AddressSanitizer: heap-buffer-overflow in `frames_detector_cvad_most_dominant_freq`
noelweichbrodt opened this issue · 0 comments
Do you want to request a feature, report a bug, or ask a question about wit-ios?
Bug
What is the current behavior?
When WITVad vadSpeechFrame is called, AddressSanitizer detects the following condition (irrelevant stack and local information removed for clarity):
=================================================================
==55701==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x611000022ec0 at pc 0x0001104ef2e2 bp 0x7000067f89d0 sp 0x7000067f89c8
READ of size 4 at 0x611000022ec0 thread T2
#0 0x1104ef2e1 in frames_detector_cvad_most_dominant_freq
#1 0x1104ee31d in wvs_cvad_detect_talking
#2 0x1104eca9e in -[WITVad vadSpeechFrame:]
0x611000022ec0 is located 0 bytes to the right of 256-byte region [0x611000022dc0,0x611000022ec0)
allocated by thread T2 here:
#0 0x10f60d553 in wrap_malloc
#1 0x1104ed913 in -[WITVad get_fft:]
#2 0x1104eca2f in -[WITVad vadSpeechFrame:]
SUMMARY: AddressSanitizer: heap-buffer-overflow in frames_detector_cvad_most_dominant_freq
Shadow bytes around the buggy address:
0x1c2200004580: fd fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa
0x1c2200004590: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x1c22000045a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa
0x1c22000045b0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x1c22000045c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x1c22000045d0: 00 00 00 00 00 00 00 00[fa]fa fa fa fa fa fa fa
0x1c22000045e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x1c22000045f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x1c2200004600: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x1c2200004610: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x1c2200004620: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
the length
of samples
when vadSpeechFrame
is called is 342
, and frames_detector_cvad_most_dominant_freq
has fftMags
at 25907.1777
with i
as 64
.
If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem.
Run the following branch with AddressSanitizer enabled: spokestack/spokestack-ios#45. iPhone XR simulator running iOS 12.2.
What is the expected behavior?
No memory error during VAD audio processing
If applicable, what is the App ID where you are experiencing this issue? If you do not provide this, we cannot help.
N/A