1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-08 13:22:53 +02:00

vp4: prevent unaligned memory access in loop filter

VP4 applies a loop filter during motion compensation, causing the block offset
will often by unaligned. This produces a bus error on some platforms, namely
ARMv7 NEON.

This patch adds a unaligned version of the loop filter function pointer
to VP3DSPContext.

Reported-by: Mike Melanson <mike@multimedia.cx>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Peter Ross 2019-06-21 07:52:31 +10:00 committed by Michael Niedermayer
parent d3dee676b8
commit fd17218558
4 changed files with 14 additions and 6 deletions

View File

@ -2031,11 +2031,17 @@ static int vp4_mc_loop_filter(Vp3DecodeContext *s, int plane, int motion_x, int
plane_width, plane_width,
plane_height); plane_height);
#define safe_loop_filter(name, ptr, stride, bounding_values) \
if ((uintptr_t)(ptr) & 7) \
s->vp3dsp.name##_unaligned(ptr, stride, bounding_values); \
else \
s->vp3dsp.name(ptr, stride, bounding_values);
if (x_offset) if (x_offset)
s->vp3dsp.h_loop_filter(loop + loop_stride + x_offset + 1, loop_stride, bounding_values); safe_loop_filter(h_loop_filter, loop + loop_stride + x_offset + 1, loop_stride, bounding_values);
if (y_offset) if (y_offset)
s->vp3dsp.v_loop_filter(loop + (y_offset + 1)*loop_stride + 1, loop_stride, bounding_values); safe_loop_filter(v_loop_filter, loop + (y_offset + 1)*loop_stride + 1, loop_stride, bounding_values);
} }
for (i = 0; i < 9; i++) for (i = 0; i < 9; i++)

View File

@ -449,8 +449,8 @@ av_cold void ff_vp3dsp_init(VP3DSPContext *c, int flags)
c->idct_put = vp3_idct_put_c; c->idct_put = vp3_idct_put_c;
c->idct_add = vp3_idct_add_c; c->idct_add = vp3_idct_add_c;
c->idct_dc_add = vp3_idct_dc_add_c; c->idct_dc_add = vp3_idct_dc_add_c;
c->v_loop_filter = vp3_v_loop_filter_8_c; c->v_loop_filter = c->v_loop_filter_unaligned = vp3_v_loop_filter_8_c;
c->h_loop_filter = vp3_h_loop_filter_8_c; c->h_loop_filter = c->h_loop_filter_unaligned = vp3_h_loop_filter_8_c;
if (ARCH_ARM) if (ARCH_ARM)
ff_vp3dsp_init_arm(c, flags); ff_vp3dsp_init_arm(c, flags);

View File

@ -43,6 +43,8 @@ typedef struct VP3DSPContext {
void (*idct_dc_add)(uint8_t *dest, ptrdiff_t stride, int16_t *block); void (*idct_dc_add)(uint8_t *dest, ptrdiff_t stride, int16_t *block);
void (*v_loop_filter)(uint8_t *src, ptrdiff_t stride, int *bounding_values); void (*v_loop_filter)(uint8_t *src, ptrdiff_t stride, int *bounding_values);
void (*h_loop_filter)(uint8_t *src, ptrdiff_t stride, int *bounding_values); void (*h_loop_filter)(uint8_t *src, ptrdiff_t stride, int *bounding_values);
void (*v_loop_filter_unaligned)(uint8_t *src, ptrdiff_t stride, int *bounding_values);
void (*h_loop_filter_unaligned)(uint8_t *src, ptrdiff_t stride, int *bounding_values);
} VP3DSPContext; } VP3DSPContext;
void ff_vp3dsp_v_loop_filter_12(uint8_t *first_pixel, ptrdiff_t stride, int *bounding_values); void ff_vp3dsp_v_loop_filter_12(uint8_t *first_pixel, ptrdiff_t stride, int *bounding_values);

View File

@ -59,8 +59,8 @@ av_cold void ff_vp3dsp_init_x86(VP3DSPContext *c, int flags)
c->idct_dc_add = ff_vp3_idct_dc_add_mmxext; c->idct_dc_add = ff_vp3_idct_dc_add_mmxext;
if (!(flags & AV_CODEC_FLAG_BITEXACT)) { if (!(flags & AV_CODEC_FLAG_BITEXACT)) {
c->v_loop_filter = ff_vp3_v_loop_filter_mmxext; c->v_loop_filter = c->v_loop_filter_unaligned = ff_vp3_v_loop_filter_mmxext;
c->h_loop_filter = ff_vp3_h_loop_filter_mmxext; c->h_loop_filter = c->v_loop_filter_unaligned = ff_vp3_h_loop_filter_mmxext;
} }
} }