disable vpx_get4x4sse_cs_neon

This function causes a heap overflow in the tests:
[ RUN      ] NEON/VpxSseTest.RefSse/0
=================================================================
==876922==ERROR: AddressSanitizer: heap-buffer-overflow on address
0xffff8949d903 at pc 0x000000dd95d4 bp 0xfffffdd7f260 sp 0xfffffdd7f258
READ of size 8 at 0xffff8949d903 thread T0
    #0 0xdd95d0 in vpx_get4x4sse_cs_neon
       vpx_dsp/arm/variance_neon.c:556:10
    #1 0x9d4894 in (anonymous namespace)::MainTestClass<unsigned int
       (*)(unsigned char const*, int, unsigned char const*,
           int)>::RefTestSse() test/variance_test.cc:531:5
    #2 0x9d4894 in (anonymous
       namespace)::VpxSseTest_RefSse_Test::TestBody()
           test/variance_test.cc:772:30
    ...

0xffff8949d903 is located 3 bytes to the right of 16-byte region
[0xffff8949d8f0,0xffff8949d900)
allocated by thread T0 here:
    #0 0x5fd050 in operator new[](unsigned long) (test_libvpx+0x5fd050)
    #1 0x9d3e04 in (anonymous namespace)::MainTestClass<unsigned int
       (*)(unsigned char const*, int, unsigned char const*,
           int)>::SetUp() test/variance_test.cc:299:12

Bug: webm:1794
Change-Id: I4bc681eb9a436743ef8bfe2a2abae59ce754309c

diff --git a/test/variance_test.cc b/test/variance_test.cc
index 1359bc4baf5a406f6c5421bedeee85800a8222c1..237d595bb772cfe10c9c5ed0b7eac756eb387aa3 100644 (file)
--- a/test/variance_test.cc
+++ b/test/variance_test.cc
@@ -1446,9 +1446,12 @@ INSTANTIATE_TEST_SUITE_P(
 #endif  // HAVE_AVX2
 
 #if HAVE_NEON
+// TODO(https://crbug.com/webm/1794): enable this after heap overflow is fixed.
+#if 0
 INSTANTIATE_TEST_SUITE_P(NEON, VpxSseTest,
                          ::testing::Values(SseParams(2, 2,
                                                      &vpx_get4x4sse_cs_neon)));
+#endif
 
 INSTANTIATE_TEST_SUITE_P(NEON, VpxMseTest,
                          ::testing::Values(MseParams(4, 4, &vpx_mse16x16_neon),

diff --git a/vpx_dsp/arm/variance_neon.c b/vpx_dsp/arm/variance_neon.c
index feff980c93ee744a0a37f8826109de791d73f653..76c2a15863af959da045dd4a6c683c7eeee068cf 100644 (file)
--- a/vpx_dsp/arm/variance_neon.c
+++ b/vpx_dsp/arm/variance_neon.c
@@ -433,6 +433,8 @@ static INLINE unsigned int vpx_mse16xh_neon(const unsigned char *src_ptr,
   return *sse;
 }
 
+// TODO(https://crbug.com/webm/1794): enable this after heap overflow is fixed.
+#if 0
 unsigned int vpx_get4x4sse_cs_neon(const unsigned char *src_ptr, int src_stride,
                                    const unsigned char *ref_ptr,
                                    int ref_stride) {
@@ -466,6 +468,7 @@ unsigned int vpx_get4x4sse_cs_neon(const unsigned char *src_ptr, int src_stride,
 
   return vget_lane_u32(sse, 0);
 }
+#endif  // 0
 
 #else  // !defined(__ARM_FEATURE_DOTPROD)
 
@@ -532,6 +535,8 @@ static INLINE unsigned int vpx_mse16xh_neon(const unsigned char *src_ptr,
   return *sse;
 }
 
+// TODO(https://crbug.com/webm/1794): enable this after heap overflow is fixed.
+#if 0
 unsigned int vpx_get4x4sse_cs_neon(const unsigned char *src_ptr, int src_stride,
                                    const unsigned char *ref_ptr,
                                    int ref_stride) {
@@ -572,6 +577,7 @@ unsigned int vpx_get4x4sse_cs_neon(const unsigned char *src_ptr, int src_stride,
 
   return horizontal_add_uint32x4(vreinterpretq_u32_s32(sse));
 }
+#endif  // 0
 
 #endif  // defined(__ARM_FEATURE_DOTPROD)
 

diff --git a/vpx_dsp/vpx_dsp_rtcd_defs.pl b/vpx_dsp/vpx_dsp_rtcd_defs.pl
index c50ab93c5aef73fb592722f2959705dc7f107ba0..2301fbe328461dbc734bda51efcfdaf519b1fb46 100644 (file)
--- a/vpx_dsp/vpx_dsp_rtcd_defs.pl
+++ b/vpx_dsp/vpx_dsp_rtcd_defs.pl
@@ -1152,8 +1152,10 @@ add_proto qw/unsigned int vpx_mse8x8/, "const uint8_t *src_ptr, int src_stride,
 add_proto qw/unsigned int vpx_get_mb_ss/, "const int16_t *";
   specialize qw/vpx_get_mb_ss sse2 msa vsx/;
 
+  # TODO(https://crbug.com/webm/1794): enable neon after heap overflow is
+  # fixed.
 add_proto qw/unsigned int vpx_get4x4sse_cs/, "const unsigned char *src_ptr, int src_stride, const unsigned char *ref_ptr, int ref_stride";
-  specialize qw/vpx_get4x4sse_cs neon msa vsx/;
+  specialize qw/vpx_get4x4sse_cs msa vsx/;
 
 add_proto qw/void vpx_comp_avg_pred/, "uint8_t *comp_pred, const uint8_t *pred, int width, int height, const uint8_t *ref, int ref_stride";
   specialize qw/vpx_comp_avg_pred neon sse2 vsx lsx/;