search

dropbox / lepton

Lepton is a tool and file format for losslessly compressing JPEGs by an average of 22%.
https://blogs.dropbox.com/tech/2016/07/lepton-image-compression-saving-22-losslessly-from-images-at-15mbs/
Apache License 2.0
5.01k stars 355 forks source link

UB with USE_STANDARD_MEMORY_ALLOCATORS #69

Closed fxrlv closed 7 years ago

fxrlv commented 8 years ago

I'm compiling project with -DUSE_STANDARD_MEMORY_ALLOCATORS So I have next one error when decompress .lep to .jpg malloc: *** error for object 0x106f431d0: pointer being freed was not allocated

Here is ASAN output

==5914==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x00010499e9d0 in thread T0
    #0 0x10166db89 in wrap_free (libclang_rt.asan_osx_dynamic.dylib+0x48b89)
    #1 0x1013b3ef4 in custom_free memory.cc:111
    #2 0x1012e83b8 in Sirikata::JpegAllocator<unsigned char>::free_wrapper(void*, void*) Allocator.hh:53
    #3 0x10125fffa in Sirikata::JpegAllocator<unsigned char>::deallocate(unsigned char*, unsigned long) Allocator.hh:145
    #4 0x1012e4b38 in std::__1::__vector_base<unsigned char, Sirikata::JpegAllocator<unsigned char> >::~__vector_base() memory:1487
    #5 0x1012e4734 in std::__1::vector<unsigned char, Sirikata::JpegAllocator<unsigned char> >::~vector() vector:457
    #6 0x1012d87c4 in std::__1::vector<unsigned char, Sirikata::JpegAllocator<unsigned char> >::~vector() vector:457
    #7 0x1012e80d6 in Sirikata::MemReadWriter::~MemReadWriter() MemReadWriter.hh:3
    #8 0x1012dc9a4 in Sirikata::MemReadWriter::~MemReadWriter() MemReadWriter.hh:3
    #9 0x1012b617c in read_ujpg() jpgcoder.cc:3959
    #10 0x101313727 in bool std::__1::__invoke_void_return_wrapper<bool>::__call<bool (*&)()>(bool (*&&&)()) __functional_base:416
    #11 0x1013136b8 in std::__1::__function::__func<bool (*)(), std::__1::allocator<bool (*)()>, bool ()>::operator()() functional:1437
    #12 0x1012d88f4 in std::__1::function<bool ()>::operator()() const functional:1817
    #13 0x10129c141 in execute(std::__1::function<bool ()> const&) jpgcoder.cc:1754
    #14 0x10129257b in process_file(IOUtil::FileReader*, IOUtil::FileWriter*, int, bool) jpgcoder.cc:1584
    #15 0x10128753b in main jpgcoder.cc:803
    #16 0x7fff935ac5ac in start (libdyld.dylib+0x35ac)
    #17 0x2  (<unknown module>)

0x00010499e9d0 is located 4560 bytes inside of 2080376256-byte region [0x00010499d800,0x00018099ddc0)
allocated by thread T0 here:
    #0 0x10166df27 in wrap_calloc (libclang_rt.asan_osx_dynamic.dylib+0x48f27)
    #1 0x1014cf868 in Sirikata::memmgr_init(unsigned long, unsigned long, unsigned long, unsigned long, bool) MemMgrAllocator.cc:184
    #2 0x101287160 in main jpgcoder.cc:747
    #3 0x7fff935ac5ac in start (libdyld.dylib+0x35ac)
    #4 0x2  (<unknown module>)
danielrh commented 7 years ago

Fixed by 04153c95bc3705cb8cd386374dcd0ea634a322a3