Segfaults when compiling dav1d with Control-Flow-Integrity enabled.
I haven't determined if this is actually a bug in dav1d or if it's just some confusion by the CFI infrastructure. We see this when dav1d is enabled in Chrome.
$ CC=clang LDFLAGS="-fuse-ld=lld" CFLAGS="-flto=thin -fvisibility=hidden -fsanitize=cfi-vcall -fsanitize=cfi-derived-cast -fsanitize=cfi-unrelated-cast -fsanitize=cfi-icall" ~/Downloads/meson-0.49.1/meson.py --buildtype release build-cfi2
The Meson build system
Version: 0.49.1
Source dir: /d/code/dav1d
Build dir: /d/code/dav1d/build-cfi2
Build type: native build
Project name: dav1d
Project version: 0.1.1
Appending CFLAGS from environment: '-flto=thin -fvisibility=hidden -fsanitize=cfi-vcall -fsanitize=cfi-derived-cast -fsanitize=cfi-unrelated-cast -fsanitize=cfi-icall'
Appending LDFLAGS from environment: '-fuse-ld=lld'
Native C compiler: clang (clang 9.0.0 "clang version 9.0.0 (trunk 353069)")
Build machine cpu family: x86_64
Build machine cpu: x86_64
Dependency threads found: YES
Check usable header "stdatomic.h" : YES
Check usable header "unistd.h" : YES
Checking for function "getopt_long" : YES
Checking for function "posix_memalign" : YES
Compiler for C supports arguments -fvisibility=hidden: YES
Compiler for C supports arguments -Wundef: YES
Compiler for C supports arguments -Werror=vla: YES
Compiler for C supports arguments -Wno-maybe-uninitialized: NO
Compiler for C supports arguments -Wno-unused-parameter: YES
Compiler for C supports arguments -Werror=missing-prototypes: YES
Compiler for C supports arguments -fomit-frame-pointer: YES
Compiler for C supports arguments -ffast-math: YES
Compiler for C supports arguments -mpreferred-stack-boundary=5: NO
Compiler for C supports arguments -mstack-alignment=32: YES
Configuring config.h using configuration
Configuring config.asm using configuration
Program nasm found: YES (/usr/local/bin/nasm)
Program doxygen found: NO
Library m found: YES
Program objcopy found: YES (/usr/bin/objcopy)
Build targets in project: 11
Found ninja-1.8.2 at /d/code/chrome/depot_tools/ninja
$ ninja -C build-cfi2/ -j 2000
ninja: Entering directory `build-cfi2/'
[103/103] Linking target tools/dav1d.
$ ./build-cfi/tools/dav1d -i /var/www/oliver.ivf -o out.dec
dav1d 0.1.0-88-gcaca572 - by VideoLAN
Segmentation fault
GDP says it's segfaulting in ipred:
$ gdb --args ./build-cfi/tools/dav1d -i /var/www/oliver.ivf -o out.dec
GNU gdb (GDB) 8.2-gg6
(gdb) run
Starting program: /d/code/dav1d/build-cfi/tools/dav1d -i /var/www/oliver.ivf -o out.dec
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
dav1d 0.1.0-88-gcaca572 - by VideoLAN
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7eab458 in dav1d_ipred_z3_avx2.h32 () from /d/code/dav1d/build-cfi/tools/../src/libdav1d.so.0
(gdb) bt
#0 0x00007ffff7eab458 in dav1d_ipred_z3_avx2.h32 () from /d/code/dav1d/build-cfi/tools/../src/libdav1d.so.0
#1 0xfffbfffbfffbfffb in ?? ()
#2 0x00007ffff7470180 in ?? ()
#3 0x0000000000000008 in ?? ()
#4 0xd7d7000000000007 in ?? ()
#5 0x0000000000214cc0 in ?? ()
#6 0x0000000000000008 in ?? ()
#7 0x00007fffffffc870 in ?? ()
#8 0x00007ffff7f28e41 in dav1d_recon_b_intra_8bpc.cfi () from /d/code/dav1d/build-cfi/tools/../src/libdav1d.so.0
#9 0x00007ffff7ee778c in decode_b () from /d/code/dav1d/build-cfi/tools/../src/libdav1d.so.0
#10 0x00007ffff7edd78c in decode_sb () from /d/code/dav1d/build-cfi/tools/../src/libdav1d.so.0
#11 0x00007ffff7edd9be in decode_sb () from /d/code/dav1d/build-cfi/tools/../src/libdav1d.so.0
#12 0x00007ffff7edd9dd in decode_sb () from /d/code/dav1d/build-cfi/tools/../src/libdav1d.so.0
#13 0x00007ffff7edd3f6 in dav1d_decode_tile_sbrow () from /d/code/dav1d/build-cfi/tools/../src/libdav1d.so.0
#14 0x00007ffff7ee1402 in dav1d_decode_frame () from /d/code/dav1d/build-cfi/tools/../src/libdav1d.so.0
#15 0x00007ffff7ee3528 in dav1d_submit_frame () from /d/code/dav1d/build-cfi/tools/../src/libdav1d.so.0
#16 0x00007ffff7ecef36 in dav1d_parse_obus () from /d/code/dav1d/build-cfi/tools/../src/libdav1d.so.0
#17 0x00007ffff7f64ab8 in dav1d_get_picture () from /d/code/dav1d/build-cfi/tools/../src/libdav1d.so.0
#18 0x00000000002035ad in main ()
(gdb)