kc3-lang/SDL/src/render

Diff

• Show log

  Commit

• Hash : 36998b82
  Author :
  Date : 2017-07-20T10:48:57
  

  Fixed bug 3689 - MMX YUV renderer crash
  
  felix
  
  The functions in src/render/SDL_yuv_mmx.c contain the following inline assembly snippet:
  
          /* tap dance to workaround the inability to use %%ebx at will... */
          /*  move one thing to the stack... */
          "pushl $0\n"  /* save a slot on the stack. */
          "pushl %%ebx\n"  /* save %%ebx. */
          "movl %0, %%ebx\n"  /* put the thing in ebx. */
          "movl %%ebx,4(%%esp)\n"  /* put the thing in the stack slot. */
          "popl %%ebx\n"  /* get back %%ebx (the PIC register). */
  
  Here's how it ended up in a binary on my old laptop:
  
     0xb5c17dbd <ColorRGBDitherYV12MMX1X+93>:	push   $0x0
     0xb5c17dbf <ColorRGBDitherYV12MMX1X+95>:	push   %ebx
     0xb5c17dc0 <ColorRGBDitherYV12MMX1X+96>:	mov    0xc(%esp),%ebx
     0xb5c17dc4 <ColorRGBDitherYV12MMX1X+100>:	mov    %ebx,0x4(%esp)
     0xb5c17dc8 <ColorRGBDitherYV12MMX1X+104>:	pop    %ebx
  
  Apparently the compiler, oblivious to the fact that the assembly snippet manipulates the %esp register, decided to refer to the operand via that same register instead of via %ebp (I believe -fomit-frame-pointer enables this). This causes %ebx to be loaded with the wrong value, which later leads to a null pointer dereference.
  
  Recent GCC can use the %ebx register normally: <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=47602#c16>. There is even an explicit constraint "b" for allocating it.
  

• Files

• SDL_d3dmath.c
• SDL_d3dmath.h
• SDL_render.c
• SDL_sysrender.h
• SDL_yuv_mmx.c
• SDL_yuv_sw.c
• SDL_yuv_sw_c.h
• direct3d/
• direct3d11/
• mmx.h
• opengl/
• opengles/
• opengles2/
• psp/
• software/

• Properties

• Git HTTP	https://git.kmx.io/kc3-lang/SDL.git
  Git SSH	git@git.kmx.io:kc3-lang/SDL.git
  Public access ?	public
  Description	Fork of https://github.com/libsdl-org/SDL
  Users
  Tags