libheif icon indicating copy to clipboard operation
libheif copied to clipboard
verified publisher icon strukturag

AddressSanitizer alloc-dealloc-mismatch on ColorProfile_nclx::~ColorProfile_nclx

Open amyspark opened this issue 3 years ago • 1 comments

Hey,

I just found the following ASAN hit on libheif. The destructor of ColorProfile_nclx doesn't use the correct function to destroy its members:

https://github.com/strukturag/libheif/blob/64d9ab99ce7ea8876700c034b19bbc8dd773ae0b/libheif/heif_cxx.h#L787-L795

==51910==ERROR: AddressSanitizer: alloc-dealloc-mismatch (malloc vs operator delete) on 0x6060000f3e00
    #0 0x55c03cdabd19 in operator delete(void*) (/home/amalia/krita/build/plugins/impex/heif/tests/KisHeifTest+0x11ad19)
    #1 0x7f7fca79d226 in heif::ColorProfile_nclx::~ColorProfile_nclx() /usr/include/libheif/heif_cxx.h:798:5
    #2 0x7f7fca79d226 in HeifExport::convert(KisDocument*, QIODevice*, KisPinnedSharedPtr<KisPropertiesConfiguration>) /home/amalia/krita/src/plugins/impex/heif/HeifExport.cpp:451:9
    #3 0x7f7fdf7666bb in KisImportExportManager::doExportImpl(QString const&, QSharedPointer<KisImportExportFilter>, KisPinnedSharedPtr<KisPropertiesConfiguration>) /home/amalia/krita/src/libs/ui/KisImportExportManager.cpp:733:47
    #4 0x7f7fdf763e26 in KisImportExportManager::doExport(QString const&, QSharedPointer<KisImportExportFilter>, KisPinnedSharedPtr<KisPropertiesConfiguration>, bool) /home/amalia/krita/src/libs/ui/KisImportExportManager.cpp:677:13
    #5 0x7f7fdf74e48d in KisImportExportManager::convert(KisImportExportManager::Direction, QString const&, QString const&, QString const&, bool, KisPinnedSharedPtr<KisPropertiesConfiguration>, bool, bool) /home/amalia/krita/src/libs/ui/KisImportExportManager.cpp:441:22
    #6 0x7f7fdf75286e in KisImportExportManager::exportDocument(QString const&, QString const&, QByteArray const&, bool, KisPinnedSharedPtr<KisPropertiesConfiguration>, bool) /home/amalia/krita/src/libs/ui/KisImportExportManager.cpp:137:31
    #7 0x7f7fdf703c7b in KisDocument::exportDocumentSync(QString const&, QByteArray const&, KisPinnedSharedPtr<KisPropertiesConfiguration>) /home/amalia/krita/src/libs/ui/KisDocument.cpp:1199:13
    #8 0x55c03cdd0158 in KisHeifTest::testSaveHDR() /home/amalia/krita/src/plugins/impex/heif/tests/KisHeifTest.cpp:243:14
    #9 0x55c03cdae23c in KisHeifTest::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/amalia/krita/build/plugins/impex/heif/tests/KisHeifTest_autogen/EWIEGA46WW/moc_KisHeifTest.cpp:111:21
    #10 0x7f7fd904623d in QMetaMethod::invoke(QObject*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) const (/usr/lib/libQt5Core.so.5+0x29c23d)
    #11 0x7f7fde225a6b in QTest::qRun() (/usr/lib/libQt5Test.so.5+0x1ba6b)
    #12 0x7f7fde226c40 in QTest::qExec(QObject*, int, char**) (/usr/lib/libQt5Test.so.5+0x1cc40)
    #13 0x55c03cde7b21 in main /home/amalia/krita/src/plugins/impex/heif/tests/KisHeifTest.cpp:531:1
    #14 0x7f7fd888728f  (/usr/lib/libc.so.6+0x2928f)
    #15 0x7f7fd8887349 in __libc_start_main (/usr/lib/libc.so.6+0x29349)
    #16 0x55c03ccc6d44 in _start /build/glibc/src/glibc/csu/../sysdeps/x86_64/start.S:115

0x6060000f3e00 is located 0 bytes inside of 52-byte region [0x6060000f3e00,0x6060000f3e34)
allocated by thread T0 here:
    #0 0x55c03cd719c9 in malloc (/home/amalia/krita/build/plugins/impex/heif/tests/KisHeifTest+0xe09c9)
    #1 0x7f7fcd9b99a2 in heif_nclx_color_profile_alloc (/usr/lib/libheif.so.1+0x409a2)
    #2 0x7f7fdf7666bb in KisImportExportManager::doExportImpl(QString const&, QSharedPointer<KisImportExportFilter>, KisPinnedSharedPtr<KisPropertiesConfiguration>) /home/amalia/krita/src/libs/ui/KisImportExportManager.cpp:733:47
    #3 0x7f7fdf763e26 in KisImportExportManager::doExport(QString const&, QSharedPointer<KisImportExportFilter>, KisPinnedSharedPtr<KisPropertiesConfiguration>, bool) /home/amalia/krita/src/libs/ui/KisImportExportManager.cpp:677:13
    #4 0x7f7fdf74e48d in KisImportExportManager::convert(KisImportExportManager::Direction, QString const&, QString const&, QString const&, bool, KisPinnedSharedPtr<KisPropertiesConfiguration>, bool, bool) /home/amalia/krita/src/libs/ui/KisImportExportManager.cpp:441:22
    #5 0x7f7fdf75286e in KisImportExportManager::exportDocument(QString const&, QString const&, QByteArray const&, bool, KisPinnedSharedPtr<KisPropertiesConfiguration>, bool) /home/amalia/krita/src/libs/ui/KisImportExportManager.cpp:137:31
    #6 0x7f7fdf703c7b in KisDocument::exportDocumentSync(QString const&, QByteArray const&, KisPinnedSharedPtr<KisPropertiesConfiguration>) /home/amalia/krita/src/libs/ui/KisDocument.cpp:1199:13
    #7 0x55c03cdd0158 in KisHeifTest::testSaveHDR() /home/amalia/krita/src/plugins/impex/heif/tests/KisHeifTest.cpp:243:14
    #8 0x55c03cdae23c in KisHeifTest::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/amalia/krita/build/plugins/impex/heif/tests/KisHeifTest_autogen/EWIEGA46WW/moc_KisHeifTest.cpp:111:21
    #9 0x7f7fd904623d in QMetaMethod::invoke(QObject*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) const (/usr/lib/libQt5Core.so.5+0x29c23d)
    #10 0x7f7fde225a6b in QTest::qRun() (/usr/lib/libQt5Test.so.5+0x1ba6b)
    #11 0x7f7fde226c40 in QTest::qExec(QObject*, int, char**) (/usr/lib/libQt5Test.so.5+0x1cc40)
    #12 0x7f7fd888728f  (/usr/lib/libc.so.6+0x2928f)

amyspark avatar Jul 09 '22 21:07 amyspark

Should use heif_nclx_color_profile_free instead of the delete: https://github.com/strukturag/libheif/blob/64d9ab99ce7ea8876700c034b19bbc8dd773ae0b/libheif/heif.h#L836

fancycode avatar Jul 11 '22 06:07 fancycode