disable vpx_highbd_*_sub_pixel_variance4x{4,8}_neon

vpx_highbd_8_sub_pixel_variance4x4_neon vpx_highbd_8_sub_pixel_variance4x8_neon vpx_highbd_10_sub_pixel_variance4x4_neon vpx_highbd_10_sub_pixel_variance4x8_neon vpx_highbd_12_sub_pixel_variance4x4_neon vpx_highbd_12_sub_pixel_variance4x8_neon all cause heap overflows of the form: [ RUN ] NEON/VpxHBDSubpelVarianceTest.Ref/24 ================================================================= ==450528==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xffff8311a571 at pc 0x0000010ca52c bp 0xffffc63e96b0 sp 0xffffc63e96a8 READ of size 8 at 0xffff8311a571 thread T0 #0 0x10ca528 in load_unaligned_u16q vpx_dsp/arm/mem_neon.h:176:3 #1 0x10ca528 in highbd_var_filter_block2d_bil_w4 vpx_dsp/arm/highbd_subpel_variance_neon.c:49:21 #2 0x10ca528 in vpx_highbd_10_sub_pixel_variance4x8_neon vpx_dsp/arm/highbd_subpel_variance_neon.c:257:1 ... 0xffff8311a571 is located 0 bytes to the right of 113-byte region [0xffff8311a500,0xffff8311a571) allocated by thread T0 here: #0 0x5f18b0 in malloc (test_libvpx+0x5f18b0) #1 0xce4f90 in vpx_memalign vpx_mem/vpx_mem.c:62:10 #2 0xce4f90 in vpx_malloc vpx_mem/vpx_mem.c:70:40 #3 0xa4ad44 in (anonymous namespace)::SubpelVarianceTest<unsigned int (*)(unsigned char const*, int, int, int, unsigned char const*, int, unsigned int*)>::SetUp() test/variance_test.cc:586:14 Bug: webm:1796 Change-Id: I39f7f936bae2bcbbe1f803fb10375ec02d1c1277
ShiftMediaProject · Mar 8, 2023 · e33d4c2 · e33d4c2
1 parent 0f17aa9
commit e33d4c2
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 16 deletions.
diff --git a/test/variance_test.cc b/test/variance_test.cc
@@ -1591,10 +1591,12 @@ INSTANTIATE_TEST_SUITE_P(
                              12),
         SubpelVarianceParams(3, 2, &vpx_highbd_12_sub_pixel_variance8x4_neon,
                              12),
+        /*TODO(https://crbug.com/webm/1796): enable after heap overflow is
+          fixed.
         SubpelVarianceParams(2, 3, &vpx_highbd_12_sub_pixel_variance4x8_neon,
                              12),
         SubpelVarianceParams(2, 2, &vpx_highbd_12_sub_pixel_variance4x4_neon,
-                             12),
+                             12),*/
         SubpelVarianceParams(6, 6, &vpx_highbd_10_sub_pixel_variance64x64_neon,
                              10),
         SubpelVarianceParams(6, 5, &vpx_highbd_10_sub_pixel_variance64x32_neon,
@@ -1617,10 +1619,12 @@ INSTANTIATE_TEST_SUITE_P(
                              10),
         SubpelVarianceParams(3, 2, &vpx_highbd_10_sub_pixel_variance8x4_neon,
                              10),
+        /*TODO(https://crbug.com/webm/1796): enable after heap overflow is
+          fixed.
         SubpelVarianceParams(2, 3, &vpx_highbd_10_sub_pixel_variance4x8_neon,
                              10),
         SubpelVarianceParams(2, 2, &vpx_highbd_10_sub_pixel_variance4x4_neon,
-                             10),
+                             10),*/
         SubpelVarianceParams(6, 6, &vpx_highbd_8_sub_pixel_variance64x64_neon,
                              8),
         SubpelVarianceParams(6, 5, &vpx_highbd_8_sub_pixel_variance64x32_neon,
@@ -1640,10 +1644,12 @@ INSTANTIATE_TEST_SUITE_P(
         SubpelVarianceParams(3, 4, &vpx_highbd_8_sub_pixel_variance8x16_neon,
                              8),
         SubpelVarianceParams(3, 3, &vpx_highbd_8_sub_pixel_variance8x8_neon, 8),
-        SubpelVarianceParams(3, 2, &vpx_highbd_8_sub_pixel_variance8x4_neon, 8),
+        SubpelVarianceParams(3, 2, &vpx_highbd_8_sub_pixel_variance8x4_neon, 8)
+        /*TODO(https://crbug.com/webm/1796): enable after heap overflow is
+          fixed.
         SubpelVarianceParams(2, 3, &vpx_highbd_8_sub_pixel_variance4x8_neon, 8),
         SubpelVarianceParams(2, 2, &vpx_highbd_8_sub_pixel_variance4x4_neon,
-                             8)));
+                             8)*/));
 
 INSTANTIATE_TEST_SUITE_P(
     NEON, VpxHBDSubpelAvgVarianceTest,

diff --git a/vpx_dsp/arm/highbd_subpel_variance_neon.c b/vpx_dsp/arm/highbd_subpel_variance_neon.c
@@ -234,8 +234,9 @@ static void highbd_var_filter_block2d_avg(const uint16_t *src_ptr,
 // padding.
 
 // 8-bit
-HBD_SUBPEL_VARIANCE_WXH_NEON(8, 4, 4, 2)
-HBD_SUBPEL_VARIANCE_WXH_NEON(8, 4, 8, 2)
+// TODO(https://crbug.com/webm/1796): enable after heap overflow is fixed.
+// HBD_SUBPEL_VARIANCE_WXH_NEON(8, 4, 4, 2)
+// HBD_SUBPEL_VARIANCE_WXH_NEON(8, 4, 8, 2)
 
 HBD_SUBPEL_VARIANCE_WXH_NEON(8, 8, 4, 1)
 HBD_SUBPEL_VARIANCE_WXH_NEON(8, 8, 8, 1)
@@ -253,8 +254,9 @@ HBD_SPECIALIZED_SUBPEL_VARIANCE_WXH_NEON(8, 64, 32, 1)
 HBD_SPECIALIZED_SUBPEL_VARIANCE_WXH_NEON(8, 64, 64, 1)
 
 // 10-bit
-HBD_SUBPEL_VARIANCE_WXH_NEON(10, 4, 4, 2)
-HBD_SUBPEL_VARIANCE_WXH_NEON(10, 4, 8, 2)
+// TODO(https://crbug.com/webm/1796): enable after heap overflow is fixed.
+// HBD_SUBPEL_VARIANCE_WXH_NEON(10, 4, 4, 2)
+// HBD_SUBPEL_VARIANCE_WXH_NEON(10, 4, 8, 2)
 
 HBD_SUBPEL_VARIANCE_WXH_NEON(10, 8, 4, 1)
 HBD_SUBPEL_VARIANCE_WXH_NEON(10, 8, 8, 1)
@@ -272,8 +274,9 @@ HBD_SPECIALIZED_SUBPEL_VARIANCE_WXH_NEON(10, 64, 32, 1)
 HBD_SPECIALIZED_SUBPEL_VARIANCE_WXH_NEON(10, 64, 64, 1)
 
 // 12-bit
-HBD_SUBPEL_VARIANCE_WXH_NEON(12, 4, 4, 2)
-HBD_SUBPEL_VARIANCE_WXH_NEON(12, 4, 8, 2)
+// TODO(https://crbug.com/webm/1796): enable after heap overflow is fixed.
+// HBD_SUBPEL_VARIANCE_WXH_NEON(12, 4, 4, 2)
+// HBD_SUBPEL_VARIANCE_WXH_NEON(12, 4, 8, 2)
 
 HBD_SUBPEL_VARIANCE_WXH_NEON(12, 8, 4, 1)
 HBD_SUBPEL_VARIANCE_WXH_NEON(12, 8, 8, 1)

diff --git a/vpx_dsp/vpx_dsp_rtcd_defs.pl b/vpx_dsp/vpx_dsp_rtcd_defs.pl
@@ -1443,9 +1443,13 @@ ()
   specialize qw/vpx_highbd_12_sub_pixel_variance8x4 sse2 neon/;
 
   add_proto qw/uint32_t vpx_highbd_12_sub_pixel_variance4x8/, "const uint8_t *src_ptr, int src_stride, int x_offset, int y_offset, const uint8_t *ref_ptr, int ref_stride, uint32_t *sse";
-  specialize qw/vpx_highbd_12_sub_pixel_variance4x8 neon/;
+  # TODO(https://crbug.com/webm/1796): enable neon after heap overflow is
+  # fixed.
+  # specialize qw/vpx_highbd_12_sub_pixel_variance4x8 neon/;
   add_proto qw/uint32_t vpx_highbd_12_sub_pixel_variance4x4/, "const uint8_t *src_ptr, int src_stride, int x_offset, int y_offset, const uint8_t *ref_ptr, int ref_stride, uint32_t *sse";
-  specialize qw/vpx_highbd_12_sub_pixel_variance4x4 neon/;
+  # TODO(https://crbug.com/webm/1796): enable neon after heap overflow is
+  # fixed.
+  # specialize qw/vpx_highbd_12_sub_pixel_variance4x4 neon/;
 
   add_proto qw/uint32_t vpx_highbd_10_sub_pixel_variance64x64/, "const uint8_t *src_ptr, int src_stride, int x_offset, int y_offset, const uint8_t *ref_ptr, int ref_stride, uint32_t *sse";
   specialize qw/vpx_highbd_10_sub_pixel_variance64x64 sse2 neon/;
@@ -1481,9 +1485,13 @@ ()
   specialize qw/vpx_highbd_10_sub_pixel_variance8x4 sse2 neon/;
 
   add_proto qw/uint32_t vpx_highbd_10_sub_pixel_variance4x8/, "const uint8_t *src_ptr, int src_stride, int x_offset, int y_offset, const uint8_t *ref_ptr, int ref_stride, uint32_t *sse";
-  specialize qw/vpx_highbd_10_sub_pixel_variance4x8 neon/;
+  # TODO(https://crbug.com/webm/1796): enable neon after heap overflow is
+  # fixed.
+  # specialize qw/vpx_highbd_10_sub_pixel_variance4x8 neon/;
   add_proto qw/uint32_t vpx_highbd_10_sub_pixel_variance4x4/, "const uint8_t *src_ptr, int src_stride, int x_offset, int y_offset, const uint8_t *ref_ptr, int ref_stride, uint32_t *sse";
-  specialize qw/vpx_highbd_10_sub_pixel_variance4x4 neon/;
+  # TODO(https://crbug.com/webm/1796): enable neon after heap overflow is
+  # fixed.
+  # specialize qw/vpx_highbd_10_sub_pixel_variance4x4 neon/;
 
   add_proto qw/uint32_t vpx_highbd_8_sub_pixel_variance64x64/, "const uint8_t *src_ptr, int src_stride, int x_offset, int y_offset, const uint8_t *ref_ptr, int ref_stride, uint32_t *sse";
   specialize qw/vpx_highbd_8_sub_pixel_variance64x64 sse2 neon/;
@@ -1519,9 +1527,13 @@ ()
   specialize qw/vpx_highbd_8_sub_pixel_variance8x4 sse2 neon/;
 
   add_proto qw/uint32_t vpx_highbd_8_sub_pixel_variance4x8/, "const uint8_t *src_ptr, int src_stride, int x_offset, int y_offset, const uint8_t *ref_ptr, int ref_stride, uint32_t *sse";
-  specialize qw/vpx_highbd_8_sub_pixel_variance4x8 neon/;
+  # TODO(https://crbug.com/webm/1796): enable neon after heap overflow is
+  # fixed.
+  # specialize qw/vpx_highbd_8_sub_pixel_variance4x8 neon/;
   add_proto qw/uint32_t vpx_highbd_8_sub_pixel_variance4x4/, "const uint8_t *src_ptr, int src_stride, int x_offset, int y_offset, const uint8_t *ref_ptr, int ref_stride, uint32_t *sse";
-  specialize qw/vpx_highbd_8_sub_pixel_variance4x4 neon/;
+  # TODO(https://crbug.com/webm/1796): enable neon after heap overflow is
+  # fixed.
+  # specialize qw/vpx_highbd_8_sub_pixel_variance4x4 neon/;
 
   add_proto qw/uint32_t vpx_highbd_12_sub_pixel_avg_variance64x64/, "const uint8_t *src_ptr, int src_stride, int x_offset, int y_offset, const uint8_t *ref_ptr, int ref_stride, uint32_t *sse, const uint8_t *second_pred";
   specialize qw/vpx_highbd_12_sub_pixel_avg_variance64x64 sse2 neon/;