[CLANG18] ASAN: heap-buffer-overflow in lib_com/tools_fx.c:5450:25

Basic Info

Commit SHA: 6ff99c98

Bug description

Clang 18 ASAN found an heap-buffer-overflow error at lib_com/tools_fx.c:5450:25:

==18914==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x513000000520 at pc 0x55649c2a0252 bp 0x7ffc26cc1070 sp 0x7ffc26cc1068
READ of size 4 at 0x513000000520 thread T0
#0 0x55649c2a0251 in L_norm_arr /builds/rep/sa4/audio/ivas-basop/lib_com/tools_fx.c:5450:25
#1 0x55649bf02431 in intermidiate_ext_dirac_render /builds/rep/sa4/audio/ivas-basop/lib_rend/lib_rend_fx.c:11194:19
#2 0x55649befbd94 in renderInputMasa /builds/rep/sa4/audio/ivas-basop/lib_rend/lib_rend_fx.c:9164:21
#3 0x55649bedd376 in renderActiveInputsMasa /builds/rep/sa4/audio/ivas-basop/lib_rend/lib_rend_fx.c:9238:9
#4 0x55649bec5e52 in getSamplesInternal /builds/rep/sa4/audio/ivas-basop/lib_rend/lib_rend_fx.c:9594:5
#5 0x55649bec4808 in IVAS_REND_GetSamples /builds/rep/sa4/audio/ivas-basop/lib_rend/lib_rend_fx.c:9615:5
#6 0x55649be98c02 in main /builds/rep/sa4/audio/ivas-basop/apps/renderer.c:1940:28
#7 0x7efead47d1c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#8 0x7efead47d28a in __libc_start_main csu/../csu/libc-start.c:360:3
#9 0x55649bdb7444 in _start (/builds/rep/sa4/audio/ivas-basop/IVAS_rend+0x9d444) (BuildId: 18a0670bf7f65a8e974d58ce52f8f710a4b5e0c3)

0x513000000520 is located 0 bytes after 352-byte region [0x5130000003c0,0x513000000520)
allocated by thread T0 here:
#0 0x55649be52293 in malloc (/builds/rep/sa4/audio/ivas-basop/IVAS_rend+0x138293) (BuildId: 18a0670bf7f65a8e974d58ce52f8f710a4b5e0c3)
#1 0x55649bfca0dc in ivas_dirac_alloc_mem_fx /builds/rep/sa4/audio/ivas-basop/lib_rend/ivas_dirac_rend_fx.c:830:9
#2 0x55649bed9c62 in ivas_masa_ext_rend_dirac_rend_init /builds/rep/sa4/audio/ivas-basop/lib_rend/lib_rend_fx.c:10652:5
#3 0x55649bed4bd4 in initMasaExtRenderer /builds/rep/sa4/audio/ivas-basop/lib_rend/lib_rend_fx.c:10986:9
#4 0x55649beb61fd in setRendInputActiveMasa /builds/rep/sa4/audio/ivas-basop/lib_rend/lib_rend_fx.c:3632:9
#5 0x55649beb1c53 in IVAS_REND_AddInput_fx /builds/rep/sa4/audio/ivas-basop/lib_rend/lib_rend_fx.c:4691:5
#6 0x55649be954ae in main /builds/rep/sa4/audio/ivas-basop/apps/renderer.c:1482:9
#7 0x7efead47d1c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#8 0x7efead47d28a in __libc_start_main csu/../csu/libc-start.c:360:3
#9 0x55649bdb7444 in _start (/builds/rep/sa4/audio/ivas-basop/IVAS_rend+0x9d444) (BuildId: 18a0670bf7f65a8e974d58ce52f8f710a4b5e0c3)

SUMMARY: AddressSanitizer: heap-buffer-overflow /builds/rep/sa4/audio/ivas-basop/lib_com/tools_fx.c:5450:25 in L_norm_arr

How to reproduce

⚠️ Make sure to use CLANG v18 for building the codec :warning

Build with

make clean
make -j CLANG=2

Then run

./IVAS_rend -i scripts/testv/spectral_test_1ch_48kHz.wav -if MASA1 -o tests/renderer_short/cut/MASA1_to_HOA3None_20msNone_48kHz.wav -of HOA3 -fs 48 -no_delay_cmp -q -im scripts/testv/stv1MASA1TC48c.met -fr 20

python3 -m pytest "test_masa[48kHz-20ms-MASA1-HOA3]" -n auto --update_ref --ref_encoder_path ./IVAS_cod --ref_decoder_path ./IVAS_dec

Edited Jan 12, 2026 by Jan Kiene