Skip to content

Memory sanitizer error in ACELP, invalid array index -1

This is the floating-point equivalent of sa4/audio/ivas-basop#1378 (closed):

Bug description

Invalid array index in ACELP sanity check

Ways to reproduce

  1. Build with clang sanitizer flags :

CFLAGS += -fsanitize=address,undefined,nullability LDFLAGS += -fsanitize=address,undefined,nullability

  1. Decode attached file:

IVAS_dec -q -fr 20 -Tracefile stvOMASA_2ISM_2MASA2TC48c+10dB.wav_OMASA_2Dir2TC_2ISM_at_br_sw_techs_13_2_to_512_kbps_start_48_kbps_48kHz_in_48kHz_out_7_1_out_JBM_Prof_5.dectrace -VOIP 7_1 48 stvOMASA_2ISM_2MASA2TC48c+10dB.wav_OMASA_2Dir2TC_2ISM_at_br_sw_techs_13_2_to_512_kbps_start_48_kbps_48kHz_in_48kHz_out_7_1_out_JBM_Prof_5.netsimout out.wav

  1. Output will show this message: ... lib_dec/dec_acelp_fx.c:174:9: runtime error: index -1 out of bounds for type 'const UWord32[9]' (aka 'const unsigned int[9]') SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior lib_dec/dec_acelp_fx.c:174:9 in ...
  2. Proposed fix

Move sanity check inside of an IF statement a few lines lower were the invalid memory access cannot happen, and the ELSE of that IF statement would have the same effect as if the sanity check triggers.

See sa4/audio/ivas-basop#1378 (closed) for the bitstream. Possibly, a new bitstream needs to be generated for reproducibility on the lastest float main.

Moreover, the fix seems to be relevant to EVS as well and should probably be brought to it. If so, please note this issue to #1062