Menu

#2 Out-of-bounds array access in adpcm

1.0
open
nobody
adpcm (1)
2015-05-26
2015-05-26
Keith Campbell
No

Step table is an array with size 89, but index 98 is accessed.

adpcm keith$ clang -g *.cpp -I ~/src/systemc/include/ -L ~/src/systemc/lib-macosx64/ -lsystemc -lstdc++ -o go
adpcm_encoder.cpp:147:11: warning: comparison of unsigned expression >= 0 is always true [-Wtautological-compare]
   if( enc>=0 && enc<=3 ) return 1;
       ~~~^ ~
1 warning generated.
tb_adpcm_encoder.cpp:44:32: warning: format specifies type 'float *' but the argument has type 'unsigned int *' [-Wformat]
    while(fscanf(in_file,"%f", &indata) != EOF){
                          ~~   ^~~~~~~
                          %u
tb_adpcm_encoder.cpp:144:76: warning: more '%' conversions than data arguments [-Wformat]
        fprintf(diff_file,"\nOutput missmatch[line:%d] Golden: %u -- Output: %d+i%d",line, out_golden, out_adpcm);   
                                                                                 ~^
2 warnings generated.
Keiths-MacBook-Pro-3:adpcm keith$ lldb go
(lldb) target create "go"
Current executable set to 'go' (x86_64).
(lldb) run
Process 38145 launched: '/Users/keith/src/s2cbench/S2CBench_v1.1/adpcm/go' (x86_64)

        SystemC 2.3.1-Accellera --- May 22 2015 16:50:30
        Copyright (c) 1996-2014 by all Contributors,
        ALL RIGHTS RESERVED
Process 38145 stopped
* thread #1: tid = 0x11afcd, 0x0000000100002d44 go`sc_dt::sc_uint<15>::operator=(this=0x00000001002c5670, a=0x00000001002c6000) + 20 at sc_uint.h:197, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x1002c6008)
    frame #0: 0x0000000100002d44 go`sc_dt::sc_uint<15>::operator=(this=0x00000001002c5670, a=0x00000001002c6000) + 20 at sc_uint.h:197
   194      { sc_uint_base::operator = ( a ); return *this; }
   195  
   196      sc_uint<w>& operator = ( const sc_uint<w>& a )
-> 197      { m_val = a.m_val; return *this; }
   198  
   199      template<class t="">
   200      sc_uint<w>& operator = ( const sc_generic_base<t>& a )
(lldb) up
frame #1: 0x0000000100001a71 go`adpcm::run(this=0x00007fff5fbff068) + 4145 at adpcm_encoder.cpp:79
   76       while(true){
   77   
   78         width.in_data = idata.read();
-> 79         divider = step_table[ index ];
   80   
   81         // Encode 
   82         diff = (width.in_data - width.pre_data) & 0x0000ffff;
(lldb) print index
(sc_dt::sc_uint<7>) $0 = {
  sc_dt::sc_uint_base = (m_val = 98, m_len = 7, m_ulen = 57)
}
(lldb) 
</t></w></class></w></w>

Discussion

Log in to post a comment.

MongoDB Logo MongoDB