The m_parms.tot_errs array is not initialized prior to its first use
in the RDSDemod::biphase function. ASAN does not pick up on this
directly, but instead reports it as follows (note that ASAN fills
memory with 0xBE and -1094795586 is 0xBEBEBEBE):
./plugins/channelrx/demodbfm/rdsdemod.cpp:159:95: runtime error: signed
integer overflow: -1094795586 + -1094795586 cannot be represented in type
'int'
The m_parms.subcarr_bb array does not appear to be read prior to
initialization, but we initialize it to zero anyway for the sake
of good hygiene.
UBSan reports the following error when replaying an IQ stream:
./plugins/samplesource/filesource/filesourcegui.cpp:331:29: runtime
error: signed integer overflow: 2704064 * 1000 cannot be represented
in type 'int'
By rearranging the calculation, we can be sure that the calculation never
overflows.
The RTPSession::CreateCNAME function checks to see if the buffer that
it is provided already has any data in it, and appends to it if so. The
RTPSession::InternalCreate function calls this function with an uninitialized
buffer, which results in indeterminate behavior. To ensure that the CNAME
is properly created, we clear the buffer before use.
==30323== Conditional jump or move depends on uninitialised value(s)
==30323== at 0x4C30109: __strlen_sse2 (vg_replace_strmem.c:460)
==30323== by 0x85647A4: qrtplib::RTPSession::CreateCNAME(unsigned char*, unsigned long*, bool) (rtpsession.cpp:1150)
==30323== by 0x8564B35: qrtplib::RTPSession::InternalCreate(qrtplib::RTPSessionParams const&) (rtpsession.cpp:218)
==30323== by 0x5499159: RTPSink::RTPSink(QUdpSocket*, int, bool) (rtpsink.cpp:48)
==30323== by 0x5420B6A: AudioNetSink::AudioNetSink(QObject*, int, bool) (audionetsink.cpp:42)
==30323== by 0x541F465: AudioOutput::start(int, int) (audiooutput.cpp:114)
==30323== by 0x5412763: AudioDeviceManager::startAudioOutput(int) (audiodevicemanager.cpp:361)
==30323== by 0x5412B0C: AudioDeviceManager::addAudioSink(AudioFifo*, MessageQueue*, int) (audiodevicemanager.cpp:229)
==30323== by 0x33F96DE7: BFMDemod::BFMDemod(DeviceSourceAPI*) (bfmdemod.cpp:56)
==30323== by 0x33FB03F2: non-virtual thunk to BFMPlugin::createRxChannelBS(DeviceSourceAPI*) (bfmplugin.cpp:62)
==30323== by 0x4F47F25: DeviceUISet::loadRxChannelSettings(Preset const*, PluginAPI*) (deviceuiset.cpp:199)
==30323== by 0x4EA51EA: MainWindow::loadPresetSettings(Preset const*, int) (mainwindow.cpp:575)
==30323== by 0x4EAC81B: MainWindow::MainWindow(qtwebapp::LoggerWithFile*, MainParser const&, QWidget*) (mainwindow.cpp:176)
==30323== by 0x10A49B: runQtApplication(int, char**, qtwebapp::LoggerWithFile*) (main.cpp:120)
==30323== by 0x109B38: main (main.cpp:131)
