USAN: applying non-zero offset to null pointer in EVS TCX decoding with frameloss
Basic info
- Commit SHA: 1df9e4c3
Bug description
Clang USAN sanitizer test in pipeline found an error:
lib_dec/dec_tcx.c:753:16: runtime error: applying non-zero offset 4 to null pointer
SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-nonzero-offset lib_dec/dec_tcx.c:753:16 in
lib_dec/dec_LPD.c:608:25: runtime error: applying zero offset to null pointer
SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset lib_dec/dec_LPD.c:608:25 in For the first one, this is the line of code that is reported:
prm_ltp = &prm[1 + NOISE_FILL_RANGES];The error is detected in frame 13 which is a lost frame (st->bfi = 1). prm seems to be NULL in this case. In practice, this should not be a problem as no parameters are read from a bitstream for st->bfi == 1. So this could probably be safely ignored. A fix would add ifs around the assignment and all subsequent assignments from prm or prm_ltp or other variables that get assigned from them - those are quite a lot, so would clutter the code a bit.
For the second one:
prm = param + ( k * DEC_NPRM_DIV );Same thing happening, this time in frame 1106. Frame is lost, param is NULL. Same options for handling.
Link to test pipeline: https://forge.3gpp.org/rep/ivas-codec-pc/ivas-codec/-/jobs/234373
Ways to reproduce
Using the scripts:
python3 scripts/IvasBuildAndRunChecks.py --checks CLANG3 -m mono_b128_swb_cbr -p /path/to/my/local/ci_linux_ltv_local.json --usan_supp_file scripts/ubsan.suppor directly:
make clean
make -j CLANG=3
./IVAS_cod 128000 32 ltv32_STEREO.wav bit
networkSimulator_g192 dly_profile.dat bit bit_err trace_dump 1
./IVAS_dec -voip 32 bit_err out.wav