From: Timo Rothenpieler <timo@rothenpieler.org>
To: ffmpeg-devel@ffmpeg.org
Cc: Timo Rothenpieler <timo@rothenpieler.org>
Subject: [FFmpeg-devel] [PATCH v2] avutil/mem: limit alignment to maximum simd align
Date: Sat, 13 Jan 2024 16:46:00 +0100
Message-ID: <20240113154600.23366-1-timo@rothenpieler.org> (raw)
In-Reply-To: <20240113005716.16018-1-timo@rothenpieler.org>
FFmpeg has instances of DECLARE_ALIGNED(32, ...) in a lot of structs,
which then end up heap-allocated.
By declaring any variable in a struct, or tree of structs, to be 32 byte
aligned, it allows the compiler to safely assume the entire struct
itself is also 32 byte aligned.
This might make the compiler emit code which straight up crashes or
misbehaves in other ways, and at least in one instances is now
documented to actually do (see ticket 10549 on trac).
The issue there is that an unrelated variable in SingleChannelElement is
declared to have an alignment of 32 bytes. So if the compiler does a copy
in decode_cpe() with avx instructions, but ffmpeg is built with
--disable-avx, this results in a crash, since the memory is only 16 byte
aligned.
Mind you, even if the compiler does not emit avx instructions, the code
is still invalid and could misbehave. It just happens not to. Declaring
any variable in a struct with a 32 byte alignment promises 32 byte
alignment of the whole struct to the compiler.
This patch limits the maximum alignment to the maximum possible simd
alignment according to configure.
While not perfect, it at the very least gets rid of a lot of UB, by
matching up the maximum DECLARE_ALIGNED value with the alignment of heap
allocations done by lavu.
---
libavutil/mem.c | 8 +++++++-
libavutil/mem_internal.h | 14 ++++++++------
2 files changed, 15 insertions(+), 7 deletions(-)
diff --git a/libavutil/mem.c b/libavutil/mem.c
index 36b8940a0c..b5bcaab164 100644
--- a/libavutil/mem.c
+++ b/libavutil/mem.c
@@ -62,7 +62,13 @@ void free(void *ptr);
#endif /* MALLOC_PREFIX */
-#define ALIGN (HAVE_AVX512 ? 64 : (HAVE_AVX ? 32 : 16))
+#if defined(_MSC_VER)
+/* MSVC does not support conditionally limiting alignment.
+ Set minimum value here to maximum used throughout the codebase. */
+#define ALIGN (HAVE_SIMD_ALIGN_64 ? 64 : 32)
+#else
+#define ALIGN (HAVE_SIMD_ALIGN_64 ? 64 : (HAVE_SIMD_ALIGN_32 ? 32 : 16))
+#endif
/* NOTE: if you want to override these functions with your own
* implementations (not recommended) you have to link libav* as
diff --git a/libavutil/mem_internal.h b/libavutil/mem_internal.h
index 2448c606f1..e2911b5610 100644
--- a/libavutil/mem_internal.h
+++ b/libavutil/mem_internal.h
@@ -75,18 +75,20 @@
* @param v Name of the variable
*/
+#define MAX_ALIGNMENT (HAVE_SIMD_ALIGN_64 ? 64 : (HAVE_SIMD_ALIGN_32 ? 32 : 16))
+
#if defined(__INTEL_COMPILER) && __INTEL_COMPILER < 1110 || defined(__SUNPRO_C)
- #define DECLARE_ALIGNED(n,t,v) t __attribute__ ((aligned (n))) v
- #define DECLARE_ASM_ALIGNED(n,t,v) t __attribute__ ((aligned (n))) v
- #define DECLARE_ASM_CONST(n,t,v) const t __attribute__ ((aligned (n))) v
+ #define DECLARE_ALIGNED(n,t,v) t __attribute__ ((aligned (FFMIN(n, MAX_ALIGNMENT)))) v
+ #define DECLARE_ASM_ALIGNED(n,t,v) t __attribute__ ((aligned (FFMIN(n, MAX_ALIGNMENT)))) v
+ #define DECLARE_ASM_CONST(n,t,v) const t __attribute__ ((aligned (FFMIN(n, MAX_ALIGNMENT)))) v
#elif defined(__DJGPP__)
#define DECLARE_ALIGNED(n,t,v) t __attribute__ ((aligned (FFMIN(n, 16)))) v
#define DECLARE_ASM_ALIGNED(n,t,v) t av_used __attribute__ ((aligned (FFMIN(n, 16)))) v
#define DECLARE_ASM_CONST(n,t,v) static const t av_used __attribute__ ((aligned (FFMIN(n, 16)))) v
#elif defined(__GNUC__) || defined(__clang__)
- #define DECLARE_ALIGNED(n,t,v) t __attribute__ ((aligned (n))) v
- #define DECLARE_ASM_ALIGNED(n,t,v) t av_used __attribute__ ((aligned (n))) v
- #define DECLARE_ASM_CONST(n,t,v) static const t av_used __attribute__ ((aligned (n))) v
+ #define DECLARE_ALIGNED(n,t,v) t __attribute__ ((aligned (FFMIN(n, MAX_ALIGNMENT)))) v
+ #define DECLARE_ASM_ALIGNED(n,t,v) t av_used __attribute__ ((aligned (FFMIN(n, MAX_ALIGNMENT)))) v
+ #define DECLARE_ASM_CONST(n,t,v) static const t av_used __attribute__ ((aligned (FFMIN(n, MAX_ALIGNMENT)))) v
#elif defined(_MSC_VER)
#define DECLARE_ALIGNED(n,t,v) __declspec(align(n)) t v
#define DECLARE_ASM_ALIGNED(n,t,v) __declspec(align(n)) t v
--
2.34.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
next prev parent reply other threads:[~2024-01-13 15:46 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-03 20:10 [FFmpeg-devel] [PATCH] avutil/mem: always align by at least 32 bytes Timo Rothenpieler
2023-12-06 12:27 ` Timo Rothenpieler
2023-12-06 12:31 ` James Almer
2023-12-06 12:56 ` Timo Rothenpieler
2023-12-06 12:50 ` Ronald S. Bultje
2023-12-06 12:54 ` James Almer
2023-12-06 13:25 ` Martin Storsjö
2023-12-06 13:27 ` Timo Rothenpieler
2023-12-06 13:29 ` Martin Storsjö
2023-12-08 0:15 ` Timo Rothenpieler
2023-12-08 5:57 ` Martin Storsjö
2023-12-08 10:01 ` Andreas Rheinhardt
2023-12-08 17:56 ` Timo Rothenpieler
2023-12-08 18:11 ` Nicolas George
2023-12-09 5:23 ` Andreas Rheinhardt
2024-01-12 23:10 ` Timo Rothenpieler
2024-01-13 0:57 ` [FFmpeg-devel] [PATCH] avutil/mem: limit alignment to maximum simg align Timo Rothenpieler
2024-01-13 1:00 ` Timo Rothenpieler
2024-01-13 15:24 ` Timo Rothenpieler
2024-01-13 15:46 ` Timo Rothenpieler [this message]
2024-02-09 19:22 ` [FFmpeg-devel] [PATCH v2] avutil/mem: limit alignment to maximum simd align Timo Rothenpieler
2024-02-11 14:05 ` Sam James
2024-02-11 14:22 ` Rémi Denis-Courmont
2024-02-11 15:47 ` Timo Rothenpieler
2024-02-11 14:00 ` Andreas Rheinhardt
2024-02-11 16:06 ` Timo Rothenpieler
2024-02-11 17:40 ` [FFmpeg-devel] [PATCH] " Timo Rothenpieler
2024-02-26 16:58 ` Timo Rothenpieler
2024-02-27 18:45 ` Timo Rothenpieler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240113154600.23366-1-timo@rothenpieler.org \
--to=timo@rothenpieler.org \
--cc=ffmpeg-devel@ffmpeg.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git