ASAN: SBA DTX bitrate switching decoding
There is a **crash **due to an out-of-buffer writing for long self-test condition:
// SBA 3OA bitrate switching from 13.2 kbps to 128 kbps, 48kHz in, 48kHz out, DTX on, random FER at 5%, EXT out
ASAN reports te following:
==4251==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62000000bf80 at pc 0x000000821143 bp 0x7ffe23267cd0 sp 0x7ffe23267cc8
WRITE of size 4 at 0x62000000bf80 thread T0
#0 0x821142 in decoder_tcx_invQ /mnt/c/MyProjects_IVAS/Git_3GPP/ivas-codec/lib_dec/dec_tcx.c:830:26
#1 0xb4dd6d in ivas_mdct_core_invQ /mnt/c/MyProjects_IVAS/Git_3GPP/ivas-codec/lib_dec/ivas_mdct_core_dec.c:766:17
#2 0x7830f4 in ivas_mct_dec /mnt/c/MyProjects_IVAS/Git_3GPP/ivas-codec/lib_dec/ivas_mct_dec.c:164:9
#3 0x71c822 in ivas_jbm_dec_tc /mnt/c/MyProjects_IVAS/Git_3GPP/ivas-codec/lib_dec/ivas_jbm_dec.c:253:28
#4 0x4ed4b4 in IVAS_DEC_GetTcSamples /mnt/c/MyProjects_IVAS/Git_3GPP/ivas-codec/lib_dec/lib_dec.c:1401:24
#5 0x4eb183 in IVAS_DEC_GetSamples /mnt/c/MyProjects_IVAS/Git_3GPP/ivas-codec/lib_dec/lib_dec.c:1021:32
#6 0x4daa95 in decodeG192 /mnt/c/MyProjects_IVAS/Git_3GPP/ivas-codec/apps/decoder.c:2647:32
#7 0x4c9f40 in main /mnt/c/MyProjects_IVAS/Git_3GPP/ivas-codec/apps/decoder.c:887:17
#8 0x7f44f5f900b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
#9 0x41c5fd in _start (/mnt/c/MyProjects_IVAS/Git_3GPP/ivas-codec/ivas_dec+0x41c5fd)The corresponding command-line is (the output configuration does not play a role):
../IVAS_cod -dtx -sba 3 sw_13k2_to_128k_10fr.bin 48 ltv48_HOA3.wav bit
ivas_dec.exe stereo 48 bit syn.decThe problem happens in decoder_tcx_invQ() at lines 828-830:
for ( i = 0; i < L_spec; i++ )
{
x[i] = (float) prm_sqQ[i];
}where L_spec = 1200 but the length of buffer x[] is only L_FRAME48k = 960. It happens in the first active frame at 96 kbps (MCT) which follows an SID frame (SCE/CPE).
The problem can be replicated by the attached bitstream which is a short version of the full bitstream from the command-line above: bit
Edited by vaclav