I previously reported finding a bug in Pete Warden's Mixer plugin. As it turns out, this bug also occurs in three other Pete plugins: RadialBlur, SpiralBlur, and TimeBlur. The original bug report for PeteMixer is here.
PeteMixer, PeteRadialBlur, PeteSpiralBlur, and PeteTimeBlur all have the same bug: they use MMX movq (64-bit move) in situations where movd (32-bit move) was intended. In all cases the results are the same: the two bytes immediately following the end of the output buffer get trashed, AKA munged, hosed, stomped, toasted, vaporized, etc.
Since the output buffer is almost certainly on the heap, the consequences depend entirely on how the host uses the heap. This probably isn't deterministic, so depending on the circumstances the bug could cause strange and wonderful behavior, or crash the host, or have no effect all.
I searched the plugin sources for other instances of movq, and found no other instances except in a few support modules. I haven't had time to wade through those modules yet, but my guess is they won't have the bug, since they weren't cut from the same cloth, as it were. The support modules that use movq are:
BoxFilter
Radiant
ImageMath
I have built UNOFFICIAL patched versions of the buggy plugins. You can download the binaries here, and the patched source files are here. PeteMixer was patched previously, but I included it in the above downloads for completeness.
I diffed the code carefully, and found no differences between my versions and the original that aren't "good" differences. For testing, I ran the original and the patched plugin side-by-side in FFRend, sent their outputs into a mixer, and A/B'd them to ensure that their output was identical.
Here are the relevant MD5 checksums:
BUGGY VERSIONS:
PeteMixer BUGGY.dll 5d7f65d48627e065f218bab5ee1d42a4
PeteRadialBlur BUGGY.dll 04551870addf5b3c8c14740e1aa7d316
PeteSpiralBlur BUGGY.dll b1e66597fbebeac46e59a208fd893aba
PeteTimeBlur BUGGY.dll c636cb633bc404f050497c4369f70241
PATCHED VERSIONS:
PeteMixer.dll a4c78bfa1a34f895264c9e20e3c6b035
PeteRadialBlur.dll 93592d40a4c2b9470f601c0e20042c1b
PeteSpiralBlur.dll f2f9b4f8d0740d170f87b173d9b1f83f
PeteTimeBlur.dll 031cc8426accc21df0989b34fe884f69
Subscribe to:
Post Comments (Atom)
1 comment:
hi, good information for these plugins. I was searching for this problematic. I'm also using them, but i have the .aex native plugins and the radialblur which i use makes after effects crash. i tried the framehost with the .dll's but they don't have the transfer modes implemented. Any solution how i can get the radialblur.aex plugin to get work (patched) ?
Post a Comment