EVS Mono: Reading of uninitialized memory in CalcPowerSpecAndDetectTonalComponents_fx()

Basic info

  • Fixed point:
    • Encoder (fixed): n/a
    • Decoder (fixed): 496d928d

Bug description

Decoding the attached bitstream triggers reading of uninitialized memory in CalcPowerSpecAndDetectTonalComponents_fx(), and for instrumented builds this causes a segfault:

Valgrind:

==1180185== Conditional jump or move depends on uninitialised value(s)
==1180185==    at 0x322A2D: CalcPowerSpecAndDetectTonalComponents_fx (tonalMDCTconcealment_fx.c:834)
==1180185==    by 0x32354B: TonalMDCTConceal_Detect_fx (tonalMDCTconcealment_fx.c:1173)
==1180185==    by 0x432480: GetPLCModeDecision_fx (er_util_fx.c:462)
==1180185==    by 0x491A50: decoder_LPD_fx (dec_LPD_fx.c:202)
==1180185==    by 0x3FEEC2: dec_acelp_tcx_frame_fx (dec_acelp_tcx_main_fx.c:462)
==1180185==    by 0x1AFE4A: evs_dec_fx (evs_dec_fx.c:744)
==1180185==    by 0x12F8F0: evs_dec_main_fx (lib_dec_fx.c:5632)
==1180185==    by 0x12A8EB: IVAS_DEC_GetSamplesDecoder (lib_dec_fx.c:3891)
==1180185==    by 0x1171F9: decodeG192 (decoder.c:2355)
==1180185==    by 0x112319: main (decoder.c:676)

Clang memory sanitizer reports a problem even earlier:

==1193003==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x55d660d58f74 in GetPLCModeDecision_fx /home/ame-tmp2/mul/ivas/basop/check_complexity/ivas-basop/lib_dec/er_util_fx.c:462:21
    #1 0x55d660f0ecf5 in decoder_LPD_fx /home/ame-tmp2/mul/ivas/basop/check_complexity/ivas-basop/lib_dec/dec_LPD_fx.c:202:20
    #2 0x55d660c5b6b3 in dec_acelp_tcx_frame_fx /home/ame-tmp2/mul/ivas/basop/check_complexity/ivas-basop/lib_dec/dec_acelp_tcx_main_fx.c:462:13
    #3 0x55d6600e346a in evs_dec_fx /home/ame-tmp2/mul/ivas/basop/check_complexity/ivas-basop/lib_dec/evs_dec_fx.c:744:9
    #4 0x55d65fe54e21 in evs_dec_main_fx /home/ame-tmp2/mul/ivas/basop/check_complexity/ivas-basop/lib_dec/lib_dec_fx.c:5632:13
    #5 0x55d65fe4fe42 in IVAS_DEC_GetSamplesDecoder /home/ame-tmp2/mul/ivas/basop/check_complexity/ivas-basop/lib_dec/lib_dec_fx.c:3891:13
    #6 0x55d65fde75b9 in decodeG192 /home/ame-tmp2/mul/ivas/basop/check_complexity/ivas-basop/apps/decoder.c:2355:32
    #7 0x55d65fdcb985 in main /home/ame-tmp2/mul/ivas/basop/check_complexity/ivas-basop/apps/decoder.c:676:17
    #8 0x7f5e37ceaca7 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #9 0x7f5e37cead64 in __libc_start_main csu/../csu/libc-start.c:360:3
    #10 0x55d65fd2d490 in _start (/home/ame-tmp2/mul/ivas/basop/check_complexity/ivas-basop/IVAS_dec+0x3b490) (BuildId: ca931f539e9dd49c980e27a5b697bae570883307)

SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/ame-tmp2/mul/ivas/basop/check_complexity/ivas-basop/lib_dec/er_util_fx.c:462:21 in GetPLCModeDecision_fx

Ways to reproduce

Bitstream: out_fer.zip

IVAS_dec 48 out_fer.192 out.wav
Edited by multrus