Out-of-bound reading in Log2_norm_lc()

Basic info

Fixed point:
- Encoder (fixed): 24e8bdab
- Decoder (fixed): 24e8bdab

Bug description

The function Log2_norm_lc() reads for certain input values (e.g. L_x == 0) out of bounds, i.e. accesses the arrays L_table_Log2_norm_lc[] and table_diff_Log2_norm_lc[] at position -32.

This might lead to undeterministic behavior.

Example stack trace:

#4  0x00005555558e7486 in Log2_norm_lc (L_x=0) at lib_com/log2.c:70
#5  0x000055555568d4c7 in swb_pre_proc_ivas_fx (st=0x555555a7b2b0, new_swb_speech=0x7ffffffda378, new_swb_speech_fx=0x7ffffffdcff0, shb_speech=0x7ffffffdc460, Q_shb_spch=0x7ffffffddefe, realBuffer=0x7ffffffe4480, imagBuffer=0x7ffffffe2680, q_reImBuffer=0, 
    hCPE=0x555555a7a7e0) at lib_enc/swb_pre_proc_fx.c:1129
#6  0x0000555555750cde in ivas_core_enc_fx (hSCE=0x0, hCPE=0x555555a7a7e0, hMCT=0x0, n_CoreChannels=1, old_inp_12k8_fx=0x7ffffffe97c0, old_inp_16k_fx=0x7ffffffe6e80, Q_new=0x7ffffffde6d6, ener_fx=0x7ffffffe6674, A_fx=0x7ffffffe6510, Aw_fx=0x7ffffffe63b0, 
    epsP_fx=0x7ffffffe6320, epsP_fx_q=0x7ffffffe631c, lsp_new_fx=0x7ffffffe62d0, lsp_mid_fx=0x7ffffffe6290, vad_hover_flag=0x7ffffffe628c, attack_flag=0x7ffffffe6288, realBuffer_fx=0x7ffffffe4480, imagBuffer_fx=0x7ffffffe2680, q_re_im_buf=0x7ffffffe267c, 
    old_wsp_fx=0x7ffffffde6e0, e_old_wsp=0x7ffffffde6dc, loc_harm=0x7ffffffe264c, cor_map_sum_fx=0x7ffffffe2648, vad_flag_dtx=0x7ffffffe2644, enerBuffer_fx=0x7ffffffe2460, enerBuffer_fx_exp=0x7ffffffe245c, fft_buff_fx=0x7ffffffe6680, tdm_SM_or_LRTD_Pri=0, ivas_format=2, 
    flag_16k_smc=0) at lib_enc/ivas_core_enc_fx.c:722
#7  0x0000555555764a99 in ivas_cpe_enc_fx (st_ivas=0x555555a752d0, cpe_id=0, data_fx_ch0=0x555555a77d30, data_fx_ch1=0x555555a78c40, q_data_fx=11, input_frame=960, nb_bits_metadata=0, Q_new_out=0x0) at lib_enc/ivas_cpe_enc_fx.c:1230
#8  0x000055555559b3b0 in ivas_enc_fx (st_ivas=0x555555a752d0, data=0x555555aa7150, n_samples=1920) at lib_enc/ivas_enc_fx.c:182
#9  0x0000555555560968 in IVAS_ENC_EncodeFrameToSerial (hIvasEnc=0x555555a752a0, inputBuffer=0x555555aa7150, inputBufferSize=1920, outputBitStream=0x7ffffffeb1e0, numOutBits=0x7ffffffeb1de) at lib_enc/lib_enc_fx.c:1502
#10 0x000055555555b2b6 in main (argc=8, argv=0x7fffffffe228) at apps/encoder.c:877

Ways to reproduce

IVAS_cod -stereo -max_band scripts/testv/bwidth_cntl.txt 32000 48 scripts/testv/stvST48c.wav bit

Edited Dec 05, 2025 by multrus