granicus.if.org Git - libvpx/commit

author	James Zern <jzern@google.com>
	Fri, 3 Mar 2023 20:56:29 +0000 (20:56 +0000)
committer	James Zern <jzern@google.com>
	Fri, 3 Mar 2023 21:24:02 +0000 (13:24 -0800)
commit	f5dfa780ce087af40b39a05b45c4798ad70b48c8
tree	a0e2fdea2d2a3a01eaf1714fec59c5c56b45d43d	tree \| snapshot
parent	394de691a0ef570fc49943f565ad53ee0d22a7f3	commit \| diff

disable vpx_get4x4sse_cs_neon

This function causes a heap overflow in the tests:
[ RUN      ] NEON/VpxSseTest.RefSse/0
=================================================================
==876922==ERROR: AddressSanitizer: heap-buffer-overflow on address
0xffff8949d903 at pc 0x000000dd95d4 bp 0xfffffdd7f260 sp 0xfffffdd7f258
READ of size 8 at 0xffff8949d903 thread T0
    #0 0xdd95d0 in vpx_get4x4sse_cs_neon
       vpx_dsp/arm/variance_neon.c:556:10
    #1 0x9d4894 in (anonymous namespace)::MainTestClass<unsigned int
       (*)(unsigned char const*, int, unsigned char const*,
           int)>::RefTestSse() test/variance_test.cc:531:5
    #2 0x9d4894 in (anonymous
       namespace)::VpxSseTest_RefSse_Test::TestBody()
           test/variance_test.cc:772:30
    ...

0xffff8949d903 is located 3 bytes to the right of 16-byte region
[0xffff8949d8f0,0xffff8949d900)
allocated by thread T0 here:
    #0 0x5fd050 in operator new[](unsigned long) (test_libvpx+0x5fd050)
    #1 0x9d3e04 in (anonymous namespace)::MainTestClass<unsigned int
       (*)(unsigned char const*, int, unsigned char const*,
           int)>::SetUp() test/variance_test.cc:299:12

Bug: webm:1794
Change-Id: I4bc681eb9a436743ef8bfe2a2abae59ce754309c

test/variance_test.cc		diff \| blob \| history
vpx_dsp/arm/variance_neon.c		diff \| blob \| history
vpx_dsp/vpx_dsp_rtcd_defs.pl		diff \| blob \| history