Infinite loop in bcg729

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Infinite loop in bcg729

Alan Dennis
Hi,

We're using the bcg729 library, v1.0.4 and we've had it lock up in an
infinite loop.

I got a core dump and I'm digging through it to see what I can find, but
I thought I'd ask here too...

The backtrace is ...

Thread 8 (Thread 0x7f6994ff9700 (LWP 85810)):
#0  countLeadingZeros (x=0) at utils.h:113
#1  g729Log2_Q0Q16 (x=-8) at g729FixedPointMath.h:65
#2  bcg729_vad (VADChannelContext=0x7f692b6fd730,
reflectionCoefficient=2037114563,
LSFCoefficients=LSFCoefficients@entry=0x7f6994ff8720,
autoCorrelationCoefficients=autoCorrelationCoefficients@entry=0x7f6994ff8850,
autoCorrelationCoefficientsScale=<optimized out>,
signalCurrentFrame=0x7f699d134570) at vad.c:206
#3  0x00000000004d709f in bcg729Encoder
(encoderChannelContext=0x7f699d134480,
inputFrame=inputFrame@entry=0x7f699e069ce8, bitStream=0x7f699c82d88e
"\320j\365.\354\314\367\016\250\207",
bitStreamLength=bitStreamLength@entry=0x7f6994ff8b1f "\nЌ\377\224i\177")
at encoder.c:170
#4  0x000000000043607c in bcg729_codec_encode (codec=<optimized out>,
input=0x7f6994ff8cd0, output_buf_len=<optimized out>,
output=0x7f6994ff8be0) at bcg729.c:505
#5 ...

... which as you can see, it's tried to do g729Log2_Q0Q16(-8), which is
never going to end well!

The combination of word32_t x (i.e. signed) and while
(x<(word32_t)0x40000000) in countLeadingZeros means that when x is -8
(0xFFFF FFF8), it happily shifts left until it becomes 0, as it is
always < 0. Once x becomes 0, then it loops forever.

Quite how bcg729_vad managed to do that I'm not sure.

Any thoughts?

Thanks,
Alan.


_______________________________________________
Linphone-developers mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/linphone-developers
Reply | Threaded
Open this post in threaded view
|

Re: Infinite loop in bcg729

BOITEUX, FREDERIC-2
        Hi Alan,

Yes, it's the same problem I've encountered ! Check the fix Johan published in the bcg729 git tree !

        Frédéric Boiteux.

This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
_______________________________________________
Linphone-developers mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/linphone-developers
Reply | Threaded
Open this post in threaded view
|

Re: Infinite loop in bcg729

Alan Dennis
Yea, I saw your post in the archive just after I'd posted my question...

Great work on producing a reproducible test case! Looks as though it was
a great help in producing a quick fix, thanks to Johan.

Thanks,
Alan.

On 18/09/2020 15:08, BOITEUX, FREDERIC wrote:

> Hi Alan,
>
> Yes, it's the same problem I've encountered ! Check the fix Johan published in the bcg729 git tree !
>
> Frédéric Boiteux.
>
> This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
> _______________________________________________
> Linphone-developers mailing list
> [hidden email]
> https://lists.nongnu.org/mailman/listinfo/linphone-developers

_______________________________________________
Linphone-developers mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/linphone-developers