search

mackron / dr_libs

Audio decoding libraries for C/C++, each in a single source file.
Other
1.26k stars 206 forks source link

Use of uninitialised values #181

Closed falkTX closed 2 years ago

falkTX commented 3 years ago

Hi. I am investigating using dr_mp3.h for my project. There are a few issues, some which I am not sure yet if my fault or not. But one that I see right away through valgrind is reading "uninitialized value" (though it seems like it is just reading from invalid parts of memory)

==1812776== Use of uninitialised value of size 8
==1812776==    at 0x824112: drmp3_L3_huffman (dr_mp3.h:1364)
==1812776==    by 0x826344: drmp3_L3_decode (dr_mp3.h:1745)
==1812776==    by 0x829DD7: drmp3dec_decode_frame (dr_mp3.h:2270)
==1812776==    by 0x82ACE3: drmp3_decode_next_frame_ex__callbacks (dr_mp3.h:2693)
==1812776==    by 0x82B0F0: drmp3_decode_next_frame_ex (dr_mp3.h:2779)
==1812776==    by 0x82B142: drmp3_decode_next_frame (dr_mp3.h:2786)
==1812776==    by 0x82C558: drmp3_read_pcm_frames_raw (dr_mp3.h:3636)
==1812776==    by 0x82C5C0: drmp3_read_pcm_frames_f32 (dr_mp3.h:3653)
==1812776==    by 0x82C8B3: drmp3_seek_forward_by_pcm_frames__brute_force (dr_mp3.h:3757)
==1812776==    by 0x82C99A: drmp3_seek_to_pcm_frame__brute_force (dr_mp3.h:3788)
==1812776==    by 0x82CCE9: drmp3_seek_to_pcm_frame (dr_mp3.h:3887)
==1812776==    by 0x82E2FC: ad_seek_minimp3 (ad_dr_mp3.c:82)
==1812776== 
==1812776== Use of uninitialised value of size 8
==1812776==    at 0x824155: drmp3_L3_huffman (dr_mp3.h:1367)
==1812776==    by 0x826344: drmp3_L3_decode (dr_mp3.h:1745)
==1812776==    by 0x829DD7: drmp3dec_decode_frame (dr_mp3.h:2270)
==1812776==    by 0x82ACE3: drmp3_decode_next_frame_ex__callbacks (dr_mp3.h:2693)
==1812776==    by 0x82B0F0: drmp3_decode_next_frame_ex (dr_mp3.h:2779)
==1812776==    by 0x82B142: drmp3_decode_next_frame (dr_mp3.h:2786)
==1812776==    by 0x82C558: drmp3_read_pcm_frames_raw (dr_mp3.h:3636)
==1812776==    by 0x82C5C0: drmp3_read_pcm_frames_f32 (dr_mp3.h:3653)
==1812776==    by 0x82C8B3: drmp3_seek_forward_by_pcm_frames__brute_force (dr_mp3.h:3757)
==1812776==    by 0x82C99A: drmp3_seek_to_pcm_frame__brute_force (dr_mp3.h:3788)
==1812776==    by 0x82CCE9: drmp3_seek_to_pcm_frame (dr_mp3.h:3887)
==1812776==    by 0x82E2FC: ad_seek_minimp3 (ad_dr_mp3.c:82)
==1812776== 
==1812776== Use of uninitialised value of size 8
==1812776==    at 0x824038: drmp3_L3_huffman (dr_mp3.h:1352)
==1812776==    by 0x826344: drmp3_L3_decode (dr_mp3.h:1745)
==1812776==    by 0x829DD7: drmp3dec_decode_frame (dr_mp3.h:2270)
==1812776==    by 0x82ACE3: drmp3_decode_next_frame_ex__callbacks (dr_mp3.h:2693)
==1812776==    by 0x82B0F0: drmp3_decode_next_frame_ex (dr_mp3.h:2779)
==1812776==    by 0x82B142: drmp3_decode_next_frame (dr_mp3.h:2786)
==1812776==    by 0x82C558: drmp3_read_pcm_frames_raw (dr_mp3.h:3636)
==1812776==    by 0x82C5C0: drmp3_read_pcm_frames_f32 (dr_mp3.h:3653)
==1812776==    by 0x82C8B3: drmp3_seek_forward_by_pcm_frames__brute_force (dr_mp3.h:3757)
==1812776==    by 0x82C99A: drmp3_seek_to_pcm_frame__brute_force (dr_mp3.h:3788)
==1812776==    by 0x82CCE9: drmp3_seek_to_pcm_frame (dr_mp3.h:3887)
==1812776==    by 0x82E2FC: ad_seek_minimp3 (ad_dr_mp3.c:82)
==1812776== 
==1812776== Use of uninitialised value of size 8
==1812776==    at 0x823E99: drmp3_L3_huffman (dr_mp3.h:1323)
==1812776==    by 0x826344: drmp3_L3_decode (dr_mp3.h:1745)
==1812776==    by 0x829DD7: drmp3dec_decode_frame (dr_mp3.h:2270)
==1812776==    by 0x82ACE3: drmp3_decode_next_frame_ex__callbacks (dr_mp3.h:2693)
==1812776==    by 0x82B0F0: drmp3_decode_next_frame_ex (dr_mp3.h:2779)
==1812776==    by 0x82B142: drmp3_decode_next_frame (dr_mp3.h:2786)
==1812776==    by 0x82C558: drmp3_read_pcm_frames_raw (dr_mp3.h:3636)
==1812776==    by 0x82C5C0: drmp3_read_pcm_frames_f32 (dr_mp3.h:3653)
==1812776==    by 0x82C8B3: drmp3_seek_forward_by_pcm_frames__brute_force (dr_mp3.h:3757)
==1812776==    by 0x82C99A: drmp3_seek_to_pcm_frame__brute_force (dr_mp3.h:3788)
==1812776==    by 0x82CCE9: drmp3_seek_to_pcm_frame (dr_mp3.h:3887)
==1812776==    by 0x82E2FC: ad_seek_minimp3 (ad_dr_mp3.c:82)
==1812776== 
==1812776== Use of uninitialised value of size 8
==1812776==    at 0x823F9D: drmp3_L3_huffman (dr_mp3.h:1340)
==1812776==    by 0x826344: drmp3_L3_decode (dr_mp3.h:1745)
==1812776==    by 0x829DD7: drmp3dec_decode_frame (dr_mp3.h:2270)
==1812776==    by 0x82ACE3: drmp3_decode_next_frame_ex__callbacks (dr_mp3.h:2693)
==1812776==    by 0x82B0F0: drmp3_decode_next_frame_ex (dr_mp3.h:2779)
==1812776==    by 0x82B142: drmp3_decode_next_frame (dr_mp3.h:2786)
==1812776==    by 0x82C558: drmp3_read_pcm_frames_raw (dr_mp3.h:3636)
==1812776==    by 0x82C5C0: drmp3_read_pcm_frames_f32 (dr_mp3.h:3653)
==1812776==    by 0x82C8B3: drmp3_seek_forward_by_pcm_frames__brute_force (dr_mp3.h:3757)
==1812776==    by 0x82C99A: drmp3_seek_to_pcm_frame__brute_force (dr_mp3.h:3788)
==1812776==    by 0x82CCE9: drmp3_seek_to_pcm_frame (dr_mp3.h:3887)
==1812776==    by 0x82E2FC: ad_seek_minimp3 (ad_dr_mp3.c:82)
==1812776==

what can I do to dig deeper into this?

mackron commented 3 years ago

I'm not sure what would be causing these to get triggered. The drmp3_L3_huffman() function is from minimp3 which is what dr_mp3 wraps around and is not maintained by me. However, that top one on line 1364 looks fine from what I can see. The only thing I can see that is 8 bytes is the codebook_count1 variable and that's initialized just fine.

I noticed that all of these are coming from a seek. Are you getting the error when reading like normal with drmp3_read_pcm_frames_*()?

falkTX commented 3 years ago

Sorry for late response, yes, I simply use that function for seeking and see the valgrind warning. Seems to me the issue is not the variables not being uninitialized, but rather that it reads data out of bounds. The code in question is here https://github.com/falkTX/Carla/blob/main/source/modules/audio_decoder/ad_dr_mp3.c#L86 Which is called from https://github.com/falkTX/Carla/blob/main/source/native-plugins/audio-base.hpp#L516 (This is my rough way of making a "preview" of the audio signal peaks)

I tried it again as I did a few general fixes, and get the same results:

==2805937== Use of uninitialised value of size 8
==2805937==    at 0x823FE2: drmp3_L3_huffman (dr_mp3.h:1364)
==2805937==    by 0x826214: drmp3_L3_decode (dr_mp3.h:1745)
==2805937==    by 0x829CA7: drmp3dec_decode_frame (dr_mp3.h:2270)
==2805937==    by 0x82ABB3: drmp3_decode_next_frame_ex__callbacks (dr_mp3.h:2693)
==2805937==    by 0x82AFC0: drmp3_decode_next_frame_ex (dr_mp3.h:2779)
==2805937==    by 0x82CAB2: drmp3_seek_to_pcm_frame__seek_table (dr_mp3.h:3856)
==2805937==    by 0x82CBA4: drmp3_seek_to_pcm_frame (dr_mp3.h:3885)
==2805937==    by 0x82E230: ad_seek_dr_mp3 (ad_dr_mp3.c:90)
==2805937==    by 0x83A97D: ad_seek (ad_plugin.c:106)
==2805937==    by 0x84205B: AudioFileReader::readFilePreview(unsigned int, float*) (audio-base.hpp:534)
==2805937==    by 0x84192E: AudioFileReader::loadFilename(char const*, unsigned int, unsigned int, float*) (audio-base.hpp:407)
==2805937==    by 0x8447D1: AudioFilePlugin::loadFilename(char const*) (audio-file.cpp:665)
==2805937==
==2805937== Use of uninitialised value of size 8
==2805937==    at 0x824025: drmp3_L3_huffman (dr_mp3.h:1367)
==2805937==    by 0x826214: drmp3_L3_decode (dr_mp3.h:1745)
==2805937==    by 0x829CA7: drmp3dec_decode_frame (dr_mp3.h:2270)
==2805937==    by 0x82ABB3: drmp3_decode_next_frame_ex__callbacks (dr_mp3.h:2693)
==2805937==    by 0x82AFC0: drmp3_decode_next_frame_ex (dr_mp3.h:2779)
==2805937==    by 0x82B012: drmp3_decode_next_frame (dr_mp3.h:2786)
==2805937==    by 0x82C428: drmp3_read_pcm_frames_raw (dr_mp3.h:3636)
==2805937==    by 0x82C490: drmp3_read_pcm_frames_f32 (dr_mp3.h:3653)
==2805937==    by 0x82C783: drmp3_seek_forward_by_pcm_frames__brute_force (dr_mp3.h:3757)
==2805937==    by 0x82CB16: drmp3_seek_to_pcm_frame__seek_table (dr_mp3.h:3870)
==2805937==    by 0x82CBA4: drmp3_seek_to_pcm_frame (dr_mp3.h:3885)
==2805937==    by 0x82E230: ad_seek_dr_mp3 (ad_dr_mp3.c:90)
==2805937== 
==2805937== Use of uninitialised value of size 8
==2805937==    at 0x823F08: drmp3_L3_huffman (dr_mp3.h:1352)
==2805937==    by 0x826214: drmp3_L3_decode (dr_mp3.h:1745)
==2805937==    by 0x829CA7: drmp3dec_decode_frame (dr_mp3.h:2270)
==2805937==    by 0x82ABB3: drmp3_decode_next_frame_ex__callbacks (dr_mp3.h:2693)
==2805937==    by 0x82AFC0: drmp3_decode_next_frame_ex (dr_mp3.h:2779)
==2805937==    by 0x82B012: drmp3_decode_next_frame (dr_mp3.h:2786)
==2805937==    by 0x82C428: drmp3_read_pcm_frames_raw (dr_mp3.h:3636)
==2805937==    by 0x82C490: drmp3_read_pcm_frames_f32 (dr_mp3.h:3653)
==2805937==    by 0x82C783: drmp3_seek_forward_by_pcm_frames__brute_force (dr_mp3.h:3757)
==2805937==    by 0x82CB16: drmp3_seek_to_pcm_frame__seek_table (dr_mp3.h:3870)
==2805937==    by 0x82CBA4: drmp3_seek_to_pcm_frame (dr_mp3.h:3885)
==2805937==    by 0x82E230: ad_seek_dr_mp3 (ad_dr_mp3.c:90)
==2805937== 
==2805937== Use of uninitialised value of size 8
==2805937==    at 0x823D69: drmp3_L3_huffman (dr_mp3.h:1323)
==2805937==    by 0x826214: drmp3_L3_decode (dr_mp3.h:1745)
==2805937==    by 0x829CA7: drmp3dec_decode_frame (dr_mp3.h:2270)
==2805937==    by 0x82ABB3: drmp3_decode_next_frame_ex__callbacks (dr_mp3.h:2693)
==2805937==    by 0x82AFC0: drmp3_decode_next_frame_ex (dr_mp3.h:2779)
==2805937==    by 0x82B012: drmp3_decode_next_frame (dr_mp3.h:2786)
==2805937==    by 0x82C428: drmp3_read_pcm_frames_raw (dr_mp3.h:3636)
==2805937==    by 0x82C490: drmp3_read_pcm_frames_f32 (dr_mp3.h:3653)
==2805937==    by 0x82C783: drmp3_seek_forward_by_pcm_frames__brute_force (dr_mp3.h:3757)
==2805937==    by 0x82CB16: drmp3_seek_to_pcm_frame__seek_table (dr_mp3.h:3870)
==2805937==    by 0x82CBA4: drmp3_seek_to_pcm_frame (dr_mp3.h:3885)
==2805937==    by 0x82E230: ad_seek_dr_mp3 (ad_dr_mp3.c:90)
==2805937== 
==2805937== Use of uninitialised value of size 8
==2805937==    at 0x823E6D: drmp3_L3_huffman (dr_mp3.h:1340)
==2805937==    by 0x826214: drmp3_L3_decode (dr_mp3.h:1745)
==2805937==    by 0x829CA7: drmp3dec_decode_frame (dr_mp3.h:2270)
==2805937==    by 0x82ABB3: drmp3_decode_next_frame_ex__callbacks (dr_mp3.h:2693)
==2805937==    by 0x82AFC0: drmp3_decode_next_frame_ex (dr_mp3.h:2779)
==2805937==    by 0x82B012: drmp3_decode_next_frame (dr_mp3.h:2786)
==2805937==    by 0x82C428: drmp3_read_pcm_frames_raw (dr_mp3.h:3636)
==2805937==    by 0x82C490: drmp3_read_pcm_frames_f32 (dr_mp3.h:3653)
==2805937==    by 0x82E292: ad_read_dr_mp3 (ad_dr_mp3.c:97)
==2805937==    by 0x83A9D3: ad_read (ad_plugin.c:112)
==2805937==    by 0x8426F1: AudioFileReader::readPoll() (audio-base.hpp:681)
==2805937==    by 0x84487F: AudioFilePlugin::loadFilename(char const*) (audio-file.cpp:678)
==2805937==
mackron commented 2 years ago

Closing this one. This is coming from minimp3 which I don't maintain. If it's ever fixed there I'll update dr_mp3.