| Message ID | 20240530023927.1205442-1-dev@lynne.ee |
|---|---|
| Headers | show |
| Series | aacdec: add a native xHE-AAC decoder | expand |
On 30/05/2024 04:37, Lynne wrote: > This commit adds a decoder for the frequency-domain part of USAC. > > Changes over version 4: > - Actually reset entropy decoding upon configuration. > - Support for LFE channels. > > Lynne (10): > channel_layout: add new channel positions supported by xHE-AAC > aacdec: move from scalefactor ranged arrays to flat arrays > aacdec: expose channel layout related functions > aacdec: expose decode_tns > aacdec_dsp: implement 768-point transform and windowing > aactab: add deemphasis tables for USAC > aactab: add tables for the new USAC arithmetic coder > aactab: add new scalefactor offset tables for 96/768pt windows > aacdec: add a decoder for AAC USAC (xHE-AAC) > fate: add tests for xHE-AAC > > libavcodec/aac/Makefile | 3 +- > libavcodec/aac/aacdec.c | 371 +++--- > libavcodec/aac/aacdec.h | 219 +++- > libavcodec/aac/aacdec_ac.c | 208 ++++ > libavcodec/aac/aacdec_ac.h | 54 + > libavcodec/aac/aacdec_dsp_template.c | 162 ++- > libavcodec/aac/aacdec_fixed.c | 2 + > libavcodec/aac/aacdec_float.c | 4 + > libavcodec/aac/aacdec_latm.h | 14 +- > libavcodec/aac/aacdec_lpd.c | 198 ++++ > libavcodec/aac/aacdec_lpd.h | 33 + > libavcodec/aac/aacdec_usac.c | 1608 ++++++++++++++++++++++++++ > libavcodec/aac/aacdec_usac.h | 37 + > libavcodec/aactab.c | 560 +++++++++ > libavcodec/aactab.h | 22 + > libavcodec/sinewin_fixed_tablegen.c | 2 + > libavcodec/sinewin_fixed_tablegen.h | 4 + > libavutil/channel_layout.c | 4 + > libavutil/channel_layout.h | 8 + > tests/fate/aac.mak | 8 + > 20 files changed, 3286 insertions(+), 235 deletions(-) > create mode 100644 libavcodec/aac/aacdec_ac.c > create mode 100644 libavcodec/aac/aacdec_ac.h > create mode 100644 libavcodec/aac/aacdec_lpd.c > create mode 100644 libavcodec/aac/aacdec_lpd.h > create mode 100644 libavcodec/aac/aacdec_usac.c > create mode 100644 libavcodec/aac/aacdec_usac.h Patchset pushed. Thanks for the reviews.
On Thu, May 30, 2024 at 04:37:08AM +0200, Lynne via ffmpeg-devel wrote: > This commit adds a decoder for the frequency-domain part of USAC. > > Changes over version 4: > - Actually reset entropy decoding upon configuration. > - Support for LFE channels. > > Lynne (10): > channel_layout: add new channel positions supported by xHE-AAC > aacdec: move from scalefactor ranged arrays to flat arrays > aacdec: expose channel layout related functions > aacdec: expose decode_tns > aacdec_dsp: implement 768-point transform and windowing > aactab: add deemphasis tables for USAC > aactab: add tables for the new USAC arithmetic coder > aactab: add new scalefactor offset tables for 96/768pt windows > aacdec: add a decoder for AAC USAC (xHE-AAC) > fate: add tests for xHE-AAC > > libavcodec/aac/Makefile | 3 +- > libavcodec/aac/aacdec.c | 371 +++--- > libavcodec/aac/aacdec.h | 219 +++- > libavcodec/aac/aacdec_ac.c | 208 ++++ > libavcodec/aac/aacdec_ac.h | 54 + > libavcodec/aac/aacdec_dsp_template.c | 162 ++- > libavcodec/aac/aacdec_fixed.c | 2 + > libavcodec/aac/aacdec_float.c | 4 + > libavcodec/aac/aacdec_latm.h | 14 +- > libavcodec/aac/aacdec_lpd.c | 198 ++++ > libavcodec/aac/aacdec_lpd.h | 33 + > libavcodec/aac/aacdec_usac.c | 1608 ++++++++++++++++++++++++++ > libavcodec/aac/aacdec_usac.h | 37 + > libavcodec/aactab.c | 560 +++++++++ > libavcodec/aactab.h | 22 + > libavcodec/sinewin_fixed_tablegen.c | 2 + > libavcodec/sinewin_fixed_tablegen.h | 4 + > libavutil/channel_layout.c | 4 + > libavutil/channel_layout.h | 8 + > tests/fate/aac.mak | 8 + > 20 files changed, 3286 insertions(+), 235 deletions(-) > create mode 100644 libavcodec/aac/aacdec_ac.c > create mode 100644 libavcodec/aac/aacdec_ac.h > create mode 100644 libavcodec/aac/aacdec_lpd.c > create mode 100644 libavcodec/aac/aacdec_lpd.h > create mode 100644 libavcodec/aac/aacdec_usac.c > create mode 100644 libavcodec/aac/aacdec_usac.h This patchset seems to introduce some issue Ill mail you the testcase Running: 70425/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-6007809271988224 ================================================================= ==87684==ERROR: AddressSanitizer: heap-use-after-free on address 0x7f465944c648 at pc 0x0000004df24c bp 0x7fffbe95eac0 sp 0x7fffbe95eab8 WRITE of size 8 at 0x7f465944c648 thread T0 #0 0x4df24b in frame_configure_elements ffmpeg/libavcodec/aac/aacdec.c:201:44 #1 0x5083d7 in aac_decode_frame_int ffmpeg/libavcodec/aac/aacdec.c:2398:16 #2 0x4fb930 in aac_decode_frame ffmpeg/libavcodec/aac/aacdec.c:2481:15 #3 0x68f21f in decode_simple_internal ffmpeg/libavcodec/decode.c:429:20 #4 0x68f21f in decode_simple_receive_frame ffmpeg/libavcodec/decode.c:600 #5 0x68f21f in decode_receive_frame_internal ffmpeg/libavcodec/decode.c:631 #6 0x68dc4d in avcodec_send_packet ffmpeg/libavcodec/decode.c:721:15 #7 0x4d1e65 in LLVMFuzzerTestOneInput ffmpeg/tools/target_dec_fuzzer.c:534:25 #8 0x192519d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) Fuzzer/build/../FuzzerLoop.cpp:495:13 #9 0x1919d72 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) Fuzzer/build/../FuzzerDriver.cpp:273:6 #10 0x191ef71 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) Fuzzer/build/../FuzzerDriver.cpp:690:9 #11 0x1919a50 in main Fuzzer/build/../FuzzerMain.cpp:20:10 #12 0x7f465c594082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) #13 0x42402d in _start (ffmpeg/tools/target_dec_aac_fixed_fuzzer+0x42402d) 0x7f465944c648 is located 40520 bytes inside of 642496-byte region [0x7f4659442800,0x7f46594df5c0) freed by thread T0 here: #0 0x49bd2d in free /b/swarming/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/asan/asan_malloc_linux.cc:123:3 #1 0x4dceb0 in che_configure ffmpeg/libavcodec/aac/aacdec.c:168:9 #2 0x4d9587 in ff_aac_output_configure ffmpeg/libavcodec/aac/aacdec.c:492:15 #3 0x576abd in ff_aac_usac_config_decode ffmpeg/libavcodec/aac/aacdec_usac.c:509:11 #4 0x500a1a in decode_audio_specific_config_gb ffmpeg/libavcodec/aac/aacdec.c:1050:20 #5 0x4e71ef in decode_audio_specific_config ffmpeg/libavcodec/aac/aacdec.c:1094:12 #6 0x4e596a in ff_aac_decode_init ffmpeg/libavcodec/aac/aacdec.c:1188:20 #7 0x518aee in ff_aac_decode_init_fixed ffmpeg/libavcodec/aac/aacdec_fixed.c:104:12 #8 0x66ca49 in avcodec_open2 ffmpeg/libavcodec/avcodec.c:326:19 #9 0x4cff68 in LLVMFuzzerTestOneInput ffmpeg/tools/target_dec_fuzzer.c:460:15 #10 0x192519d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) Fuzzer/build/../FuzzerLoop.cpp:495:13 #11 0x1919d72 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) Fuzzer/build/../FuzzerDriver.cpp:273:6 #12 0x191ef71 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) Fuzzer/build/../FuzzerDriver.cpp:690:9 #13 0x1919a50 in main Fuzzer/build/../FuzzerMain.cpp:20:10 #14 0x7f465c594082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) previously allocated by thread T0 here: #0 0x49ca47 in posix_memalign /b/swarming/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/asan/asan_malloc_linux.cc:226:3 #1 0x1615548 in av_malloc ffmpeg/libavutil/mem.c:107:9 #2 0x1615ca7 in av_mallocz ffmpeg/libavutil/mem.c:258:17 #3 0x60b5af in ff_aac_sbr_ctx_alloc_init_fixed ffmpeg/libavcodec/aacsbr_template.c:74:30 #4 0x4dcd96 in che_configure ffmpeg/libavcodec/aac/aacdec.c:149:23 #5 0x4d9587 in ff_aac_output_configure ffmpeg/libavcodec/aac/aacdec.c:492:15 #6 0x576abd in ff_aac_usac_config_decode ffmpeg/libavcodec/aac/aacdec_usac.c:509:11 #7 0x500a1a in decode_audio_specific_config_gb ffmpeg/libavcodec/aac/aacdec.c:1050:20 #8 0x4e71ef in decode_audio_specific_config ffmpeg/libavcodec/aac/aacdec.c:1094:12 #9 0x4e596a in ff_aac_decode_init ffmpeg/libavcodec/aac/aacdec.c:1188:20 #10 0x518aee in ff_aac_decode_init_fixed ffmpeg/libavcodec/aac/aacdec_fixed.c:104:12 #11 0x66ca49 in avcodec_open2 ffmpeg/libavcodec/avcodec.c:326:19 #12 0x4cff68 in LLVMFuzzerTestOneInput ffmpeg/tools/target_dec_fuzzer.c:460:15 #13 0x192519d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) Fuzzer/build/../FuzzerLoop.cpp:495:13 #14 0x1919d72 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) Fuzzer/build/../FuzzerDriver.cpp:273:6 #15 0x191ef71 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) Fuzzer/build/../FuzzerDriver.cpp:690:9 #16 0x1919a50 in main Fuzzer/build/../FuzzerMain.cpp:20:10 #17 0x7f465c594082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) SUMMARY: AddressSanitizer: heap-use-after-free ffmpeg/libavcodec/aac/aacdec.c:201:44 in frame_configure_elements Shadow bytes around the buggy address: 0x0fe94b281870: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0fe94b281880: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0fe94b281890: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0fe94b2818a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0fe94b2818b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x0fe94b2818c0: fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd 0x0fe94b2818d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0fe94b2818e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0fe94b2818f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0fe94b281900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0fe94b281910: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==87684==ABORTING [...]
On 20/07/2024 01:42, Michael Niedermayer wrote: > On Thu, May 30, 2024 at 04:37:08AM +0200, Lynne via ffmpeg-devel wrote: >> This commit adds a decoder for the frequency-domain part of USAC. >> >> Changes over version 4: >> - Actually reset entropy decoding upon configuration. >> - Support for LFE channels. >> >> Lynne (10): >> channel_layout: add new channel positions supported by xHE-AAC >> aacdec: move from scalefactor ranged arrays to flat arrays >> aacdec: expose channel layout related functions >> aacdec: expose decode_tns >> aacdec_dsp: implement 768-point transform and windowing >> aactab: add deemphasis tables for USAC >> aactab: add tables for the new USAC arithmetic coder >> aactab: add new scalefactor offset tables for 96/768pt windows >> aacdec: add a decoder for AAC USAC (xHE-AAC) >> fate: add tests for xHE-AAC >> >> libavcodec/aac/Makefile | 3 +- >> libavcodec/aac/aacdec.c | 371 +++--- >> libavcodec/aac/aacdec.h | 219 +++- >> libavcodec/aac/aacdec_ac.c | 208 ++++ >> libavcodec/aac/aacdec_ac.h | 54 + >> libavcodec/aac/aacdec_dsp_template.c | 162 ++- >> libavcodec/aac/aacdec_fixed.c | 2 + >> libavcodec/aac/aacdec_float.c | 4 + >> libavcodec/aac/aacdec_latm.h | 14 +- >> libavcodec/aac/aacdec_lpd.c | 198 ++++ >> libavcodec/aac/aacdec_lpd.h | 33 + >> libavcodec/aac/aacdec_usac.c | 1608 ++++++++++++++++++++++++++ >> libavcodec/aac/aacdec_usac.h | 37 + >> libavcodec/aactab.c | 560 +++++++++ >> libavcodec/aactab.h | 22 + >> libavcodec/sinewin_fixed_tablegen.c | 2 + >> libavcodec/sinewin_fixed_tablegen.h | 4 + >> libavutil/channel_layout.c | 4 + >> libavutil/channel_layout.h | 8 + >> tests/fate/aac.mak | 8 + >> 20 files changed, 3286 insertions(+), 235 deletions(-) >> create mode 100644 libavcodec/aac/aacdec_ac.c >> create mode 100644 libavcodec/aac/aacdec_ac.h >> create mode 100644 libavcodec/aac/aacdec_lpd.c >> create mode 100644 libavcodec/aac/aacdec_lpd.h >> create mode 100644 libavcodec/aac/aacdec_usac.c >> create mode 100644 libavcodec/aac/aacdec_usac.h > > This patchset seems to introduce some issue > Ill mail you the testcase > > Running: 70425/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-6007809271988224 > ================================================================= > ==87684==ERROR: AddressSanitizer: heap-use-after-free on address 0x7f465944c648 at pc 0x0000004df24c bp 0x7fffbe95eac0 sp 0x7fffbe95eab8 > WRITE of size 8 at 0x7f465944c648 thread T0 > #0 0x4df24b in frame_configure_elements ffmpeg/libavcodec/aac/aacdec.c:201:44 > #1 0x5083d7 in aac_decode_frame_int ffmpeg/libavcodec/aac/aacdec.c:2398:16 > #2 0x4fb930 in aac_decode_frame ffmpeg/libavcodec/aac/aacdec.c:2481:15 > #3 0x68f21f in decode_simple_internal ffmpeg/libavcodec/decode.c:429:20 > #4 0x68f21f in decode_simple_receive_frame ffmpeg/libavcodec/decode.c:600 > #5 0x68f21f in decode_receive_frame_internal ffmpeg/libavcodec/decode.c:631 > #6 0x68dc4d in avcodec_send_packet ffmpeg/libavcodec/decode.c:721:15 > #7 0x4d1e65 in LLVMFuzzerTestOneInput ffmpeg/tools/target_dec_fuzzer.c:534:25 > #8 0x192519d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) Fuzzer/build/../FuzzerLoop.cpp:495:13 > #9 0x1919d72 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) Fuzzer/build/../FuzzerDriver.cpp:273:6 > #10 0x191ef71 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) Fuzzer/build/../FuzzerDriver.cpp:690:9 > #11 0x1919a50 in main Fuzzer/build/../FuzzerMain.cpp:20:10 > #12 0x7f465c594082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) > #13 0x42402d in _start (ffmpeg/tools/target_dec_aac_fixed_fuzzer+0x42402d) > > 0x7f465944c648 is located 40520 bytes inside of 642496-byte region [0x7f4659442800,0x7f46594df5c0) > freed by thread T0 here: > #0 0x49bd2d in free /b/swarming/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/asan/asan_malloc_linux.cc:123:3 > #1 0x4dceb0 in che_configure ffmpeg/libavcodec/aac/aacdec.c:168:9 > #2 0x4d9587 in ff_aac_output_configure ffmpeg/libavcodec/aac/aacdec.c:492:15 > #3 0x576abd in ff_aac_usac_config_decode ffmpeg/libavcodec/aac/aacdec_usac.c:509:11 > #4 0x500a1a in decode_audio_specific_config_gb ffmpeg/libavcodec/aac/aacdec.c:1050:20 > #5 0x4e71ef in decode_audio_specific_config ffmpeg/libavcodec/aac/aacdec.c:1094:12 > #6 0x4e596a in ff_aac_decode_init ffmpeg/libavcodec/aac/aacdec.c:1188:20 > #7 0x518aee in ff_aac_decode_init_fixed ffmpeg/libavcodec/aac/aacdec_fixed.c:104:12 > #8 0x66ca49 in avcodec_open2 ffmpeg/libavcodec/avcodec.c:326:19 > #9 0x4cff68 in LLVMFuzzerTestOneInput ffmpeg/tools/target_dec_fuzzer.c:460:15 > #10 0x192519d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) Fuzzer/build/../FuzzerLoop.cpp:495:13 > #11 0x1919d72 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) Fuzzer/build/../FuzzerDriver.cpp:273:6 > #12 0x191ef71 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) Fuzzer/build/../FuzzerDriver.cpp:690:9 > #13 0x1919a50 in main Fuzzer/build/../FuzzerMain.cpp:20:10 > #14 0x7f465c594082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) > > previously allocated by thread T0 here: > #0 0x49ca47 in posix_memalign /b/swarming/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/asan/asan_malloc_linux.cc:226:3 > #1 0x1615548 in av_malloc ffmpeg/libavutil/mem.c:107:9 > #2 0x1615ca7 in av_mallocz ffmpeg/libavutil/mem.c:258:17 > #3 0x60b5af in ff_aac_sbr_ctx_alloc_init_fixed ffmpeg/libavcodec/aacsbr_template.c:74:30 > #4 0x4dcd96 in che_configure ffmpeg/libavcodec/aac/aacdec.c:149:23 > #5 0x4d9587 in ff_aac_output_configure ffmpeg/libavcodec/aac/aacdec.c:492:15 > #6 0x576abd in ff_aac_usac_config_decode ffmpeg/libavcodec/aac/aacdec_usac.c:509:11 > #7 0x500a1a in decode_audio_specific_config_gb ffmpeg/libavcodec/aac/aacdec.c:1050:20 > #8 0x4e71ef in decode_audio_specific_config ffmpeg/libavcodec/aac/aacdec.c:1094:12 > #9 0x4e596a in ff_aac_decode_init ffmpeg/libavcodec/aac/aacdec.c:1188:20 > #10 0x518aee in ff_aac_decode_init_fixed ffmpeg/libavcodec/aac/aacdec_fixed.c:104:12 > #11 0x66ca49 in avcodec_open2 ffmpeg/libavcodec/avcodec.c:326:19 > #12 0x4cff68 in LLVMFuzzerTestOneInput ffmpeg/tools/target_dec_fuzzer.c:460:15 > #13 0x192519d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) Fuzzer/build/../FuzzerLoop.cpp:495:13 > #14 0x1919d72 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) Fuzzer/build/../FuzzerDriver.cpp:273:6 > #15 0x191ef71 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) Fuzzer/build/../FuzzerDriver.cpp:690:9 > #16 0x1919a50 in main Fuzzer/build/../FuzzerMain.cpp:20:10 > #17 0x7f465c594082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) > > SUMMARY: AddressSanitizer: heap-use-after-free ffmpeg/libavcodec/aac/aacdec.c:201:44 in frame_configure_elements > Shadow bytes around the buggy address: > 0x0fe94b281870: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd > 0x0fe94b281880: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd > 0x0fe94b281890: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd > 0x0fe94b2818a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd > 0x0fe94b2818b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd > =>0x0fe94b2818c0: fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd > 0x0fe94b2818d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd > 0x0fe94b2818e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd > 0x0fe94b2818f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd > 0x0fe94b281900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd > 0x0fe94b281910: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd > Shadow byte legend (one shadow byte represents 8 application bytes): > Addressable: 00 > Partially addressable: 01 02 03 04 05 06 07 > Heap left redzone: fa > Freed heap region: fd > Stack left redzone: f1 > Stack mid redzone: f2 > Stack right redzone: f3 > Stack after return: f5 > Stack use after scope: f8 > Global redzone: f9 > Global init order: f6 > Poisoned by user: f7 > Container overflow: fc > Array cookie: ac > Intra object redzone: bb > ASan internal: fe > Left alloca redzone: ca > Right alloca redzone: cb > Shadow gap: cc > ==87684==ABORTING Thanks, looks simple, I'll send a patch