Bug#1003638: mbeq: uninitialized field access corrupts output

Frank Heckenbach f.heckenbach at fh-soft.de
Thu Jan 13 05:56:00 GMT 2022 

Package: swh-plugins
Version: 0.4.17-2+fh1
Severity: important
Tags: upstream patch

mbeq_1197.xml:

float coefs[FFT_LENGTH / 2];

[...]

coefs[0] = 0.0f;
for (bin=1; bin < (FFT_LENGTH/2-1); bin++) {
        coefs[bin] = ((1.0f-bin_delta[bin]) * gains[bin_base[bin]])
                      + (bin_delta[bin] * gains[bin_base[bin]+1]);
}

[...]

                for (i = 1; i < FFT_LENGTH/2; i++) {
                        comp[i] *= coefs[i];
                        comp[FFT_LENGTH-i] *= coefs[i];
                }

The first loop leaves coefs[FFT_LENGTH/2-1] uninitialized because it
only runs while bin < FFT_LENGTH/2-1.

The second loop reads from coefs[FFT_LENGTH/2-1], boom!

With some bad luck (which I had, of course, and of course only in
hard to reproduce circumstances) the uninitialized value will be NaN
which due to the FFT poisons the whole output with NaN.

Fix (note the "-1" is not needed at all. Maybe someone thought so
because of the "+1" in the line below, but that doesn't apply to bin
at all):

--- mbeq_1197.xml
+++ mbeq_1197.xml
@@ -140,7 +140,7 @@
 
 // Calculate coefficients for each bin of FFT
 coefs[0] = 0.0f;
-for (bin=1; bin < (FFT_LENGTH/2-1); bin++) {
+for (bin=1; bin < (FFT_LENGTH/2); bin++) {
 	coefs[bin] = ((1.0f-bin_delta[bin]) * gains[bin_base[bin]])
 		      + (bin_delta[bin] * gains[bin_base[bin]+1]);
 }

-- System Information:
Debian Release: 11.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-9-amd64 (SMP w/24 CPU threads)
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages swh-plugins depends on:
ii  libc6             2.31-13+deb11u2
ii  libfftw3-single3  3.3.8-2
ii  libgsm1           1.0.18-2

swh-plugins recommends no packages.

swh-plugins suggests no packages.

-- no debconf information

More information about the pkg-multimedia-maintainers mailing list