On Thu, Jan 30, 2020 at 10:11:05PM +0100, Michael Niedermayer wrote: > On Thu, Jan 30, 2020 at 05:14:18PM -0300, James Almer wrote: > > On 1/29/2020 6:55 PM, Michael Niedermayer wrote: > > > Fixes: Segfault (not reproducable with asm, which made this hard to debug) > > > Fixes: decoding errors > > > Fixes: > > > 19854/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5729372837511168 > > > > > > Found-by: continuous fuzzing process > > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > > > --- > > > libavcodec/x86/diracdsp.asm | 3 ++- > > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > > > diff --git a/libavcodec/x86/diracdsp.asm b/libavcodec/x86/diracdsp.asm > > > index cc8a26fca5..a18bda113e 100644 > > > --- a/libavcodec/x86/diracdsp.asm > > > +++ b/libavcodec/x86/diracdsp.asm > > > @@ -294,8 +294,9 @@ cglobal dequant_subband_32, 7, 7, 4, src, dst, > > > stride, qf, qs, tot_v, tot_h > > > > > > add srcq, mmsize > > > add dstq, mmsize > > > - sub tot_hd, 4 > > > + sub tot_hq, 4 > > > > tot_h comes from stack, and on Windows x86_64 the higher 32 bits will be > > garbage. This should remain as tot_hd, so the sub instruction will > > implicitly clear said high bits (if the value could be negative, then > > you'd have to sign extend it instead). > > well for this to work we need the tot_h value (which is not a multiple of 4 > in the case of the bug) after the subtract to correct for that > non mod 4 == 0 case > > is this fix below ok ?
i succeded to reproduce this and the bugfix below on a netbsd VM, which unexpectedly seems to be affected by this too on mingw32/64 no issue is reproducable unless i hack the asm to make one which then gets fixed with the code. i dont want to leave the regression i caused in the tree and go to bed so i guess ill apply this. But this issue is cursed and my asm is a bit rusty so i have a bit an uneasy feeling. If this fix doesnt fix it for real, dont hesitate to revert it and the buggy fix before Thanks [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Any man who breaks a law that conscience tells him is unjust and willingly accepts the penalty by staying in jail in order to arouse the conscience of the community on the injustice of the law is at that moment expressing the very highest respect for law. - Martin Luther King Jr
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
