# Basic info <!--- Add commit SHA used to reproduce--> - Fixed point: - Decoder (fixed): 096ff953a73f72f282b3a91f0e0cf2b3c27d1a10 # Bug description There is still a bug in one of the HRTF loading testcases which causes the BASOP decoder to crash. runnign with Clang ASAN reveals a heap-use-after-free: ``` bash ==66877==ERROR: AddressSanitizer: heap-use-after-free on address 0x61c000010e20 at pc 0x000100c15ee0 bp 0x00016f8bc4f0 sp 0x00016f8bc4e8 READ of size 2 at 0x61c000010e20 thread T0 #0 0x000100c15edc in ivas_rend_crendConvolver_fx ivas_crend_fx.c:2296 #1 0x000100c1504c in ivas_rend_crendProcessSubframe_fx ivas_crend_fx.c:2843 #2 0x0001008a1d20 in ivas_jbm_dec_render_fx ivas_jbm_dec_fx.c:2088 #3 0x000100b093a4 in IVAS_DEC_GetRenderedSamples lib_dec_fx.c:1889 #4 0x000100b05da8 in IVAS_DEC_GetSamples lib_dec_fx.c:1278 #5 0x00010052b0cc in decodeG192 decoder.c:2283 #6 0x00010051eb54 in main decoder.c:749 #7 0x00018b44eb94 (<unknown module>) 0x61c000010e20 is located 1440 bytes inside of 1800-byte region [0x61c000010880,0x61c000010f88) freed by thread T0 here: #0 0x0001020c5400 in free+0x7c (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x3d400) #1 0x000100ce22a8 in ivas_HRTF_CRend_binary_close_fx ivas_hrtf_fx.c:215 #2 0x000100b12acc in IVAS_DEC_HRTF_binary_close lib_dec_fx.c:2782 #3 0x00010052e890 in load_hrtf_from_file decoder.c:3375 #4 0x00010052af44 in decodeG192 decoder.c:2261 #5 0x00010051eb54 in main decoder.c:749 #6 0x00018b44eb94 (<unknown module>) previously allocated by thread T0 here: #0 0x0001020c530c in malloc+0x78 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x3d30c) #1 0x000100ce199c in ivas_HRTF_CRend_binary_open_fx ivas_hrtf_fx.c:99 #2 0x000100b125dc in IVAS_DEC_HRTF_binary_open lib_dec_fx.c:2704 #3 0x00010052e8bc in load_hrtf_from_file decoder.c:3384 #4 0x00010052af44 in decodeG192 decoder.c:2261 #5 0x00010051eb54 in main decoder.c:749 #6 0x00018b44eb94 (<unknown module>) SUMMARY: AddressSanitizer: heap-use-after-free ivas_crend_fx.c:2296 in ivas_rend_crendConvolver_fx Shadow bytes around the buggy address: 0x61c000010b80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x61c000010c00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x61c000010c80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x61c000010d00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x61c000010d80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x61c000010e00: fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd 0x61c000010e80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x61c000010f00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x61c000010f80: fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x61c000011000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x61c000011080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==66877==ABORTING fish: Job 1, './IVAS_dec -hrtf ../ivas-codec/…' terminated by signal SIGABRT (Abort) ``` # Ways to reproduce Run the testcase "`tests/codec_be_on_mr_nonselection/test_param_file.py::test_param_file_tests[stv-4 ISM w and wo md br switching 24.4 kbps to 256 kbps, 48 kHz in, 48 kHz out, DTX on, BINAURAL_ROOM_IR out (Model from file)]`" or: [bit](/uploads/ebf18d0c8a16a98ca27441f650864505/bit) <!--Commandline or script--> ```bash /IVAS_dec -hrtf scripts/binauralRenderer_interface/binaural_renderers_hrtf_data/ivas_binaural_48kHz.bin BINAURAL_ROOM_IR 48 bit out.wav ``` <!--- Below are labels that will be added but are not shown in description. This is a template to help fill them. Add further information to the first row and remove and add labels as necessary.-->