delete sps pointer in the storeSPS() function whereas it will be used later in the caller function

[aumontfr]

Decoding a bit stream generated by VTM 15.0 in LDP with IDR_N_LP every 32 frames, the valgrind traces indicates the reading of bytes in a freed memory space:
Invalid read of size 4
==241811== at 0x541FBB: DecLib::xDecodeSPS(InputNALUnit&)
==241811== by 0x54CCCD: DecLib::decode(InputNALUnit&, int&, int&, int
==241811== by 0x43B88D: DecApp::decode()
==241811== by 0x42A9C1: main (decoder)
==241811== Address 0xe19d958 is 72 bytes inside a block of size 10,024 free'd
==241811== at 0x4C2B40D: operator delete(void*) (vg_replace_malloc.c:586)
The problem is linked to the BOLD line in the xDecodeSPS function:
void DecLib::xDecodeSPS( InputNALUnit& nalu )
{

SPS* sps = new SPS();
m_HLSReader.setBitstream( &nalu.getBitstream() );

CHECK( nalu.m_temporalId, "The value of TemporalId of SPS NAL units shall be equal to 0" );

m_HLSReader.parseSPS( sps );
sps->setLayerId( nalu.m_nuhLayerId );
DTRACE( g_trace_ctx, D_QP_PER_CTU, "CTU Size: %dx%d", sps->getMaxCUWidth(), sps->getMaxCUHeight() );
m_parameterSetManager.storeSPS( sps, nalu.getBitstream().getFifo() );

m_accessUnitSpsNumSubpic[nalu.m_nuhLayerId] = sps->getNumSubPics();
}

The sps pointer has been deleted by the function “m_parameterSetManager.storeSPS” because the SPS has not been changed.
One correction solution is to invert the two lines like this:

m_accessUnitSpsNumSubpic[nalu.m_nuhLayerId] = sps->getNumSubPics();
m_parameterSetManager.storeSPS( sps, nalu.getBitstream().getFifo() );

[ksuehring]

This is indeed a regression. I submitted a MR for the suggested fix:
​https://vcgit.hhi.fraunhofer.de/jvet/VVCSoftware_VTM/-/merge_requests/2143

[ksuehring]

The MR was merged