USAN error in OMASA to Stereo decoding in both ivas-float-update and main
Basic info
Bug description
Usan pipeline (https://forge.3gpp.org/rep/sa4/audio/ivas-basop/-/jobs/507596) reports this error for OMASA to stereo deocding:
lib_dec/ivas_jbm_dec.c:1030:24: runtime error: applying zero offset to null pointer
#0 0x000104dd7ee0 in ivas_jbm_dec_render ivas_jbm_dec.c:1030
#1 0x0001052e8d80 in IVAS_DEC_GetRenderedSamples lib_dec.c:1436
#2 0x0001052e61d8 in IVAS_DEC_GetSamples lib_dec.c:1050
#3 0x000104918d1c in decodeG192 decoder.c:2335
#4 0x000104907908 in main decoder.c:815
#5 0x00019790eb94 in start+0x17b8 (dyld:arm64e+0xfffffffffff3ab94)
SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset lib_dec/ivas_jbm_dec.c:1030:24The reason for this is that in the reported code part
for ( n = 0; n < MAX_OUTPUT_CHANNELS + MAX_NUM_OBJECTS; n++ )
{
p_output[n] = st_ivas->p_output_f[n];
}
if ( !st_ivas->hDecoderConfig->Opt_tsm )
{
for ( n = 0; n < st_ivas->hTcBuffer->nchan_buffer_full; n++ )
{
p_tc[n] = &p_output[n][st_ivas->hTcBuffer->n_samples_rendered]; // <---------------------
}st_ivas->hTcBuffer->nchan_buffer_full is 6, but st_ivas->p_output_f was only initialized up to index 4 in this code part:
/*-----------------------------------------------------------------*
* Allocate floating-point output audio buffers
*-----------------------------------------------------------------*/
for ( n = 0; n < ivas_get_nchan_buffers_dec( st_ivas, st_ivas->sba_analysis_order, st_ivas->hDecoderConfig->ivas_total_brate ); n++ )
{
/* note: these are intra-frame heap memories */
if ( ( st_ivas->p_output_f[n] = (float *) malloc( ( 48000 / FRAMES_PER_SEC ) * sizeof( float ) ) ) == NULL )
{
return ( IVAS_ERROR( IVAS_ERR_FAILED_ALLOC, "Can not allocate memory for floating-point output audio buffer!\n" ) );
}
}Ways to reproduce
make clean
make -j CLANG=3 IGNORELIST=1
UBSAN_OPTIONS="suppressions=scripts/ubsan_basop.supp,report_error_type=1,print_stacktrace=1" ./IVAS_dec stereo 16 bit out.wavEdited by Jan Kiene