- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, i think i found a bug in ippsHighPassFilter_G729_16s_ISfs(). I'm using version 4.1 of the IPP library. Take the following code:
#include
#include
#include
int main()
{
int const length = 80;
std::vector scratch_mem(1024);
std::vector dst(length + 1);
//put a single magic word at the end of the dst array
dst[length] = 0x1234;
ippsHighPassFilter_G729_16s_ISfs(
&dst[0],
length,
13,
&scratch_mem[0]);
return 0;
}
Note that i specifically put a magic value of 0x1234 at the end of the dst array. the ipps function should never try to read/use this value, however if you step down into the disassembly of the ipps function, you will see the following instruction:
movd mm3,dword ptr [ebp+ecx*2]
where ebp points to the base of dst, and ecx loops from 0 to length-1. note that it doesn't read in a word from the dst array, it actually reads in a dword. This means that when ecx reaches length-1, we actually read the last two bytes of the array + the two bytes immediately following the array.
In my app above this is ok because the two bytes following dst[length-1] are my magic bytes, however if there is nothing beyond this arrary, then this would be an access violation.
Is anyone able to verify this, and/or tell me whether this has been fixed in more recent versions of IPP?
Cheers,
Mark van Dijk
#include
#include
#include
int main()
{
int const length = 80;
std::vector
std::vector
//put a single magic word at the end of the dst array
dst[length] = 0x1234;
ippsHighPassFilter_G729_16s_ISfs(
&dst[0],
length,
13,
&scratch_mem[0]);
return 0;
}
Note that i specifically put a magic value of 0x1234 at the end of the dst array. the ipps function should never try to read/use this value, however if you step down into the disassembly of the ipps function, you will see the following instruction:
movd mm3,dword ptr [ebp+ecx*2]
where ebp points to the base of dst, and ecx loops from 0 to length-1. note that it doesn't read in a word from the dst array, it actually reads in a dword. This means that when ecx reaches length-1, we actually read the last two bytes of the array + the two bytes immediately following the array.
In my app above this is ok because the two bytes following dst[length-1] are my magic bytes, however if there is nothing beyond this arrary, then this would be an access violation.
Is anyone able to verify this, and/or tell me whether this has been fixed in more recent versions of IPP?
Cheers,
Mark van Dijk
Link Copied
1 Reply
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Mark
Thank you for reportinga bug in IPP. Though this bug does not affect IPP G729 codec it might affect an application withthis functionstanalone use in someenvironment .It will be fixed in nearest IPP release.
Vyacheslav,
IPP, speech coding domain

Reply
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page