[Webkit-unassigned] [Bug 250477] REGRESSION(256018 at main): [WPE][GTK] Crash in WebCore::AVIFImageReader::parseHeader, deep in dav1d

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jan 11 15:23:32 PST 2023 

https://bugs.webkit.org/show_bug.cgi?id=250477

Michael Catanzaro <mcatanzaro at gnome.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mcatanzaro at gnome.org

--- Comment #1 from Michael Catanzaro <mcatanzaro at gnome.org> ---
Dump of assembler code for function dav1d_msac_decode_symbol_adapt16_avx2:
   0x00007f1160373360 <+0>:     lea    0x14acb9(%rip),%rax        # 0x7f11604be020
   0x00007f1160373367 <+7>:     vpbroadcastw 0x18(%rdi),%ymm2
   0x00007f116037336d <+13>:    vmovdqa (%rsi),%ymm0
   0x00007f1160373371 <+17>:    vpbroadcastw 0x16(%rdi),%ymm3
   0x00007f1160373377 <+23>:    vbroadcasti128 (%rax),%ymm4
   0x00007f116037337c <+28>:    mov    0x20(%rdi),%ecx
   0x00007f116037337f <+31>:    mov    %edx,%r8d
   0x00007f1160373382 <+34>:    not    %rdx
   0x00007f1160373385 <+37>:    vpsrlw $0x6,%ymm0,%ymm1
   0x00007f116037338a <+42>:    vmovd  %xmm2,-0x3c(%rsp)
   0x00007f1160373390 <+48>:    vpand  %ymm4,%ymm2,%ymm2
   0x00007f1160373394 <+52>:    vpsllw $0x7,%ymm1,%ymm1
   0x00007f1160373399 <+57>:    vpmulhuw %ymm2,%ymm1,%ymm1
   0x00007f116037339d <+61>:    vpaddw (%rax,%rdx,2),%ymm1,%ymm1
=> 0x00007f11603733a2 <+66>:    vmovdqa %ymm1,-0x38(%rsp)
   0x00007f11603733a8 <+72>:    vpmaxuw %ymm3,%ymm1,%ymm1
   0x00007f11603733ad <+77>:    vpcmpeqw %ymm3,%ymm1,%ymm1
   0x00007f11603733b1 <+81>:    vpmovmskb %ymm1,%eax
   0x00007f11603733b5 <+85>:    test   %ecx,%ecx
   0x00007f11603733b7 <+87>:    je     0x7f11603733ef <dav1d_msac_decode_symbol_adapt16_avx2.renorm>
   0x00007f11603733b9 <+89>:    movzwl (%rsi,%r8,2),%ecx
   0x00007f11603733be <+94>:    vpcmpeqw %ymm2,%ymm2,%ymm2
   0x00007f11603733c2 <+98>:    lea    0x50(%rcx),%edx
   0x00007f11603733c5 <+101>:   shr    $0x4,%edx
   0x00007f11603733c8 <+104>:   cmp    $0x20,%ecx
   0x00007f11603733cb <+107>:   adc    $0x0,%ecx
   0x00007f11603733ce <+110>:   vmovd  %edx,%xmm3
   0x00007f11603733d2 <+114>:   vpavgw %ymm1,%ymm2,%ymm2
   0x00007f11603733d6 <+118>:   vpsubw %ymm0,%ymm2,%ymm2
   0x00007f11603733da <+122>:   vpsubw %ymm1,%ymm0,%ymm0
   0x00007f11603733de <+126>:   vpsraw %xmm3,%ymm2,%ymm2
   0x00007f11603733e2 <+130>:   vpaddw %ymm2,%ymm0,%ymm0
   0x00007f11603733e6 <+134>:   vmovdqa %ymm0,(%rsi)
   0x00007f11603733ea <+138>:   mov    %cx,(%rsi,%r8,2)
End of assembler dump.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230111/be7811b5/attachment.htm>

More information about the webkit-unassigned mailing list