Hi Martin

On Mon, Mar 31, 2025 at 04:05:27PM +0300, Martin Storsjö wrote:
> On Sat, 29 Mar 2025, Michael Niedermayer wrote:
> 
> > On Wed, Mar 26, 2025 at 12:30:13PM +0200, Martin Storsjö wrote:
> > > This backports similar functionality from dav1d, from commits
> > > 35d1d011fda4a92bcaf42d30ed137583b27d7f6d and
> > > d130da9c315d5a1d3968d278bbee2238ad9051e7.
> > > 
> > > This allows detecting writes out of bounds, on all 4 sides of
> > > the intended destination rectangle.
> > > 
> > > The bounds checking also can optionally allow small overwrites
> > > (up to a specified alignment), while still checking for larger
> > > overwrites past the intended allowed region.
> > > ---
> > >  tests/checkasm/checkasm.c | 89 ++++++++++++++++++++++++++++++---------
> > >  tests/checkasm/checkasm.h | 55 ++++++++++++++++++++----
> > >  2 files changed, 116 insertions(+), 28 deletions(-)
> > > 
> > > diff --git a/tests/checkasm/checkasm.c b/tests/checkasm/checkasm.c
> > > index c6d641c52b..a5b862fe52 100644
> > > --- a/tests/checkasm/checkasm.c
> > > +++ b/tests/checkasm/checkasm.c
> > > @@ -1168,37 +1168,88 @@ void checkasm_report(const char *name, ...)
> > >      }
> > >  }
> > > 
> > > +static int check_err(const char *file, int line,
> > > +                     const char *name, int w, int h,
> > > +                     int *err)
> > > +{
> > > +    if (*err)
> > > +        return 0;
> > > +    if (!checkasm_fail_func("%s:%d", file, line))
> > > +        return 1;
> > > +    *err = 1;
> > > +    fprintf(stderr, "%s (%dx%d):\n", name, w, h);
> > > +    return 0;
> > > +}
> > > +
> > >  #define DEF_CHECKASM_CHECK_FUNC(type, fmt) \
> > >  int checkasm_check_##type(const char *file, int line, \
> > >                            const type *buf1, ptrdiff_t stride1, \
> > >                            const type *buf2, ptrdiff_t stride2, \
> > > -                          int w, int h, const char *name) \
> > > +                          int w, int h, const char *name, \
> > > +                          int align_w, int align_h, \
> > > +                          int padding) \
> > >  { \
> > 
> > > +    int aligned_w = (w + align_w - 1) & ~(align_w - 1); \
> > > +    int aligned_h = (h + align_h - 1) & ~(align_h - 1); \
> > 
> > this can overflow
> > feel free to fix in a seperate patch
> 
> Feel free to propose a patch for how you'd prefer to have it fixed then... I
> don't see this as a real world problem - w and h are bounded by the tests
> themselves, and likewise the alignments - I don't see us having tests using
> buffers with a width near INT32_MAX?

maybe but then
if we want our asm code to handle such extrem cases, something needs to
test it

ill send a patch based on this: (once your patches are in / minus in case
i forget)

int64_t aligned_w = (w - 1LL + align_w) & ~(align_w - 1); \
if (aligned_w != (int32_t)aligned_w)
    return AVERROR(EINVAL)

thx

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

While the State exists there can be no freedom; when there is freedom there
will be no State. -- Vladimir Lenin