx.c | ||
pngdsp-init.c | ||
pngdsp.asm | ||
proresdsp-init.c | ||
proresdsp.asm | ||
rv34dsp_init.c | ||
rv34dsp.asm | ||
rv40dsp_init.c | ||
rv40dsp.asm | ||
sbrdsp_init.c | ||
sbrdsp.asm | ||
simple_idct_mmx.c | ||
snowdsp_mmx.c | ||
vc1dsp_mmx.c | ||
vc1dsp_yasm.asm | ||
vp3dsp_init.c | ||
vp3dsp.asm | ||
vp8dsp-init.c | ||
vp8dsp.asm | ||
vp56_arith.h | ||
vp56dsp_init.c | ||
vp56dsp.asm | ||
w64xmmtest.c |