From: "Ronald S. Bultje" <rsbultje@gmail.com>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: Re: [FFmpeg-devel] [PATCH v2 1/3] avcodec/x86/vvc/vvc_alf: fix integer overflow
Date: Thu, 30 May 2024 16:49:00 -0400
Message-ID: <CAEEMt2k0iQK3=tNoCKM_ZSZR9S7ejxXuOraof48Kt6kSJR=TTw@mail.gmail.com> (raw)
In-Reply-To: <AS8P250MB0744BBDEFDD8D8958C63DFA38FF32@AS8P250MB0744.EURP250.PROD.OUTLOOK.COM>
Hi Andreas,
On Thu, May 30, 2024 at 2:33 PM Andreas Rheinhardt <
andreas.rheinhardt@outlook.com> wrote:
> toqsxw@outlook.com:
> > From: Wu Jianhua <toqsxw@outlook.com>
> >
> > Some tests fails with certain seeds
> >
> > tests/checkasm/checkasm 2325607578 --test=vvc_alf
> > checkasm: using random seed 2325607578
> > AVX2:
> > vvc_alf_filter_luma_120x20_12_avx2 (vvc_alf.c:104)
> > vvc_alf_filter_luma_120x24_12_avx2 (vvc_alf.c:104)
> > vvc_alf_filter_luma_120x28_12_avx2 (vvc_alf.c:104)
> > vvc_alf_filter_luma_120x32_12_avx2 (vvc_alf.c:104)
> > vvc_alf_filter_luma_120x36_12_avx2 (vvc_alf.c:104)
> > vvc_alf_filter_luma_120x40_12_avx2 (vvc_alf.c:104)
> > vvc_alf_filter_luma_120x44_12_avx2 (vvc_alf.c:104)
> > vvc_alf_filter_luma_120x48_12_avx2 (vvc_alf.c:104)
> > vvc_alf_filter_luma_120x52_12_avx2 (vvc_alf.c:104)
> > vvc_alf_filter_luma_120x56_12_avx2 (vvc_alf.c:104)
> > vvc_alf_filter_luma_120x60_12_avx2 (vvc_alf.c:104)
> > vvc_alf_filter_luma_120x64_12_avx2 (vvc_alf.c:104)
> > vvc_alf_filter_luma_120x68_12_avx2 (vvc_alf.c:104)
> > vvc_alf_filter_luma_120x72_12_avx2 (vvc_alf.c:104)
> > vvc_alf_filter_luma_120x76_12_avx2 (vvc_alf.c:104)
> > vvc_alf_filter_luma_120x80_12_avx2 (vvc_alf.c:104)
> > vvc_alf_filter_luma_120x84_12_avx2 (vvc_alf.c:104)
> > vvc_alf_filter_luma_120x88_12_avx2 (vvc_alf.c:104)
> > vvc_alf_filter_luma_120x92_12_avx2 (vvc_alf.c:104)
> > vvc_alf_filter_luma_120x96_12_avx2 (vvc_alf.c:104)
> > vvc_alf_filter_luma_120x100_12_avx2 (vvc_alf.c:104)
> > vvc_alf_filter_luma_120x104_12_avx2 (vvc_alf.c:104)
> > vvc_alf_filter_luma_120x108_12_avx2 (vvc_alf.c:104)
> > vvc_alf_filter_luma_120x112_12_avx2 (vvc_alf.c:104)
> > vvc_alf_filter_luma_120x116_12_avx2 (vvc_alf.c:104)
> > vvc_alf_filter_luma_120x120_12_avx2 (vvc_alf.c:104)
> > vvc_alf_filter_luma_120x124_12_avx2 (vvc_alf.c:104)
> > vvc_alf_filter_luma_120x128_12_avx2 (vvc_alf.c:104)
> > - vvc_alf.alf_filter [FAILED]
> > - vvc_alf.alf_classify [OK]
> > checkasm: 28 of 9216 tests have failed
> >
> > Reported-by: James Almer <jamrial@gmail.com>
> > Signed-off-by: Wu Jianhua <toqsxw@outlook.com>
> > ---
> > libavcodec/x86/vvc/vvc_alf.asm | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/libavcodec/x86/vvc/vvc_alf.asm
> b/libavcodec/x86/vvc/vvc_alf.asm
> > index 71e821c27b..f7b3e2a6cc 100644
> > --- a/libavcodec/x86/vvc/vvc_alf.asm
> > +++ b/libavcodec/x86/vvc/vvc_alf.asm
> > @@ -356,7 +356,8 @@ SECTION .text
> >
> > FILTER_VB xq
> >
> > - paddw m0, m2
> > + ; sum += curr
> > + paddsw m0, m2
> >
> > ; clip to pixel
> > CLIPW m0, m14, m15
>
> And can I get an answer to the question of whether the issue is present
> when used by the actual decoder and not only the checkasm test?
>
From my reading of the source code, this could happen in a crafted (e.g.
fuzzed) stream.
Ronald
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
next prev parent reply other threads:[~2024-05-30 20:49 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-30 16:28 toqsxw
2024-05-30 18:29 ` Ronald S. Bultje
2024-05-31 12:02 ` Nuo Mi
2024-05-30 18:33 ` Andreas Rheinhardt
2024-05-30 19:45 ` [FFmpeg-devel] 回复: " Wu Jianhua
2024-05-30 20:49 ` Ronald S. Bultje [this message]
2024-05-31 11:54 ` [FFmpeg-devel] " Nuo Mi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAEEMt2k0iQK3=tNoCKM_ZSZR9S7ejxXuOraof48Kt6kSJR=TTw@mail.gmail.com' \
--to=rsbultje@gmail.com \
--cc=ffmpeg-devel@ffmpeg.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git