There is a heap buffer overflow error in PocketsphinxAligner::recognise. It can be reproduced with the latest master and the following files files and executing ./ccaligner -wav Math.wav -srt Math.srt. Here's the complete log for someone who wants to investigate (I have no idea what causes this, sorry):
==16346==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62e00001668a at pc 0x0000004a9d79 bp 0x7ffccbbcf1b0 sp 0x7ffccbbce950
READ of size 320 at 0x62e00001668a thread T0
#0 0x4a9d78 in memcpy /home/blitz/projects/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:739:5
#1 0xdbafab in fe_shift_frame (/home/blitz/projects/CCAligner-upstream/install/ccaligner+0xdbafab)
#2 0xdb84e4 in fe_process_frames_ext (/home/blitz/projects/CCAligner-upstream/install/ccaligner+0xdb84e4)
#3 0xdb80a9 in fe_process_frames (/home/blitz/projects/CCAligner-upstream/install/ccaligner+0xdb80a9)
#4 0xd80ed2 in acmod_process_raw (/home/blitz/projects/CCAligner-upstream/install/ccaligner+0xd80ed2)
#5 0xd78aa3 in ps_process_raw (/home/blitz/projects/CCAligner-upstream/install/ccaligner+0xd78aa3)
#6 0x9ad10c in PocketsphinxAligner::recognise() /home/blitz/projects/CCAligner-upstream/src/lib_ccaligner/recognize_using_pocketsphinx.cpp:477:19
#7 0x9afe4b in PocketsphinxAligner::align() /home/blitz/projects/CCAligner-upstream/src/lib_ccaligner/recognize_using_pocketsphinx.cpp:557:13
#8 0x56044f in CCAligner::initAligner() /home/blitz/projects/CCAligner-upstream/src/ccaligner.cpp:58:42
#9 0x560abe in main /home/blitz/projects/CCAligner-upstream/src/ccaligner.cpp:76:28
#10 0x7fcc542e8f69 in __libc_start_main (/usr/lib/libc.so.6+0x20f69)
#11 0x48f599 in _start (/home/blitz/projects/CCAligner-upstream/install/ccaligner+0x48f599)
0x62e00001668a is located 0 bytes to the right of 41610-byte region [0x62e00000c400,0x62e00001668a)
allocated by thread T0 here:
#0 0x55cb62 in operator new(unsigned long) /home/blitz/projects/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cc:92:3
#1 0x937f38 in std::__1::__allocate(unsigned long) /usr/bin/../include/c++/v1/new:228:10
#2 0x937f38 in std::__1::allocator<short>::allocate(unsigned long, void const*) /usr/bin/../include/c++/v1/memory:1790
#3 0x937f38 in std::__1::allocator_traits<std::__1::allocator<short> >::allocate(std::__1::allocator<short>&, unsigned long) /usr/bin/../include/c++/v1/memory:1544
#4 0x937f38 in std::__1::vector<short, std::__1::allocator<short> >::allocate(unsigned long) /usr/bin/../include/c++/v1/vector:937
#5 0x9cd670 in _ZNSt3__16vectorIsNS_9allocatorIsEEE6assignIPsEENS_9enable_ifIXaasr21__is_forward_iteratorIT_EE5valuesr16is_constructibleIsNS_15iterator_traitsIS7_E9referenceEEE5valueEvE4typeES7_S7_ /usr/bin/../include/c++/v1/vector:1414:9
#6 0x979bc7 in std::__1::vector<short, std::__1::allocator<short> >::operator=(std::__1::vector<short, std::__1::allocator<short> > const&) /usr/bin/../include/c++/v1/vector:1359:9
#7 0x979bc7 in PocketsphinxAligner::PocketsphinxAligner(Params*) /home/blitz/projects/CCAligner-upstream/src/lib_ccaligner/recognize_using_pocketsphinx.cpp:45
#8 0x560446 in CCAligner::initAligner() /home/blitz/projects/CCAligner-upstream/src/ccaligner.cpp:58:9
#9 0x560abe in main /home/blitz/projects/CCAligner-upstream/src/ccaligner.cpp:76:28
#10 0x7fcc542e8f69 in __libc_start_main (/usr/lib/libc.so.6+0x20f69)
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/blitz/projects/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:739:5 in memcpy
Shadow bytes around the buggy address:
0x0c5c7fffac80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c5c7fffac90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c5c7fffaca0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c5c7fffacb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c5c7fffacc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c5c7fffacd0: 00[02]fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c5c7ffface0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c5c7fffacf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c5c7fffad00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c5c7fffad10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c5c7fffad20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==16346==ABORTING
There is a heap buffer overflow error in
PocketsphinxAligner::recognise
. It can be reproduced with the latest master and the following files files and executing./ccaligner -wav Math.wav -srt Math.srt
. Here's the complete log for someone who wants to investigate (I have no idea what causes this, sorry):