openjpeg icon indicating copy to clipboard operation
openjpeg copied to clipboard
verified publisher icon uclouvain

SIGILL openjpeg-2.5.0/src/lib/openjp2/ht_dec.c:330 in mel_init

Open schsiung opened this issue 1 year ago • 1 comments

Expected behavior and actual behavior.

Expect POC_openjpeg-2.5.0.tar.gz running without signal SIGILL.

Steps to reproduce the problem.

  1. ./opj_decompress -i id:000000.j2k -o 1.pgm
 ./opj_decompress -i id:000000.j2k -o 1.pgm
[AFL++ 4547ba12d0d6] /data/openeuler/openjpeg2/openjpeg-2.5.0/build/bin # ./opj_decompress -i /data/openeuler/openjpeg2/openjpeg-2.5.0/tests/fuzzers/id:000000.j2k -o 1.pgm

[INFO] Start to read j2k main header (0).
[INFO] Main header has been correctly decoded.
[INFO] No decoded area parameters, set the decoded area to the whole image
[INFO] Header of tile 1 / 1 has been read.
Illegal instruction
  1. GDB info gdb ./opj_decompress
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./opj_decompress...
(gdb) run -i /data/openeuler/openjpeg2/openjpeg-2.5.0/tests/fuzzers/id:000000.j2k -o 1.pgm
Starting program: /data/openeuler/openjpeg2/openjpeg-2.5.0/build/bin/opj_decompress -i /data/openeuler/openjpeg2/openjpeg-2.5.0/tests/fuzzers/id:000000.j2k -o 1.pgm
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

[INFO] Start to read j2k main header (0).
[INFO] Main header has been correctly decoded.
[INFO] No decoded area parameters, set the decoded area to the whole image
[INFO] Header of tile 1 / 1 has been read.

Program received signal SIGILL, Illegal instruction.
0x00007ffff7d1931d in opj_t1_ht_decode_cblk (t1=<optimized out>, cblk=<optimized out>, orient=<optimized out>, roishift=<optimized out>, cblksty=<optimized out>, p_manager=<optimized out>, p_manager_mutex=<optimized out>, check_pterm=<optimized out>) at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/lib/openjp2/ht_dec.c:330
330             melp->unstuff = ((d & 0xFF) == 0xFF); //true of next byte needs
(gdb) bt
#0  0x00007ffff7d1931d in opj_t1_ht_decode_cblk (t1=<optimized out>, cblk=<optimized out>, orient=<optimized out>, roishift=<optimized out>, cblksty=<optimized out>, p_manager=<optimized out>, 
    p_manager_mutex=<optimized out>, check_pterm=<optimized out>) at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/lib/openjp2/ht_dec.c:330
#1  0x00007ffff7e4d90e in opj_t1_clbl_decode_processor (user_data=0x607000000790, tls=<optimized out>) at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/lib/openjp2/t1.c:1690
#2  0x00007ffff7cb64c5 in opj_thread_pool_submit_job (tp=<optimized out>, job_fn=0x7ffff7e4d020 <opj_t1_clbl_decode_processor>, user_data=0x607000000790)
    at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/lib/openjp2/thread.c:835
#3  0x00007ffff7e4a011 in opj_t1_decode_cblks (tcd=0x60b000000250, pret=0x7fffffff8460, tilec=0x0, tccp=0x61f000000e80, p_manager=0x6100000000a8, p_manager_mutex=0x604000000110, check_pterm=1)
    at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/lib/openjp2/t1.c:1943
#4  0x00007ffff7f529bf in opj_tcd_t1_decode (p_tcd=0x6040000000d0, p_manager=<optimized out>) at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/lib/openjp2/tcd.c:2000
#5  opj_tcd_decode_tile (p_tcd=0x6040000000d0, win_x0=<optimized out>, win_y0=<optimized out>, win_x1=<optimized out>, win_y1=<optimized out>, numcomps_to_decode=<optimized out>, 
    comps_indices=<optimized out>, p_src=<optimized out>, p_max_length=<optimized out>, p_tile_no=<optimized out>, p_cstr_index=<optimized out>, p_manager=<optimized out>)
    at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/lib/openjp2/tcd.c:1654
#6  0x00007ffff7d9a8c7 in opj_j2k_decode_tile (p_j2k=<optimized out>, p_tile_index=<optimized out>, p_data=<optimized out>, p_data_size=<optimized out>, p_stream=0x60c000000040, 
    p_manager=<optimized out>) at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/lib/openjp2/j2k.c:9862
#7  0x00007ffff7dad1bc in opj_j2k_decode_tiles (p_j2k=<optimized out>, p_stream=<optimized out>, p_manager=<optimized out>)
    at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/lib/openjp2/j2k.c:11707
#8  0x00007ffff7d88e71 in opj_j2k_exec (p_j2k=0x6040000000d0, p_procedure_list=0x602000000030, p_stream=0x612000000740, p_manager=0x612000000748)
    at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/lib/openjp2/j2k.c:9006
#9  0x00007ffff7dac3f3 in opj_j2k_decode (p_j2k=0x613000000040, p_stream=0x612000000748, p_image=0x604000000050, p_manager=0x1)
    at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/lib/openjp2/j2k.c:12010
#10 0x00005555556878b3 in main (argc=<optimized out>, argv=<optimized out>) at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/bin/jp2/opj_decompress.c:1582

Operating system

[AFL++ 4547ba12d0d6] /data/openeuler/openjpeg2/openjpeg-2.5.0/tests/fuzzers # uname -a
Linux 4547ba12d0d6 5.15.0-91-generic #101-Ubuntu SMP Tue Nov 14 13:30:08 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
[AFL++ 4547ba12d0d6] /data/openeuler/openjpeg2/openjpeg-2.5.0/tests/fuzzers #

openjpeg version

2.5.0

schsiung avatar Jan 02 '24 02:01 schsiung

I cannot reproduce with 2.5.0 nor master. Which build options did you use to build openjpeg?

rouault avatar Feb 18 '24 17:02 rouault