Out of array access in DFT stereo CNA

An out-of-array access was observed in function stereo_dft_dec(), file ivas_stereo_dft_dec.c, line 1604:

if ( hStereoDft->frame_sid_nodata || st0->VAD == 0 )
{
    hFdCngDec->cna_band_limits[b] = hStereoDft->band_limits[hFdCngDec->cna_nbands];
}

The buffer cna_band_limits[] has a length of 13 elements while b = hStereoDft->nbands usually equals to 13. Consequently, it is not the last element of hFdCngDec->cna_band_limits[] which is written to but a subsequent parameter hFdCngDec->cna_act_fact.

I see it e.g. when running DFT stereo at 32 kbps and 48 kHz I/O.

Admin message

Out of array access in DFT stereo CNA