[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Linphone-developers] Infinite loop in bcg729

From: Alan Dennis
Subject: [Linphone-developers] Infinite loop in bcg729
Date: Thu, 17 Sep 2020 14:44:14 +0100
User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.2.2


We're using the bcg729 library, v1.0.4 and we've had it lock up in an infinite loop.

I got a core dump and I'm digging through it to see what I can find, but I thought I'd ask here too...

The backtrace is ...

Thread 8 (Thread 0x7f6994ff9700 (LWP 85810)):
#0  countLeadingZeros (x=0) at utils.h:113
#1  g729Log2_Q0Q16 (x=-8) at g729FixedPointMath.h:65
#2  bcg729_vad (VADChannelContext=0x7f692b6fd730, reflectionCoefficient=2037114563, LSFCoefficients=LSFCoefficients@entry=0x7f6994ff8720, autoCorrelationCoefficients=autoCorrelationCoefficients@entry=0x7f6994ff8850, autoCorrelationCoefficientsScale=<optimized out>, signalCurrentFrame=0x7f699d134570) at vad.c:206 #3  0x00000000004d709f in bcg729Encoder (encoderChannelContext=0x7f699d134480, inputFrame=inputFrame@entry=0x7f699e069ce8, bitStream=0x7f699c82d88e "\320j\365.\354\314\367\016\250\207", bitStreamLength=bitStreamLength@entry=0x7f6994ff8b1f "\nЌ\377\224i\177") at encoder.c:170 #4  0x000000000043607c in bcg729_codec_encode (codec=<optimized out>, input=0x7f6994ff8cd0, output_buf_len=<optimized out>, output=0x7f6994ff8be0) at bcg729.c:505
#5 ...

... which as you can see, it's tried to do g729Log2_Q0Q16(-8), which is never going to end well!

The combination of word32_t x (i.e. signed) and while (x<(word32_t)0x40000000) in countLeadingZeros means that when x is -8 (0xFFFF FFF8), it happily shifts left until it becomes 0, as it is always < 0. Once x becomes 0, then it loops forever.

Quite how bcg729_vad managed to do that I'm not sure.

Any thoughts?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]