From: James Zern Date: Fri, 3 Mar 2023 20:56:29 +0000 (+0000) Subject: disable vpx_get4x4sse_cs_neon X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f5dfa780ce087af40b39a05b45c4798ad70b48c8;p=libvpx disable vpx_get4x4sse_cs_neon This function causes a heap overflow in the tests: [ RUN ] NEON/VpxSseTest.RefSse/0 ================================================================= ==876922==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xffff8949d903 at pc 0x000000dd95d4 bp 0xfffffdd7f260 sp 0xfffffdd7f258 READ of size 8 at 0xffff8949d903 thread T0 #0 0xdd95d0 in vpx_get4x4sse_cs_neon vpx_dsp/arm/variance_neon.c:556:10 #1 0x9d4894 in (anonymous namespace)::MainTestClass::RefTestSse() test/variance_test.cc:531:5 #2 0x9d4894 in (anonymous namespace)::VpxSseTest_RefSse_Test::TestBody() test/variance_test.cc:772:30 ... 0xffff8949d903 is located 3 bytes to the right of 16-byte region [0xffff8949d8f0,0xffff8949d900) allocated by thread T0 here: #0 0x5fd050 in operator new[](unsigned long) (test_libvpx+0x5fd050) #1 0x9d3e04 in (anonymous namespace)::MainTestClass::SetUp() test/variance_test.cc:299:12 Bug: webm:1794 Change-Id: I4bc681eb9a436743ef8bfe2a2abae59ce754309c --- diff --git a/test/variance_test.cc b/test/variance_test.cc index 1359bc4ba..237d595bb 100644 --- a/test/variance_test.cc +++ b/test/variance_test.cc @@ -1446,9 +1446,12 @@ INSTANTIATE_TEST_SUITE_P( #endif // HAVE_AVX2 #if HAVE_NEON +// TODO(https://crbug.com/webm/1794): enable this after heap overflow is fixed. +#if 0 INSTANTIATE_TEST_SUITE_P(NEON, VpxSseTest, ::testing::Values(SseParams(2, 2, &vpx_get4x4sse_cs_neon))); +#endif INSTANTIATE_TEST_SUITE_P(NEON, VpxMseTest, ::testing::Values(MseParams(4, 4, &vpx_mse16x16_neon), diff --git a/vpx_dsp/arm/variance_neon.c b/vpx_dsp/arm/variance_neon.c index feff980c9..76c2a1586 100644 --- a/vpx_dsp/arm/variance_neon.c +++ b/vpx_dsp/arm/variance_neon.c @@ -433,6 +433,8 @@ static INLINE unsigned int vpx_mse16xh_neon(const unsigned char *src_ptr, return *sse; } +// TODO(https://crbug.com/webm/1794): enable this after heap overflow is fixed. +#if 0 unsigned int vpx_get4x4sse_cs_neon(const unsigned char *src_ptr, int src_stride, const unsigned char *ref_ptr, int ref_stride) { @@ -466,6 +468,7 @@ unsigned int vpx_get4x4sse_cs_neon(const unsigned char *src_ptr, int src_stride, return vget_lane_u32(sse, 0); } +#endif // 0 #else // !defined(__ARM_FEATURE_DOTPROD) @@ -532,6 +535,8 @@ static INLINE unsigned int vpx_mse16xh_neon(const unsigned char *src_ptr, return *sse; } +// TODO(https://crbug.com/webm/1794): enable this after heap overflow is fixed. +#if 0 unsigned int vpx_get4x4sse_cs_neon(const unsigned char *src_ptr, int src_stride, const unsigned char *ref_ptr, int ref_stride) { @@ -572,6 +577,7 @@ unsigned int vpx_get4x4sse_cs_neon(const unsigned char *src_ptr, int src_stride, return horizontal_add_uint32x4(vreinterpretq_u32_s32(sse)); } +#endif // 0 #endif // defined(__ARM_FEATURE_DOTPROD) diff --git a/vpx_dsp/vpx_dsp_rtcd_defs.pl b/vpx_dsp/vpx_dsp_rtcd_defs.pl index c50ab93c5..2301fbe32 100644 --- a/vpx_dsp/vpx_dsp_rtcd_defs.pl +++ b/vpx_dsp/vpx_dsp_rtcd_defs.pl @@ -1152,8 +1152,10 @@ add_proto qw/unsigned int vpx_mse8x8/, "const uint8_t *src_ptr, int src_stride, add_proto qw/unsigned int vpx_get_mb_ss/, "const int16_t *"; specialize qw/vpx_get_mb_ss sse2 msa vsx/; + # TODO(https://crbug.com/webm/1794): enable neon after heap overflow is + # fixed. add_proto qw/unsigned int vpx_get4x4sse_cs/, "const unsigned char *src_ptr, int src_stride, const unsigned char *ref_ptr, int ref_stride"; - specialize qw/vpx_get4x4sse_cs neon msa vsx/; + specialize qw/vpx_get4x4sse_cs msa vsx/; add_proto qw/void vpx_comp_avg_pred/, "uint8_t *comp_pred, const uint8_t *pred, int width, int height, const uint8_t *ref, int ref_stride"; specialize qw/vpx_comp_avg_pred neon sse2 vsx lsx/;