Changes between Version 1 and Version 2 of Ticket #1227, comment 8


Ignore:
Timestamp:
Sep 21, 2012, 10:26:44 AM (7 years ago)
Author:
cehoyos
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #1227, comment 8

    v1 v2  
    11After investigation, I found what the problem is: read memory outside of the bound of the array pointed to by register R1 in MACRO h264_chroma_mc8 or MACRO h264_chroma_mc4 in libavcodec/arm/h264dsp_neon.S (verion 0.8.10) or libavcodec/arm/h264cmc_neon.S(version 0.11.1). I fixed the bug by modifying those two macros. Here is updated macros in version 0.8.10:
    2 
     2{{{
    33/* chroma_mc8(uint8_t *dst, uint8_t *src, int stride, int h, int x, int y) */
    44        .macro  h264_chroma_mc8 type
     
    253253endfunc
    254254        .endm
    255 
     255}}}
    256256As shown in the code, register R1 points to ARRAY  src (type is uint_t*). The idea in the modification is to test if register R3 (ARGUMENT h in caller of C program) is less than or equal to zero before reading elements pointed to by registe R1. If it is, then skip reading and jump to the end of function.
    257257