[MPlayer-users] SIGBUS due to alignment issue in SSE2 optimised code

[Reimar Döffinger]

On Sat, Jun 29, 2019 at 03:26:20PM +0200, Thomas Zander wrote:
> Hi,
>
> on FreeBSD mplayer crashes reproducibly under these circumstances:
> - 1080p content
> - PGS subtitle
> - SSE2 available; mplayer compiled with HAVE_SSE2
>
> SIGBUS occurs in sub/osd_template.c:152 because _mm_load_si128 receives
> srca which is not aligned on 16 bytes.
>
> Changing all _mm_load_si128 to _mm_loadu_si128 in this file works
> around the problem, but the better fix might be to ensure srca
> is 16 byte aligned, correct?

Yeah, I probably missed that code path.
Can you check if this patch fixes the crash?

--- a/sub/spudec.c
+++ b/sub/spudec.c
@@ -1374,7 +1374,7 @@ void spudec_set_hw_spu(void *this, const vo_functions_t *hw_spu)
 packet_t *spudec_packet_create(int x, int y, int w, int h)
 {
   packet_t *packet;
-  int stride = (w + 7) & ~7;
+  int stride = (w + 15) & ~15;
   if ((unsigned)w >= 0x8000 || (unsigned)h > 0x4000)
     return NULL;
   packet = calloc(1, sizeof(packet_t));


There is a bit of an issue in that the code uses plain malloc,
so might need also these changes in the same file, but not
sure if there might be another place that needs to be changed
in addition...

@@ -148,7 +148,7 @@ static packet_t *spudec_dequeue_packet(spudec_handle_t *this)

 static void spudec_free_packet(packet_t *packet)
 {
-  free(packet->packet);
+  av_freep(&packet->packet);
   free(packet);
 }

@@ -1386,7 +1386,7 @@ packet_t *spudec_packet_create(int x, int y, int w, int h)
   packet->start_row = y;
   packet->data_len = 2 * stride * h;
   if (packet->data_len) { // size 0 is a special "clear" packet
-    packet->packet = malloc(packet->data_len);
+    packet->packet = av_malloc(packet->data_len);
     if (!packet->packet) {
       free(packet);
       packet = NULL;