Memory sanitizer error in ACELP, invalid array index -1
Basic info
Applies for current basop-main
Bug description
Invalid array index in ACELP sanity check
Ways to reproduce
- Build with clang sanitizer flags :
CFLAGS += -fsanitize=address,undefined,nullability LDFLAGS += -fsanitize=address,undefined,nullability
- Decode attached file:
IVAS_dec -q -fr 20 -Tracefile stvOMASA_2ISM_2MASA2TC48c+10dB.wav_OMASA_2Dir2TC_2ISM_at_br_sw_techs_13_2_to_512_kbps_start_48_kbps_48kHz_in_48kHz_out_7_1_out_JBM_Prof_5.dectrace -VOIP 7_1 48 stvOMASA_2ISM_2MASA2TC48c+10dB.wav_OMASA_2Dir2TC_2ISM_at_br_sw_techs_13_2_to_512_kbps_start_48_kbps_48kHz_in_48kHz_out_7_1_out_JBM_Prof_5.netsimout out.wav
-
Output will show this message: ... lib_dec/dec_acelp_fx.c:174:9: runtime error: index -1 out of bounds for type 'const UWord32[9]' (aka 'const unsigned int[9]') SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior lib_dec/dec_acelp_fx.c:174:9 in ...
-
Proposed fix
Move sanity check inside of an IF statement a few lines lower were the invalid memory access cannot happen, and the ELSE of that IF statement would have the same effect as if the sanity check triggers.