[FFmpeg-cvslog] cabac: add overread protection to BRANCHLESS_GET_CABAC().
Ronald S. Bultje
git at videolan.org
Thu Mar 29 04:32:35 CEST 2012
ffmpeg | branch: master | Ronald S. Bultje <rsbultje at gmail.com> | Sat Mar 17 09:09:41 2012 -0700| [a940198130de3ab0c50d832bf7a27a70cfed11cc] | committer: Ronald S. Bultje
cabac: add overread protection to BRANCHLESS_GET_CABAC().
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a940198130de3ab0c50d832bf7a27a70cfed11cc
---
libavcodec/x86/cabac.h | 15 ++++++++++-----
libavcodec/x86/h264_i386.h | 18 ++++++++++++------
2 files changed, 22 insertions(+), 11 deletions(-)
diff --git a/libavcodec/x86/cabac.h b/libavcodec/x86/cabac.h
index ca8a1d5..a6ec228 100644
--- a/libavcodec/x86/cabac.h
+++ b/libavcodec/x86/cabac.h
@@ -51,7 +51,7 @@
"xor "tmp" , "ret" \n\t"
#endif /* HAVE_FAST_CMOV */
-#define BRANCHLESS_GET_CABAC(ret, statep, low, lowword, range, tmp, tmpbyte, byte) \
+#define BRANCHLESS_GET_CABAC(ret, statep, low, lowword, range, tmp, tmpbyte, byte, end) \
"movzbl "statep" , "ret" \n\t"\
"mov "range" , "tmp" \n\t"\
"and $0xC0 , "range" \n\t"\
@@ -64,9 +64,12 @@
"shl %%cl , "low" \n\t"\
"mov "tmpbyte" , "statep" \n\t"\
"test "lowword" , "lowword" \n\t"\
- " jnz 1f \n\t"\
+ " jnz 2f \n\t"\
"mov "byte" , %%"REG_c" \n\t"\
+ "cmp "end" , %%"REG_c" \n\t"\
+ "jge 1f \n\t"\
"add"OPSIZE" $2 , "byte" \n\t"\
+ "1: \n\t"\
"movzwl (%%"REG_c") , "tmp" \n\t"\
"lea -1("low") , %%ecx \n\t"\
"xor "low" , %%ecx \n\t"\
@@ -79,7 +82,7 @@
"add $7 , %%ecx \n\t"\
"shl %%cl , "tmp" \n\t"\
"add "tmp" , "low" \n\t"\
- "1: \n\t"
+ "2: \n\t"
#if HAVE_7REGS && !defined(BROKEN_RELOCATIONS)
#define get_cabac_inline get_cabac_inline_x86
@@ -90,10 +93,12 @@ static av_always_inline int get_cabac_inline_x86(CABACContext *c,
__asm__ volatile(
BRANCHLESS_GET_CABAC("%0", "(%4)", "%1", "%w1",
- "%2", "%3", "%b3", "%a6(%5)")
+ "%2", "%3", "%b3",
+ "%a6(%5)", "%a7(%5)")
: "=&r"(bit), "+&r"(c->low), "+&r"(c->range), "=&q"(tmp)
: "r"(state), "r"(c),
- "i"(offsetof(CABACContext, bytestream))
+ "i"(offsetof(CABACContext, bytestream)),
+ "i"(offsetof(CABACContext, bytestream_end))
: "%"REG_c, "memory"
);
return bit & 1;
diff --git a/libavcodec/x86/h264_i386.h b/libavcodec/x86/h264_i386.h
index 31ddaf6..e849a3d 100644
--- a/libavcodec/x86/h264_i386.h
+++ b/libavcodec/x86/h264_i386.h
@@ -49,14 +49,16 @@ static int decode_significance_x86(CABACContext *c, int max_coeff,
"3: \n\t"
BRANCHLESS_GET_CABAC("%4", "(%1)", "%3", "%w3",
- "%5", "%k0", "%b0", "%a11(%6)")
+ "%5", "%k0", "%b0",
+ "%a11(%6)", "%a12(%6)")
"test $1, %4 \n\t"
" jz 4f \n\t"
"add %10, %1 \n\t"
BRANCHLESS_GET_CABAC("%4", "(%1)", "%3", "%w3",
- "%5", "%k0", "%b0", "%a11(%6)")
+ "%5", "%k0", "%b0",
+ "%a11(%6)", "%a12(%6)")
"sub %10, %1 \n\t"
"mov %2, %0 \n\t"
@@ -83,7 +85,8 @@ static int decode_significance_x86(CABACContext *c, int max_coeff,
: "=&q"(coeff_count), "+r"(significant_coeff_ctx_base), "+m"(index),
"+&r"(c->low), "=&r"(bit), "+&r"(c->range)
: "r"(c), "m"(minusstart), "m"(end), "m"(minusindex), "m"(last_off),
- "i"(offsetof(CABACContext, bytestream))
+ "i"(offsetof(CABACContext, bytestream)),
+ "i"(offsetof(CABACContext, bytestream_end))
: "%"REG_c, "memory"
);
return coeff_count;
@@ -106,7 +109,8 @@ static int decode_significance_8x8_x86(CABACContext *c,
"add %9, %6 \n\t"
BRANCHLESS_GET_CABAC("%4", "(%6)", "%3", "%w3",
- "%5", "%k0", "%b0", "%a12(%7)")
+ "%5", "%k0", "%b0",
+ "%a12(%7)", "%a13(%7)")
"mov %1, %k6 \n\t"
"test $1, %4 \n\t"
@@ -116,7 +120,8 @@ static int decode_significance_8x8_x86(CABACContext *c,
"add %11, %6 \n\t"
BRANCHLESS_GET_CABAC("%4", "(%6)", "%3", "%w3",
- "%5", "%k0", "%b0", "%a12(%7)")
+ "%5", "%k0", "%b0",
+ "%a12(%7)", "%a13(%7)")
"mov %2, %0 \n\t"
"mov %1, %k6 \n\t"
@@ -141,7 +146,8 @@ static int decode_significance_8x8_x86(CABACContext *c,
"=&r"(bit), "+&r"(c->range), "=&r"(state)
: "r"(c), "m"(minusindex), "m"(significant_coeff_ctx_base),
"m"(sig_off), "m"(last_coeff_ctx_base),
- "i"(offsetof(CABACContext, bytestream))
+ "i"(offsetof(CABACContext, bytestream)),
+ "i"(offsetof(CABACContext, bytestream_end))
: "%"REG_c, "memory"
);
return coeff_count;
More information about the ffmpeg-cvslog
mailing list