openjpeg icon indicating copy to clipboard operation
openjpeg copied to clipboard
verified publisher icon uclouvain

SIGILL openjpeg-2.5.0/src/lib/openjp2/dwt.c:385 in opj_idwt53_h_cas0()

Open schsiung opened this issue 1 year ago • 2 comments

Expected behavior and actual behavior.

Expect POC_openjpeg-2.5.0.tar.gz running without signal SIGILL.

Steps to reproduce the problem.

  1. ./opj_decompress -i id:000001.jp2 -o 2.pgm
[AFL++ 4547ba12d0d6] /data/openeuler/openjpeg2/openjpeg-2.5.0/build/bin # ./opj_decompress -i /data/openeuler/openjpeg2/openjpeg-2.5.0/tests/fuzzers/id:000001.jp2  -o 2.pgm

[INFO] Start to read j2k main header (385).
[INFO] Main header has been correctly decoded.
[INFO] No decoded area parameters, set the decoded area to the whole image
[INFO] Header of tile 1 / 1 has been read.
Illegal instruction
[AFL++ 4547ba12d0d6] /data/openeuler/openjpeg2/openjpeg-2.5.0/build/bin #
  1. GDB info gdb ./opj_decompress
Starting program: /data/openeuler/openjpeg2/openjpeg-2.5.0/build/obj/bin/opj_decompress -i /data/openeuler/openjpeg2/openjpeg-2.5.0/tests/fuzzers/id:000001.jp2  -o 2.pgm
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

[INFO] Start to read j2k main header (385).
[INFO] Main header has been correctly decoded.
[INFO] No decoded area parameters, set the decoded area to the whole image
[INFO] Header of tile 1 / 1 has been read.

Program received signal SIGILL, Illegal instruction.
0x00007ffff7cdf290 in opj_idwt53_h_cas0 (tmp=0x627000007100, tiledp=0x7ffff6e1ff40, sn=<optimized out>, len=<optimized out>) at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/lib/openjp2/dwt.c:385
385             s0n = s1n - ((d1c + d1n + 2) >> 2);
(gdb) bt
#0  0x00007ffff7cdf290 in opj_idwt53_h_cas0 (tmp=0x627000007100, tiledp=0x7ffff6e1ff40, sn=<optimized out>, len=<optimized out>)
    at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/lib/openjp2/dwt.c:385
#1  opj_idwt53_h (dwt=<optimized out>, tiledp=0x7ffff6e1ff40) at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/lib/openjp2/dwt.c:493
#2  0x00007ffff7cdc084 in opj_dwt_decode_tile (tp=0x608000000020, tilec=<optimized out>, numres=<optimized out>) at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/lib/openjp2/dwt.c:2124
#3  opj_dwt_decode (p_tcd=<optimized out>, tilec=<optimized out>, numres=<optimized out>) at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/lib/openjp2/dwt.c:1917
#4  0x00007ffff7f53084 in opj_tcd_dwt_decode (p_tcd=0xc4e00000e45) at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/lib/openjp2/tcd.c:2030
#5  opj_tcd_decode_tile (p_tcd=0xc4e00000e45, win_x0=<optimized out>, win_y0=<optimized out>, win_x1=<optimized out>, win_y1=<optimized out>, numcomps_to_decode=<optimized out>, 
    comps_indices=<optimized out>, p_src=<optimized out>, p_max_length=<optimized out>, p_tile_no=<optimized out>, p_cstr_index=<optimized out>, p_manager=<optimized out>)
    at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/lib/openjp2/tcd.c:1706
#6  0x00007ffff7d9a8c7 in opj_j2k_decode_tile (p_j2k=<optimized out>, p_tile_index=<optimized out>, p_data=<optimized out>, p_data_size=<optimized out>, p_stream=0x60c000000040, 
    p_manager=<optimized out>) at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/lib/openjp2/j2k.c:9862
#7  0x00007ffff7daea16 in opj_j2k_decode_tiles (p_j2k=<optimized out>, p_stream=<optimized out>, p_manager=<optimized out>) at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/lib/openjp2/j2k.c:11664
#8  0x00007ffff7d88e71 in opj_j2k_exec (p_j2k=0xc4e00000e45, p_procedure_list=0x602000000030, p_stream=0x627000007100, p_manager=0x134)
    at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/lib/openjp2/j2k.c:9006
#9  0x00007ffff7dac3f3 in opj_j2k_decode (p_j2k=0x613000000040, p_stream=0x134, p_image=0x604000000090, p_manager=0x14000001)
    at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/lib/openjp2/j2k.c:12010
#10 0x00007ffff7dea970 in opj_jp2_decode (jp2=0x60f000000040, p_stream=0x627000007100, p_image=0x134, p_manager=0x14000001) at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/lib/openjp2/jp2.c:1607
#11 0x00005555556878b3 in main (argc=<optimized out>, argv=<optimized out>) at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/bin/jp2/opj_decompress.c:1582

Operating system

[AFL++ 4547ba12d0d6] /data/openeuler/openjpeg2/openjpeg-2.5.0/tests/fuzzers # uname -a
Linux 4547ba12d0d6 5.15.0-91-generic #101-Ubuntu SMP Tue Nov 14 13:30:08 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
[AFL++ 4547ba12d0d6] /data/openeuler/openjpeg2/openjpeg-2.5.0/tests/fuzzers #

openjpeg version

2.5.0

schsiung avatar Jan 02 '24 03:01 schsiung

I cannot reproduce with 2.5.0 nor master. Which build options did you use to build openjpeg?

rouault avatar Feb 18 '24 17:02 rouault