USAN: index out of bounds in ivas_dirac_dec.c for OSBA to BINAURAL_ROOM* decoding with head rotation at bitrates >=256kbps
Basic info
- Commit SHA: d5865f6e
Bug description
Clang USAN sanitizer test in pipeline found an error:
lib_dec/ivas_dirac_dec.c:2320:37: runtime error: index 60 out of bounds for type 'float [60]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior lib_dec/ivas_dirac_dec.c:2320:37 in
lib_dec/ivas_dirac_dec.c:2321:37: runtime error: index 60 out of bounds for type 'float [60]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior lib_dec/ivas_dirac_dec.c:2321:37 inThe respective code part looks like this:
// declaration of the vaiable
float Cldfb_RealBuffer[MAX_OUTPUT_CHANNELS][MAX_PARAM_SPATIAL_SUBFRAMES][CLDFB_NO_CHANNELS_MAX];
float Cldfb_ImagBuffer[MAX_OUTPUT_CHANNELS][MAX_PARAM_SPATIAL_SUBFRAMES][CLDFB_NO_CHANNELS_MAX];
// ...
for ( l = 0; l < hSpatParamRendCom->num_freq_bands; l++ )
{
Cldfb_RealBuffer[j2][0][k * hSpatParamRendCom->num_freq_bands + l] += g * *( tc_re++ ); // <-- line 2320
Cldfb_ImagBuffer[j2][0][k * hSpatParamRendCom->num_freq_bands + l] += g * *( tc_im++ );
}the dimensions of the arrays are [16][4][60], thus the sanitizer complains about the [k * hSpatParamRendCom->num_freq_bands + l] part.
Link to test pipeline: https://forge.3gpp.org/rep/ivas-codec-pc/ivas-codec/-/jobs/241740
Ways to reproduce
Using the scripts:
python3 scripts/IvasBuildAndRunChecks.py --checks CLANG3 -m OSBA_ISM1_HOA3_b256_fb_cbr -p /path/to/my/local/ci_linux_ltv_local.json --usan_supp_file scripts/ubsan.supp -D="-t head_rot_traj.csv"