[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Linphone-developers] Infinite loop in bcg729
From: |
Alan Dennis |
Subject: |
[Linphone-developers] Infinite loop in bcg729 |
Date: |
Thu, 17 Sep 2020 14:44:14 +0100 |
User-agent: |
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.2.2 |
Hi,
We're using the bcg729 library, v1.0.4 and we've had it lock up in an
infinite loop.
I got a core dump and I'm digging through it to see what I can find, but
I thought I'd ask here too...
The backtrace is ...
Thread 8 (Thread 0x7f6994ff9700 (LWP 85810)):
#0 countLeadingZeros (x=0) at utils.h:113
#1 g729Log2_Q0Q16 (x=-8) at g729FixedPointMath.h:65
#2 bcg729_vad (VADChannelContext=0x7f692b6fd730,
reflectionCoefficient=2037114563,
LSFCoefficients=LSFCoefficients@entry=0x7f6994ff8720,
autoCorrelationCoefficients=autoCorrelationCoefficients@entry=0x7f6994ff8850,
autoCorrelationCoefficientsScale=<optimized out>,
signalCurrentFrame=0x7f699d134570) at vad.c:206
#3 0x00000000004d709f in bcg729Encoder
(encoderChannelContext=0x7f699d134480,
inputFrame=inputFrame@entry=0x7f699e069ce8, bitStream=0x7f699c82d88e
"\320j\365.\354\314\367\016\250\207",
bitStreamLength=bitStreamLength@entry=0x7f6994ff8b1f "\nЌ\377\224i\177")
at encoder.c:170
#4 0x000000000043607c in bcg729_codec_encode (codec=<optimized out>,
input=0x7f6994ff8cd0, output_buf_len=<optimized out>,
output=0x7f6994ff8be0) at bcg729.c:505
#5 ...
... which as you can see, it's tried to do g729Log2_Q0Q16(-8), which is
never going to end well!
The combination of word32_t x (i.e. signed) and while
(x<(word32_t)0x40000000) in countLeadingZeros means that when x is -8
(0xFFFF FFF8), it happily shifts left until it becomes 0, as it is
always < 0. Once x becomes 0, then it loops forever.
Quite how bcg729_vad managed to do that I'm not sure.
Any thoughts?
Thanks,
Alan.
- [Linphone-developers] Infinite loop in bcg729,
Alan Dennis <=