Skip to content

Commit c5911db

Browse files
ledogeledoge
authored
Fix rare out-of-bounds write in FLACCL
1 parent 238ebff commit c5911db

1 file changed

Lines changed: 14 additions & 3 deletions

File tree

CUETools.Codecs.FLACCL/flac.cl

Lines changed: 14 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2125,7 +2125,7 @@ void clRiceEncoding(
21252125
flush(&bw);
21262126
}
21272127
#else
2128-
__local uint data[GROUP_SIZE];
2128+
__local uint data[GROUP_SIZE*2];
21292129
__local volatile int mypos[GROUP_SIZE+1];
21302130
#if 0
21312131
__local int brp[256];
@@ -2148,6 +2148,7 @@ void clRiceEncoding(
21482148
brp[offs] = best_rice_parameters[(get_group_id(0) << max_porder) + offs];
21492149
#endif
21502150
data[tid] = 0;
2151+
data[tid + GROUP_SIZE] = 0;
21512152
barrier(CLK_LOCAL_MEM_FENCE);
21522153
const int bs = task.blocksize;
21532154
int start = task.encodingOffset;
@@ -2218,9 +2219,14 @@ void clRiceEncoding(
22182219
if (qpos1 && qval1) atomic_or(&data[qpos0 + 1], qval1);
22192220
}
22202221
barrier(CLK_LOCAL_MEM_FENCE);
2222+
remainder = data[start / 32 - start32];
22212223
if ((start32 + tid) * 32 <= start)
22222224
output[start32 + tid] = as_int(as_char4(data[tid]).wzyx);
2223-
remainder = data[start / 32 - start32];
2225+
if ((start32 + tid + GROUP_SIZE) * 32 <= start)
2226+
{
2227+
output[start32 + tid + GROUP_SIZE] = as_int(as_char4(data[tid + GROUP_SIZE]).wzyx);
2228+
data[tid + GROUP_SIZE] = 0;
2229+
}
22242230
}
22252231
if (pos < bs)
22262232
{
@@ -2279,9 +2285,14 @@ void clRiceEncoding(
22792285
if (qpos1 && qval1) atomic_or(&data[qpos0 + 1], qval1);
22802286
}
22812287
barrier(CLK_LOCAL_MEM_FENCE);
2288+
remainder = data[start / 32 - start32];
22822289
if ((start32 + tid) * 32 <= start)
22832290
output[start32 + tid] = as_int(as_char4(data[tid]).wzyx);
2284-
remainder = data[start / 32 - start32];
2291+
if ((start32 + tid + GROUP_SIZE) * 32 <= start)
2292+
{
2293+
output[start32 + tid + GROUP_SIZE] = as_int(as_char4(data[tid + GROUP_SIZE]).wzyx);
2294+
data[tid + GROUP_SIZE] = 0;
2295+
}
22852296
}
22862297
// if (tid == 0 && start != task.encodingOffset - task.headerLen + task.size)
22872298
//printf("size mismatch: %d != %d\n", start, task.encodingOffset - task.headerLen + task.size);

0 commit comments

Comments
 (0)