Issue 545 in webp: Possible pointer aliasing issue in ExpandColorMap causes unaligned movdqa operand and SIGSEGV
5 views
Skip to first unread message
mauri… via monorail
Nov 19, 2021, 9:30:06 PM11/19/21
to webp-d...@webmproject.org
Status: New
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 545 by mauri...@gmail.com: Possible pointer aliasing issue in ExpandColorMap causes unaligned movdqa operand and SIGSEGV
https://bugs.chromium.org/p/webp/issues/detail?id=545
Firefox 94 crashes inside vp8l_dec.c:ExpandColorMap, see Comments 9 and 10 at https://bugzilla.mozilla.org/show_bug.cgi?id=1741454#c10. This happens because LLVM 13's generated code for ExpandColorMap contains a movdqa instruction (see attached disassembly) whose operand is not necessarily 16-byte aligned. I guess pointer aliasing issues at [0] cause the compiler to assume new_color_map will be aligned?
[0] https://github.com/webmproject/libwebp/blob/36a6eea3bc2871c7f0166193a6fa42241af4a464/src/dec/vp8l_dec.c#L1276)
What version of the product are you using? On what operating system?
Firefox 94.0.1 on NixOS.
Attachments:
disassembly.txt 52.7 KB
--
You received this message because:
1. The project was configured to send all issue notifications to this address
You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 545 by mauri...@gmail.com: Possible pointer aliasing issue in ExpandColorMap causes unaligned movdqa operand and SIGSEGV
https://bugs.chromium.org/p/webp/issues/detail?id=545
Firefox 94 crashes inside vp8l_dec.c:ExpandColorMap, see Comments 9 and 10 at https://bugzilla.mozilla.org/show_bug.cgi?id=1741454#c10. This happens because LLVM 13's generated code for ExpandColorMap contains a movdqa instruction (see attached disassembly) whose operand is not necessarily 16-byte aligned. I guess pointer aliasing issues at [0] cause the compiler to assume new_color_map will be aligned?
[0] https://github.com/webmproject/libwebp/blob/36a6eea3bc2871c7f0166193a6fa42241af4a464/src/dec/vp8l_dec.c#L1276)
What version of the product are you using? On what operating system?
Firefox 94.0.1 on NixOS.
Attachments:
disassembly.txt 52.7 KB
--
You received this message because:
1. The project was configured to send all issue notifications to this address
You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings
mauri… via monorail
Nov 19, 2021, 9:35:27 PM11/19/21
to webp-d...@webmproject.org
Comment #1 on issue 545 by mauri...@gmail.com: Possible pointer aliasing issue in ExpandColorMap causes unaligned movdqa operand and SIGSEGV
https://bugs.chromium.org/p/webp/issues/detail?id=545#c1
Forgot to mention that Firefox 94 uses libwebp 1.2.1 (https://bugzilla.mozilla.org/show_bug.cgi?id=1729748).
mauri… via monorail
Nov 20, 2021, 2:49:50 PM11/20/21
to webp-d...@webmproject.org
Comment #2 on issue 545 by mauri...@gmail.com: Possible pointer aliasing issue in ExpandColorMap causes unaligned movdqa operand and SIGSEGV
https://bugs.chromium.org/p/webp/issues/detail?id=545#c2
In the Firefox bug, user "oxalica" figured out this is not an aliasing issue. You can see more details in the bug, but it's a mismatch between LLVM 13 malloc alignment assumptions and jemalloc's guarantees. Therefore, this is is not a libwebp bug and this issue can be closed.
pasca… via monorail
Nov 22, 2021, 3:53:10 AM11/22/21
to webp-d...@webmproject.org
Updates:
Status: Fixed
Comment #3 on issue 545 by pasca...@gmail.com: Possible pointer aliasing issue in ExpandColorMap causes unaligned movdqa operand and SIGSEGV
https://bugs.chromium.org/p/webp/issues/detail?id=545#c3
thanks for the update!
Status: Fixed
Comment #3 on issue 545 by pasca...@gmail.com: Possible pointer aliasing issue in ExpandColorMap causes unaligned movdqa operand and SIGSEGV
https://bugs.chromium.org/p/webp/issues/detail?id=545#c3
thanks for the update!
Reply all
Reply to author
Forward
0 new messages