mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-12-02 03:06:28 +02:00
845e92fd6a
In ff_put_pixels_clamped_mmx(), there are two assembly code blocks.
In the first block (in the unrolled loop), the instructions
"movq 8%3, %%mm1 \n\t", and so forth, have problems.
From above instruction, it is clear what the programmer wants: a load from
p + 8. But this assembly code doesn’t guarantee that. It only works if the
compiler puts p in a register to produce an instruction like this:
"movq 8(%edi), %mm1". During compiler optimization, it is possible that the
compiler will be able to constant propagate into p. Suppose p = &x[10000].
Then operand 3 can become 10000(%edi), where %edi holds &x. And the instruction
becomes "movq 810000(%edx)". That is, it will stride by 810000 instead of 8.
This will cause a segmentation fault.
This error was fixed in the second block of the assembly code, but not in
the unrolled loop.
How to reproduce:
This error is exposed when we build using Intel C++ Compiler, with
IPO+PGO optimization enabled. Crashed when decoding an MJPEG video.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
|
||
|---|---|---|
| .. | ||
| ac3dsp_mmx.c | ||
| ac3dsp.asm | ||
| cabac.h | ||
| cavsdsp_mmx.c | ||
| dct32_sse.asm | ||
| deinterlace.asm | ||
| dnxhd_mmx.c | ||
| dsputil_mmx_avg_template.c | ||
| dsputil_mmx_qns_template.c | ||
| dsputil_mmx_rnd_template.c | ||
| dsputil_mmx.c | ||
| dsputil_mmx.h | ||
| dsputil_yasm.asm | ||
| dsputilenc_mmx.c | ||
| dsputilenc_yasm.asm | ||
| fdct_mmx.c | ||
| fft_3dn2.c | ||
| fft_3dn.c | ||
| fft_mmx.asm | ||
| fft.c | ||
| fft.h | ||
| fmtconvert_mmx.c | ||
| fmtconvert.asm | ||
| h264_chromamc_10bit.asm | ||
| h264_chromamc.asm | ||
| h264_deblock_10bit.asm | ||
| h264_deblock.asm | ||
| h264_i386.h | ||
| h264_idct_10bit.asm | ||
| h264_idct.asm | ||
| h264_intrapred_10bit.asm | ||
| h264_intrapred_init.c | ||
| h264_intrapred.asm | ||
| h264_qpel_10bit.asm | ||
| h264_qpel_mmx.c | ||
| h264_weight_10bit.asm | ||
| h264_weight.asm | ||
| h264dsp_mmx.c | ||
| idct_mmx_xvid.c | ||
| idct_mmx.c | ||
| idct_sse2_xvid.c | ||
| idct_xvid.h | ||
| imdct36_sse.asm | ||
| lpc_mmx.c | ||
| Makefile | ||
| mathops.h | ||
| mlpdsp.c | ||
| motion_est_mmx.c | ||
| mpegaudiodec_mmx.c | ||
| mpegvideo_mmx_template.c | ||
| mpegvideo_mmx.c | ||
| pngdsp-init.c | ||
| pngdsp.asm | ||
| proresdsp-init.c | ||
| proresdsp.asm | ||
| rv34dsp_init.c | ||
| rv34dsp.asm | ||
| rv40dsp_init.c | ||
| rv40dsp.asm | ||
| sbrdsp_init.c | ||
| sbrdsp.asm | ||
| simple_idct_mmx.c | ||
| snowdsp_mmx.c | ||
| vc1dsp_mmx.c | ||
| vc1dsp_yasm.asm | ||
| vp3dsp_init.c | ||
| vp3dsp.asm | ||
| vp8dsp-init.c | ||
| vp8dsp.asm | ||
| vp56_arith.h | ||
| vp56dsp_init.c | ||
| vp56dsp.asm | ||
| w64xmmtest.c | ||