libheif icon indicating copy to clipboard operation
libheif copied to clipboard

Published 20 hours ago verified publisher icon strukturag

SEGV in `openjpeg_decode_image`

Open fdu-sec opened this issue 9 months ago • 1 comments

Summary

SEGV in openjpeg_decode_image

Version

  • commit : 9ea417c17d91516291cfad193363f9915273a65d

reproduce

# openjpeg commit: 51f097e6d5754ddae93e716276fe8176b44ec548
# step1: you need build this openjpeg with asan.
# step2: build libheif with asan with it.
CC="gcc -g -fsanitize=address"
CXX="g++ -g -fsanitize=address"
mkdir build && cd build
cmake .. -DCMAKE_INSTALL_PREFIX=`realpath ./` -DWITH_UNCOMPRESSED_CODEC=ON  -DENABLE_MULTITHREADING_SUPPORT=0 -DCMAKE_INSTALL_PREFIX=Debug   -DWITH_OpenJPEG_ENCODER=1 -DWITH_OpenJPEG_DECODER=1  -DWITH_AOM_ENCODER=0 -DWITH_AOM_DECODER=0
make -j

ASAN

=================================================================
==671410==ERROR: AddressSanitizer: SEGV on unknown address 0x7ff2d6432800 (pc 0x7ffff42e3c28 bp 0x7fffffffaa30 sp 0x7fffffff85f0 T0)
==671410==The signal is caused by a WRITE memory access.
    #0 0x7ffff42e3c27 in openjpeg_decode_image(void*, heif_image**) /home//supply/test/openjpeg-libheif/libheif/libheif/plugins/decoder_openjpeg.cc:383
    #1 0x7ffff6fbf220 in HeifContext::decode_image_planar(unsigned int, std::shared_ptr<HeifPixelImage>&, heif_colorspace, heif_decoding_options const&, bool) const /home//supply/test/openjpeg-libheif/libheif/libheif/context.cc:1355
    #2 0x7ffff6fbd52c in HeifContext::decode_image_user(unsigned int, std::shared_ptr<HeifPixelImage>&, heif_colorspace, heif_chroma, heif_decoding_options const&) const /home//supply/test/openjpeg-libheif/libheif/libheif/context.cc:1248
    #3 0x7ffff6f80479 in heif_decode_image /home//supply/test/openjpeg-libheif/libheif/libheif/heif.cc:1042
    #4 0x555555563960 in main /home//supply/test/openjpeg-libheif/libheif/examples/heif_info.cc:645
    #5 0x7ffff6ab6082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082)
    #6 0x55555555d94d in _start (/home//supply/test/openjpeg-libheif/libheif/build_asan/Debug/bin/heif-info+0x994d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home//supply/test/openj
peg-libheif/libheif/libheif/plugins/decoder_openjpeg.cc:383 in openjpeg_decode_image(void*, heif_image**)
==671410==ABORTING

POC

poc-openjpeg.zip

fdu-sec avatar Apr 30 '24 01:04 fdu-sec