Crash in hq_generic_decoding_fx()

Basic info

Fixed point:
- Encoder (fixed): n/a
- Decoder (fixed): 8ff889f8

Bug description

Decoding the attached bitstream is causing a crash in hq_generic_decoding_fx():

#0  0x00005555555678d3 in shl_o (var1=17172, var2=1, Overflow=0x0) at lib_basop/basop32.c:747
#1  0x0000555555567a28 in shr_o (var1=17172, var2=1, Overflow=0x0) at lib_basop/basop32.c:863
#2  0x0000555555567aab in shr (var1=17172, var2=-1) at lib_basop/basop32.c:899
#3  0x0000555555959b03 in hq_generic_decoding_fx (element_mode=2, HQ_mode=4, coeff_out1_fx=0x7ffffffe3270, hq_generic_fenv_fx=0x7ffffffe8190, coeff_out_fx=0x7ffffffeb980, hq_generic_offset=80, prev_L_swb_norm=0x555555dba3b0, hq_generic_exc_clas=1, R=0x7ffffffe7090)
    at lib_com/swb_bwe_com_fx.c:2751
#4  0x00005555558dd337 in hq_bwe_fx (element_mode=2, HQ_mode=4, coeff_out1=0x7ffffffe3270, hq_generic_fenv=0x7ffffffe8190, coeff_out=0x7ffffffeb980, hq_generic_offset=80, prev_L_swb_norm=0x555555dba3b0, hq_generic_exc_clas=1, sfm_end=0x7ffffffe7150, num_sfm=39, 
    num_env_bands=27, R=0x7ffffffe7090) at lib_com/hq_tools_fx.c:1860
#5  0x00005555558c3dd7 in fill_spectrum_fx (coeff=0x7ffffffe65b0, L_coeff_out=0x7ffffffeb980, R=0x7ffffffe7090, is_transient=0, norm=0x7ffffffecc50, hq_generic_fenv=0x7ffffffe8190, hq_generic_offset=80, nf_idx=0, length=640, env_stab=28475, 
    no_att_hangover=0x555555db4dec, L_energy_lt=0x555555db4df0, bwe_seed=0x555555db4df4, hq_generic_exc_clas=1, core_sfm=26, HQ_mode=4, noise_level=0x7ffffffe6f68, L_core_brate=21800, prev_noise_level=0x555555db4df6, prev_R=0x555555db4dfc, 
    prev_coeff_out=0x555555db4e00, peak_idx=0x7ffffffe6f20, Npeaks=0, npulses=0x7ffffffe7030, prev_is_transient=0, prev_normq=0x555555db55dc, prev_env=0x555555db5644, prev_bfi=0, sfmsize=0x7ffffffe7210, sfm_start=0x7ffffffe71b0, sfm_end=0x7ffffffe7150, 
    prev_L_swb_norm=0x555555dba3b0, prev_hq_mode=2, num_sfm=39, prev_env_Q=0x555555db56ac, num_env_bands=27, element_mode=2) at lib_com/fill_spectrum_fx.c:273
#6  0x00005555555fedb5 in hq_hr_dec_fx (st_fx=0x555555daadb0, t_audio_q=0x7ffffffeb980, length=640, num_bits=428, ynrm=0x7ffffffecc50, is_transient=0x7ffffffeccba, hqswb_clas=0x7ffffffeccb8, SWB_fenv=0x7ffffffe8190, core_switching_flag=0) at lib_dec/hq_hr_dec_fx.c:324
#7  0x00005555555fb8bd in hq_core_dec_fx (st_fx=0x555555daadb0, synth=0x7ffffffeedc0, Q_synth=0x7fffffff0bce, output_frame=640, hq_core_type=0, core_switching_flag=0, output_32_fx=0x555555ddf5e0) at lib_dec/hq_core_dec_fx.c:266
#8  0x0000555555800924 in ivas_core_dec_fx (st_ivas=0x0, hSCE=0x0, hCPE=0x555555da8890, hMCT=0x0, n_channels=1, output_32_fx=0x7fffffff7880, hb_synth_32_fx=0x7fffffff59e0, DFT_fx=0x7fffffff1d50, sba_dirac_stereo_flag=0) at lib_dec/ivas_core_dec_fx.c:589
#9  0x0000555555808b8f in stereo_dft_dec_main (hCPE=0x555555da8890, ivas_total_brate=32000, n_channels=1, p_res_buf_fx=0x7fffffff59e0, output=0x7fffffff7880, outputHB_fx=0x7fffffff59e0, output_frame=640, output_Fs=32000) at lib_dec/ivas_cpe_dec_fx.c:757
#10 0x000055555580857b in ivas_cpe_dec_fx (st_ivas=0x555555da5300, cpe_id=0, output=0x7fffffff7880, output_frame=640, nb_bits_metadata=0) at lib_dec/ivas_cpe_dec_fx.c:602
#11 0x0000555555605ea5 in ivas_dec_fx (st_ivas=0x555555da5300) at lib_dec/ivas_dec_fx.c:102
#12 0x000055555557138a in IVAS_DEC_GetSamplesDecoder (hIvasDec=0x555555da52a0, splitRendBits=0x0) at lib_dec/lib_dec_fx.c:4085
#13 0x0000555555562b4e in decodeG192 (arg=..., hBsReader=0x555555da5820, hHrtfBinary=0x7fffffffd7c0, headRotReader=0x0, externalOrientationFileReader=0x0, refRotReader=0x0, referenceVectorReader=0x0, objectEditFileReader=0x0, splitRendBits=0x0, 
    phIvasDec=0x7fffffffd828, pcmBuf=0x555555da5e70) at apps/decoder.c:2377
#14 0x000055555555dd39 in main (argc=8, argv=0x7fffffffe268) at apps/decoder.c:686

Ways to reproduce

Bitstream:

out.zip

IVAS_dec -q -fr 20 STEREO 32 out.192 out.wav

Edited Apr 28, 2026 by multrus