From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 694E647612 for ; Sat, 13 Jan 2024 01:00:51 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 61B7968CE32; Sat, 13 Jan 2024 03:00:49 +0200 (EET) Received: from btbn.de (btbn.de [144.76.60.213]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 0924B68C867 for ; Sat, 13 Jan 2024 03:00:43 +0200 (EET) Received: from [authenticated] by btbn.de (Postfix) with ESMTPSA id D16B927FAA8DE for ; Sat, 13 Jan 2024 02:00:41 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rothenpieler.org; s=mail; t=1705107641; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=lCw5hqOExrjnbbzp9caxkwhdBFAHYcavW11nsoCbLv8=; b=nitN9KMTmKIZ8vFHp7j3DDxWo3YUs8NlRNxG65mxqyBji+0gKVHZJEQp72KnaaVav0KtiA awQeiR1bjaqohAhl0iOnNQsfL9gWXAPW9QsfHdJYtSLlvFVx4lPIkjgnxqqFlcwE9FSY7o c7WG9GHRYF1tf0egS5YuAFtcM9E5MS1JTxYyS4m3pcVUf+xpO/0AX390VjO+ZDmadJ6iCO hOtRsVVsUWFv80CGep9zQRvOY2y/EyROMPT9JM/c/IDfuyDUTKaZnbpXDrJsPSR1FEzPo7 /tCo8xzlmUUilfukyv2QHCP7rRJeS9Fy6su/OlYRnP+DtIcU+Z5/kgl8vsPRmA== Message-ID: Date: Sat, 13 Jan 2024 02:00:41 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US To: ffmpeg-devel@ffmpeg.org References: <9ecc9fe5-d75b-41f7-8476-2e69c58951fd@rothenpieler.org> <20240113005716.16018-1-timo@rothenpieler.org> From: Timo Rothenpieler In-Reply-To: <20240113005716.16018-1-timo@rothenpieler.org> Subject: Re: [FFmpeg-devel] [PATCH] avutil/mem: limit alignment to maximum simg align X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: On 13.01.2024 01:57, Timo Rothenpieler wrote: > FFmpeg has instances of DECLARE_ALIGNED(32, ...) in a lot of structs, > which then end up heap-allocated. > By declaring any variable in a struct, or tree of structs, to be 32 byte > aligned, it allows the compiler to safely assume the entire struct > itself is also 32 byte aligned. > > This might make the compiler emit code which straight up crashes or > misbehaves in other ways, and at least in one instances is now > documented to actually do (see ticket 10549 on trac). > The issue there is that an unrelated variable in SingleChannelElement is > declared to have an alignment of 32 bytes. So if the compiler does a copy > in decode_cpe() with avx instructions, but ffmpeg is built with > --disable-avx, this results in a crash, since the memory is only 16 byte > aligned. > > Mind you, even if the compiler does not emit avx instructions, the code > is still invalid and could misbehave. It just happens not to. Declaring > any variable in a struct with a 32 byte alignment promises 32 byte > alignment of the whole struct to the compiler. > > This patch limits the maximum alignment to the maximum possible simd > alignment according to configure. > While not perfect, it at the very least gets rid of a lot of UB, by > matching up the maximum DECLARE_ALIGNED value with the alignment of heap > allocations done by lavu. > --- > libavutil/mem.c | 2 +- > libavutil/mem_internal.h | 20 +++++++++++--------- > 2 files changed, 12 insertions(+), 10 deletions(-) > > diff --git a/libavutil/mem.c b/libavutil/mem.c > index 36b8940a0c..62163b4cb3 100644 > --- a/libavutil/mem.c > +++ b/libavutil/mem.c > @@ -62,7 +62,7 @@ void free(void *ptr); > > #endif /* MALLOC_PREFIX */ > > -#define ALIGN (HAVE_AVX512 ? 64 : (HAVE_AVX ? 32 : 16)) > +#define ALIGN (HAVE_SIMD_ALIGN_64 ? 64 : (HAVE_SIMD_ALIGN_32 ? 32 : 16)) > > /* NOTE: if you want to override these functions with your own > * implementations (not recommended) you have to link libav* as > diff --git a/libavutil/mem_internal.h b/libavutil/mem_internal.h > index 2448c606f1..ddd3c24806 100644 > --- a/libavutil/mem_internal.h > +++ b/libavutil/mem_internal.h > @@ -75,22 +75,24 @@ > * @param v Name of the variable > */ > > +#define MAX_ALIGNMENT (HAVE_SIMD_ALIGN_64 ? 64 : (HAVE_SIMD_ALIGN_32 ? 32 : 16)) The issue with this approach is that code that previously allowed the compiler to optimize it heavily will now only be optimized if ffmpeg was built without disabling avx. Probably a fair tradeoff though, since that's a very niche case. I also did not test this with MSVC or ICC, so I have no idea if they allow FFMIN in the middle of an alignment attribute. _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".