USAN: signed integer overflow in IGFCommonFuncsCalcSfbEnergyPowerSpec

Basic info

• Fixed point: a51ce5c2

Bug description

Undef behaviour bug found in LTV scheduled test inside a BASOP used in IGFCommonFuncsCalcSfbEnergyPowerSpec:

lib_com/basop32.c:1802:24: runtime error: signed integer overflow: 1872988244 + 1872988244 cannot be represented in type 'int'
	    #0 0x11557d3 in L_add_c /home/gitlab-runner/builds/wok5VVg1U/0/rep/sa4/audio/ivas-basop/lib_com/basop32.c:1802:24
	    #1 0x116e488 in norm_llQ31 /home/gitlab-runner/builds/wok5VVg1U/0/rep/sa4/audio/ivas-basop/lib_com/basop_util.c:2093:13
	    #2 0x122ddd6 in IGFCommonFuncsCalcSfbEnergyPowerSpec /home/gitlab-runner/builds/wok5VVg1U/0/rep/sa4/audio/ivas-basop/lib_com/igf_base_fx.c:1151:26
	    #3 0xf80561 in IGF_calc_ivas /home/gitlab-runner/builds/wok5VVg1U/0/rep/sa4/audio/ivas-basop/lib_dec/igf_dec_fx.c:1411:9
	    #4 0xf84b25 in IGFDecApplyStereo /home/gitlab-runner/builds/wok5VVg1U/0/rep/sa4/audio/ivas-basop/lib_dec/igf_dec_fx.c:3846:9
	    #5 0xf49f92 in decoder_tcx_IGF_stereo_fx /home/gitlab-runner/builds/wok5VVg1U/0/rep/sa4/audio/ivas-basop/lib_dec/dec_tcx_fx.c:3961:9
	    #6 0xaecfd8 in stereo_mdct_core_dec_fx /home/gitlab-runner/builds/wok5VVg1U/0/rep/sa4/audio/ivas-basop/lib_dec/ivas_stereo_mdct_core_dec_fx.c:352:21
	    #7 0xfb1f5d in ivas_core_dec_fx /home/gitlab-runner/builds/wok5VVg1U/0/rep/sa4/audio/ivas-basop/lib_dec/ivas_core_dec_fx.c:716:17
	    #8 0xfdc2e7 in ivas_cpe_dec_fx /home/gitlab-runner/builds/wok5VVg1U/0/rep/sa4/audio/ivas-basop/lib_dec/ivas_cpe_dec_fx.c:609:9
	    #9 0x66fc30 in ivas_jbm_dec_tc_fx /home/gitlab-runner/builds/wok5VVg1U/0/rep/sa4/audio/ivas-basop/lib_dec/ivas_jbm_dec_fx.c:148:9
	    #10 0x44d59a in IVAS_DEC_GetTcSamples /home/gitlab-runner/builds/wok5VVg1U/0/rep/sa4/audio/ivas-basop/lib_dec/lib_dec_fx.c:1835:9
	    #11 0x44be7f in IVAS_DEC_GetSamples /home/gitlab-runner/builds/wok5VVg1U/0/rep/sa4/audio/ivas-basop/lib_dec/lib_dec_fx.c:1185:9
	    #12 0x441f9e in decodeG192 /home/gitlab-runner/builds/wok5VVg1U/0/rep/sa4/audio/ivas-basop/apps/decoder.c:2134:32
	    #13 0x42c1d5 in main /home/gitlab-runner/builds/wok5VVg1U/0/rep/sa4/audio/ivas-basop/apps/decoder.c:688:17
	    #14 0x7f2d33636d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
	    #15 0x7f2d33636e3f in __libc_start_main csu/../csu/libc-start.c:392:3
	    #16 0x4045d4 in _start (/home/gitlab-runner/builds/wok5VVg1U/0/rep/sa4/audio/ivas-basop/IVAS_dec+0x4045d4)

	SUMMARY: UndefinedBehaviorSanitizer: signed-integer-overflow lib_com/basop32.c:1802:24 in 
	lib_com/basop32.c:1804:21: runtime error: signed integer overflow: 1872988244 + 1872988244 cannot be represented in type 'int'
	    #0 0x11558a2 in L_add_c /home/gitlab-runner/builds/wok5VVg1U/0/rep/sa4/audio/ivas-basop/lib_com/basop32.c:1804:21
	    #1 0x116e488 in norm_llQ31 /home/gitlab-runner/builds/wok5VVg1U/0/rep/sa4/audio/ivas-basop/lib_com/basop_util.c:2093:13
	    #2 0x122ddd6 in IGFCommonFuncsCalcSfbEnergyPowerSpec /home/gitlab-runner/builds/wok5VVg1U/0/rep/sa4/audio/ivas-basop/lib_com/igf_base_fx.c:1151:26
	    #3 0xf80561 in IGF_calc_ivas /home/gitlab-runner/builds/wok5VVg1U/0/rep/sa4/audio/ivas-basop/lib_dec/igf_dec_fx.c:1411:9
	    #4 0xf84b25 in IGFDecApplyStereo /home/gitlab-runner/builds/wok5VVg1U/0/rep/sa4/audio/ivas-basop/lib_dec/igf_dec_fx.c:3846:9
	    #5 0xf49f92 in decoder_tcx_IGF_stereo_fx /home/gitlab-runner/builds/wok5VVg1U/0/rep/sa4/audio/ivas-basop/lib_dec/dec_tcx_fx.c:3961:9
	    #6 0xaecfd8 in stereo_mdct_core_dec_fx /home/gitlab-runner/builds/wok5VVg1U/0/rep/sa4/audio/ivas-basop/lib_dec/ivas_stereo_mdct_core_dec_fx.c:352:21
	    #7 0xfb1f5d in ivas_core_dec_fx /home/gitlab-runner/builds/wok5VVg1U/0/rep/sa4/audio/ivas-basop/lib_dec/ivas_core_dec_fx.c:716:17
	    #8 0xfdc2e7 in ivas_cpe_dec_fx /home/gitlab-runner/builds/wok5VVg1U/0/rep/sa4/audio/ivas-basop/lib_dec/ivas_cpe_dec_fx.c:609:9
	    #9 0x66fc30 in ivas_jbm_dec_tc_fx /home/gitlab-runner/builds/wok5VVg1U/0/rep/sa4/audio/ivas-basop/lib_dec/ivas_jbm_dec_fx.c:148:9
	    #10 0x44d59a in IVAS_DEC_GetTcSamples /home/gitlab-runner/builds/wok5VVg1U/0/rep/sa4/audio/ivas-basop/lib_dec/lib_dec_fx.c:1835:9
	    #11 0x44be7f in IVAS_DEC_GetSamples /home/gitlab-runner/builds/wok5VVg1U/0/rep/sa4/audio/ivas-basop/lib_dec/lib_dec_fx.c:1185:9
	    #12 0x441f9e in decodeG192 /home/gitlab-runner/builds/wok5VVg1U/0/rep/sa4/audio/ivas-basop/apps/decoder.c:2134:32
	    #13 0x42c1d5 in main /home/gitlab-runner/builds/wok5VVg1U/0/rep/sa4/audio/ivas-basop/apps/decoder.c:688:17
	    #14 0x7f2d33636d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
	    #15 0x7f2d33636e3f in __libc_start_main csu/../csu/libc-start.c:392:3
	    #16 0x4045d4 in _start (/home/gitlab-runner/builds/wok5VVg1U/0/rep/sa4/audio/ivas-basop/IVAS_dec+0x4045d4)

Looks like this happens in basically all operating points with IGF.

Link to job: https://forge.3gpp.org/rep/sa4/audio/ivas-basop/-/jobs/541136

Ways to reproduce

IVAS_cod -stereo 128000 48 ltv48_STEREO.wav bit
IVAS_dec -fr 20 STEREO 48 bit out.wav