search

IntelRealSense / librealsense

Intel® RealSense™ SDK
https://www.intelrealsense.com/
Apache License 2.0
7.55k stars 4.81k forks source link

align to width and height -1 to prevent SSEGV accessing out of range buffer #13005

Closed acasalboni closed 3 months ago

acasalboni commented 3 months ago

align to width and height -1 to prevent SSEGV accessing out of range index on frame buffer

sysrsbuild commented 3 months ago

Can one of the admins verify this patch?

Nir-Az commented 3 months ago

@acasalboni thanks for the PR. Can you please share on which case you get this error?

acasalboni commented 3 months ago

When acquiring frames from depth camera and invoking method com.intel.realsense.librealsense.Utils.project2dPixelToDepthPixel, using some camera pieces the application crashes because of a SSEGV error. We're using camera in vertical position so sometimes the rotation and transformation values produces negative (adjusted to zero) or overloaded coordinates; in this case the point is adjusted to width and height causing a segmentation fault.

Here is the stack trace of the error:

00 pc 00000000007eb34c /system/app/ARFlexibilityTest/ARFlexibilityTest.apk!librealsense2.so (rs2_project_color_pixel_to_depth_pixel+776) (BuildId: 07aa2742a238c6a7d2d769e5046ed2ff5e5a6bd0)

  #01 pc 00000000007392e0  /system/app/ARFlexibilityTest/ARFlexibilityTest.apk!librealsense2.so (Java_com_intel_realsense_librealsense_Utils_nProject2dPixelToDepthPixel+924) (BuildId: 07aa2742a238c6a7d2d769e5046ed2ff5e5a6bd0)
  #02 pc 0000000000222244  /apex/com.android.art/lib64/libart.so (art_quick_generic_jni_trampoline+148) (BuildId: 4925dbfec35f1037f8ee5dab9b73e87d)
  #03 pc 0000000000218be8  /apex/com.android.art/lib64/libart.so (art_quick_invoke_static_stub+568) (BuildId: 4925dbfec35f1037f8ee5dab9b73e87d)
  #04 pc 0000000000284224  /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+216) (BuildId: 4925dbfec35f1037f8ee5dab9b73e87d)
  #05 pc 00000000003e351c  /apex/com.android.art/lib64/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)+400) (BuildId: 4925dbfec35f1037f8ee5dab9b73e87d)
  #06 pc 00000000003df570  /apex/com.android.art/lib64/libart.so (bool art::interpreter::DoCall<true, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+700) (BuildId: 4925dbfec35f1037f8ee5dab9b73e87d)
  #07 pc 0000000000758b9c  /apex/com.android.art/lib64/libart.so (MterpInvokeStaticRange+800) (BuildId: 4925dbfec35f1037f8ee5dab9b73e87d)
  #08 pc 0000000000203c94  /apex/com.android.art/lib64/libart.so (mterp_op_invoke_static_range+20) (BuildId: 4925dbfec35f1037f8ee5dab9b73e87d)
  #09 pc 000000000074fd58  /system/app/ARFlexibilityTest/oat/arm64/ARFlexibilityTest.vdex (com.intel.realsense.librealsense.Utils.project2dPixelToDepthPixel+46)