From f254f0f41bdf43b2ba25e886bd71bd49e29be35e Mon Sep 17 00:00:00 2001 From: "Xu, Zhengguo" Date: Mon, 4 Dec 2023 12:04:17 +0800 Subject: [PATCH] [Decode] Allocate the slice record buffer dynamically for each frame It should align the size of slice record buffer and number of slice to avoid memory access out of bound. Signed-off-by: Xu, Zhengguo --- .../common/codec/hal/codechal_decode_vc1.cpp | 36 +++++++++++++++++-- .../common/codec/hal/codechal_decode_vc1.h | 1 + .../agnostic/common/os/mos_utilities_next.cpp | 6 +++- 3 files changed, 39 insertions(+), 4 deletions(-) diff --git a/media_driver/agnostic/common/codec/hal/codechal_decode_vc1.cpp b/media_driver/agnostic/common/codec/hal/codechal_decode_vc1.cpp index c5f0a00e0c0..8ebfb0743f6 100644 --- a/media_driver/agnostic/common/codec/hal/codechal_decode_vc1.cpp +++ b/media_driver/agnostic/common/codec/hal/codechal_decode_vc1.cpp @@ -2918,9 +2918,6 @@ MOS_STATUS CodechalDecodeVc1::AllocateResources() m_vc1RefList, CODECHAL_NUM_UNCOMPRESSED_SURFACE_VC1)); - m_vldSliceRecord = - (PCODECHAL_VC1_VLD_SLICE_RECORD)MOS_AllocAndZeroMemory(m_picHeightInMb * sizeof(CODECHAL_VC1_VLD_SLICE_RECORD)); - // Second level batch buffer for IT mode if (m_mode == CODECHAL_DECODE_MODE_VC1IT) { @@ -3041,6 +3038,7 @@ CodechalDecodeVc1::~CodechalDecodeVc1() CodecHalFreeDataList(m_vc1RefList, CODECHAL_NUM_UNCOMPRESSED_SURFACE_VC1); MOS_FreeMemory(m_vldSliceRecord); + m_vldSliceRecord = nullptr; Mhw_FreeBb(m_osInterface, &m_itObjectBatchBuffer, nullptr); @@ -3122,6 +3120,38 @@ MOS_STATUS CodechalDecodeVc1::SetFrameStates() if (CodecHalIsDecodeModeVLD(m_mode)) { CODECHAL_DECODE_CHK_NULL_RETURN(m_vc1SliceParams); + + uint32_t numSliceRecord = 0; + bool invalidSliceNum = false; + + numSliceRecord = m_numMacroblocks; + if (m_numSlices > m_numMacroblocks) + { + numSliceRecord = m_numSlices; + invalidSliceNum = true; + } + + if (numSliceRecord > m_numVldSliceRecord || m_vldSliceRecord == nullptr) + { + MOS_SafeFreeMemory(m_vldSliceRecord); + m_vldSliceRecord = + (PCODECHAL_VC1_VLD_SLICE_RECORD)MOS_AllocAndZeroMemory(numSliceRecord * sizeof(CODECHAL_VC1_VLD_SLICE_RECORD)); + CODECHAL_DECODE_CHK_NULL_RETURN(m_vldSliceRecord); + m_numVldSliceRecord = numSliceRecord; + } + else + { + MOS_ZeroMemory(m_vldSliceRecord, m_numVldSliceRecord * sizeof(CODECHAL_VC1_VLD_SLICE_RECORD)); + } + + if (invalidSliceNum) + { + for (uint32_t i = 0; i < m_numVldSliceRecord; i++) + { + m_vldSliceRecord[i].dwSkip = true; + } + } + } else if (CodecHalIsDecodeModeIT(m_mode)) { diff --git a/media_driver/agnostic/common/codec/hal/codechal_decode_vc1.h b/media_driver/agnostic/common/codec/hal/codechal_decode_vc1.h index ad708038d26..363a532057e 100644 --- a/media_driver/agnostic/common/codec/hal/codechal_decode_vc1.h +++ b/media_driver/agnostic/common/codec/hal/codechal_decode_vc1.h @@ -742,6 +742,7 @@ class CodechalDecodeVc1 : public CodechalDecode MOS_RESOURCE m_resMfdDeblockingFilterRowStoreScratchBuffer; //!< Handle of MFD Deblocking Filter Row Store Scratch data surface MOS_RESOURCE m_resBsdMpcRowStoreScratchBuffer; //!< Handle of BSD/MPC Row Store Scratch data surface MOS_RESOURCE m_resVc1BsdMvData[CODECHAL_DECODE_VC1_DMV_MAX]; //!< Handle of VC1 BSD MV Data + uint32_t m_numVldSliceRecord = 0; PCODECHAL_VC1_VLD_SLICE_RECORD m_vldSliceRecord = nullptr; //!< [VLD mode] Slice record PCODEC_REF_LIST m_vc1RefList[CODECHAL_NUM_UNCOMPRESSED_SURFACE_VC1]; //!< VC1 Reference List MOS_RESOURCE m_resSyncObject; //!< Handle of Sync Object diff --git a/media_softlet/agnostic/common/os/mos_utilities_next.cpp b/media_softlet/agnostic/common/os/mos_utilities_next.cpp index ec780d9c713..6114fe5a12d 100644 --- a/media_softlet/agnostic/common/os/mos_utilities_next.cpp +++ b/media_softlet/agnostic/common/os/mos_utilities_next.cpp @@ -404,6 +404,10 @@ void MosUtilities::MosFreeMemory(void *ptr) MT_MEMORY_PTR, (int64_t)(ptr), functionName, filename, line); free(ptr); + /** + * Note: this is bug, ptr from outside will never be set to nullptr here; + * So, it must set the ptr to nullptr in caller function to avoid foating pointer. + */ ptr = nullptr; } } @@ -958,4 +962,4 @@ std::string PerfUtility::getDashString(uint32_t num) ss.fill('-'); ss << std::left << "" << std::endl; return ss.str(); -} \ No newline at end of file +}