Skip to content

Uninitialized value used in stereo_dft_enc_itd_vad()

Detected during BASOP conversion, see sa4/audio/ivas-basop#828 (closed).

Running

./IVAS_cod -ism_masa 3 2 scripts/testv/stvISM1.csv scripts/testv/stvISM2.csv scripts/testv/stvISM3.csv scripts/testv/stv2MASA2TC48c.met scripts/switchPaths/sw_13k2_512k_2fr_start_160k_omasatechs_3ism.bin 48 scripts/testv/stvOMASA_3ISM_2MASA2TC48c.wav bit

results in an uninitialized value being used in lib_enc/ivas_stereo_dft_enc_itd.c:290. This is not detected by the CLANG memory sanitizer nor by using valgrind. It can cause problems in the BASOPs if the random garbage value is out of expected range, see above-linked BASOP issue. The code part looks like this:

    for ( i = 0; i <= STEREO_DFT_N_16k_ENC / 2; i++ )
    {
        Spd[i] = 0.5f * ( Spd_L[i] + Spd_R[i] );
    }

Both Spd_L and Spd_R are passed in as pointers to stack-allocated arrays from the parent function call at ivas_stereo_dft_enc_itd.c:622:

    float Spd_L[STEREO_DFT_N_32k_ENC / 2 + 1];
    float Spd_R[STEREO_DFT_N_32k_ENC / 2 + 1];

Both are only written to inside a loop which starts at index 1 before being passed to stereo_dft_enc_itd_vad:

    for ( i = 1, j = 0; i < NFFT_mid; i++, j++ )
    {
        ...
        Spd_L[i] = pNrgL[i];
        Spd_R[i] = pNrgR[i];
        ...

Hence, the value at position zero is uninitialized in the first code snippet.But, the calculated value at position zero in Spd is never used for anything. Here code from itd_vad_ms_snr_calc() where it is used:

    for ( i = 0; i < STEREO_DFT_ITD_VAD_BAND_NUM; i++ )
    {
        E_band[i] = 0;
        for ( j = itd_vad_band_tbl[i]; j < itd_vad_band_tbl[i + 1]; j++ )
        {
            E_band[i] += Spd[j];
        }
        E_band[i] = E_band[i] / ( itd_vad_band_tbl[i + 1] - itd_vad_band_tbl[i] );
    }

With the values for itd_vad_band_tbl being:

[0] = 5
  [1] = 8
  [2] = 11
  [3] = 16
  [4] = 21
  [5] = 26
  [6] = 30
  [7] = 37
  [8] = 43
  [9] = 51
  [10] = 59
  [11] = 69
  [12] = 80
  [13] = 93
  [14] = 107
  [15] = 126
  [16] = 147
  [17] = 176
  [18] = 211
  [19] = 254

This could thus be fixed in a bitexact way by changing the first code snippet to:

    for ( i = itd_vad_band_tbl[0]; i <= STEREO_DFT_N_16k_ENC / 2; i++ )
    {
        Spd[i] = 0.5f * ( Spd_L[i] + Spd_R[i] );
    }

(or simply by starting at 1, but indices 0-4 should all be unused.