إرسال #703886: ggerganov whisper.cpp v1.8.2 Free of Memory not on the Heapالمعلومات

عنوان	ggerganov whisper.cpp v1.8.2 Free of Memory not on the Heap
الوصف	### Summary When using whisper-cli to read audio files, AddressSanitizer reports an attempt to free memory that was not allocated on the heap. The invalid free occurs inside read_audio_data when ma_decoder_init_file is used, leading to a crash. ### Reproduce [repro](https://github.com/oneafter/InvalidFree/blob/main/repro) ``` export LD_LIBRARY_PATH=/whisper.cpp/install/lib ./install/bin/whisper-cli -m ./models/for-tests-ggml-tiny.bin -f ./repro ``` ### Asan report ``` whisper_init_from_file_with_params_no_state: loading model from './models/for-tests-ggml-tiny.bin' whisper_init_with_params_no_state: use gpu = 1 whisper_init_with_params_no_state: flash attn = 1 whisper_init_with_params_no_state: gpu_device = 0 whisper_init_with_params_no_state: dtw = 0 whisper_init_with_params_no_state: devices = 1 whisper_init_with_params_no_state: backends = 1 whisper_model_load: loading model whisper_model_load: n_vocab = 51865 whisper_model_load: n_audio_ctx = 1500 whisper_model_load: n_audio_state = 384 whisper_model_load: n_audio_head = 6 whisper_model_load: n_audio_layer = 4 whisper_model_load: n_text_ctx = 448 whisper_model_load: n_text_state = 384 whisper_model_load: n_text_head = 6 whisper_model_load: n_text_layer = 4 whisper_model_load: n_mels = 80 whisper_model_load: ftype = 1 whisper_model_load: qntvr = 0 whisper_model_load: type = 1 (tiny) whisper_model_load: adding 1608 extra tokens whisper_model_load: n_langs = 99 whisper_model_load: CPU total size = 77.11 MB whisper_model_load: model size = 0.00 MB whisper_model_load: WARN no tensors loaded from model file - assuming empty model for testing whisper_backend_init_gpu: no GPU found whisper_init_state: kv self size = 3.15 MB whisper_init_state: kv cross size = 9.44 MB whisper_init_state: kv pad size = 2.36 MB whisper_init_state: compute buffer (conv) = 13.21 MB whisper_init_state: compute buffer (encode) = 17.72 MB whisper_init_state: compute buffer (cross) = 3.89 MB whisper_init_state: compute buffer (decode) = 95.91 MB ================================================================= ==32==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x7f316360c1c8 in thread T0 #0 0x5618e262aaf6 in __interceptor_free (/whisper.cpp/INS/bin/whisper-cli+0xdcaf6) (BuildId: a448611ba3edcb861e5563c99615ff6fb7930e89) #1 0x5618e2833701 in ma_decoder_init_file /whisper.cpp/examples/miniaudio.h:65452:17 #2 0x5618e289c84e in read_audio_data(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::vector<float, std::allocator<float>>&, std::vector<std::vector<float, std::allocator<float>>, std::allocator<std::vector<float, std::allocator<float>>>>&, bool) /whisper.cpp/examples/common-whisper.cpp:75:25 #3 0x5618e266ce21 in main /whisper.cpp/examples/cli/cli.cpp:1118:14 #4 0x7f3165164d8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) (BuildId: 4f7b0c955c3d81d7cac1501a2498b69d1d82bfe7) #5 0x7f3165164e3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f) (BuildId: 4f7b0c955c3d81d7cac1501a2498b69d1d82bfe7) #6 0x5618e2590f74 in _start (/whisper.cpp/INS/bin/whisper-cli+0x42f74) (BuildId: a448611ba3edcb861e5563c99615ff6fb7930e89) Address 0x7f316360c1c8 is located in stack of thread T0 at offset 456 in frame #0 0x5618e289c49f in read_audio_data(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::vector<float, std::allocator<float>>&, std::vector<std::vector<float, std::allocator<float>>, std::allocator<std::vector<float, std::allocator<float>>>>&, bool) /whisper.cpp/examples/common-whisper.cpp:42 This frame has 10 object(s): [32, 36) 'format.i.i' [48, 52) 'channels.i.i' [64, 68) 'sampleRate.i.i' [80, 88) 'internalLengthInPCMFrames.i' [112, 136) 'audio_data' (line 43) [176, 320) 'decoder_config' (line 46) [384, 936) 'decoder' (line 47) <== Memory access at offset 456 is inside this variable [1072, 1132) 'ref.tmp.sroa.8' (line 49) [1168, 2192) 'buf' (line 56) [2320, 2328) 'frames_read' (line 98) SUMMARY: AddressSanitizer: bad-free (/whisper.cpp/INS/bin/whisper-cli+0xdcaf6) (BuildId: a448611ba3edcb861e5563c99615ff6fb7930e89) in __interceptor_free ==32==ABORTING ```
المصدر	⚠️ https://github.com/ggml-org/whisper.cpp/issues/3501
المستخدم	Oneafter (UID 92781)
ارسال	01/12/2025 04:30 AM (6 أشهر منذ)
الاعتدال	12/12/2025 12:27 PM (11 days later)
الحالة	تمت الموافقة
إدخال VulDB	336193 [ggml-org whisper.cpp حتى 1.8.2 common-whisper.cpp read_audio_data تلف الذاكرة]
النقاط	20

التالي ▸نظرة عامة ◂ السابق

Want to stay up to date on a daily basis?

Enable the mail alert feature now!