search

ermig1979 / Simd

C++ image processing and machine learning library with using of SIMD: SSE, AVX, AVX-512, AMX for x86/x64, VMX(Altivec) and VSX(Power7) for PowerPC, NEON for ARM.
http://ermig1979.github.io/Simd
MIT License
2.03k stars 406 forks source link

stack smashing when saving big jpeg image #181

Closed s-trinh closed 2 years ago

s-trinh commented 2 years ago

Code to reproduce should be something like this:

typedef Simd::View<Simd::Allocator> View;
void readSimd(View &img, const std::string &filename)
{
  size_t stride = 0, width = 0, height = 0;
  SimdPixelFormatType format = SimdPixelFormatRgba32;
  uint8_t* data = SimdImageLoadFromFile(filename.c_str(), &stride, &width, &height, &format);
  img.Recreate(width, height, View::Rgba32, data);
}

// main code
View img;
readSimd(img, filename);
std::cout << "Read simd: " << img.width << "x" << img.height << std::endl;

img.Save("/tmp/test_simd_save.jpg", SimdImageFileJpeg, 90);

With gdb:

Read simd: 4000x2250
*** stack smashing detected ***: <unknown> terminated

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51  ../sysdeps/unix/sysv/linux/raise.c: Aucun fichier ou dossier de ce type.
(gdb) bt
#0  0x00007ffff6740fb7 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff6742921 in __GI_abort () at abort.c:79
#2  0x00007ffff678b967 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff68b88fb "*** %s ***: %s terminated\n") at ../sysdeps/posix/libc_fatal.c:181
#3  0x00007ffff6836b61 in __GI___fortify_fail_abort (need_backtrace=need_backtrace@entry=false, msg=msg@entry=0x7ffff68b88d9 "stack smashing detected") at fortify_fail.c:33
#4  0x00007ffff6836b22 in __stack_chk_fail () at stack_chk_fail.c:29
#5  0x00007ffff789e2bf in Simd::Avx2::JpegWriteBlockSubs(Simd::OutputMemoryStream&, int, int, unsigned char const*, unsigned char const*, unsigned char const*, int, float const*, float const*, int*)
    (stream=..., width=4000, height=<optimized out>, red=0x55555587dfd0 "\253\251\251\253\250\246\247\247\252\253\253\253\253\252\252\252\253\253\252\253\252\250\247\251\252\247\247\247\247\247\253\255\252\256\256\260\260\254\261\261\261\257\261\260\257\260\255\257\255\255\256\255\257\255\255\255\256\257\260\261\260\260\257\256\255\255\255\254\256\256\254\254\255\255\254\253\253\252\255\256\253\254\257\254\254\254\254\253\256\257\255\254\256\254\255\254\260\260\260\255\254\255\256\255\254\255\255\257\256\257\254\253\257\256\260\260\257\255\255\254\256\257\260\260\261\261\257\260\261\255\256\262\263\261\260\260\263\260\262\264\264\264\260\262\263\257\260\263\265\264\263\261\266\265\265\266\266\267\267\267\266\267\270\270\271\271\270\273\270\270\271\272\272\270\273\274\270\267\267\270\271\270\271\267\270\272\267\267\271\271\270\271\270\271\271\271\270\267\270\267"..., green=0x55555588d9d0 "rqqrsrsrqrrrrqqqrrqrqsrrsrrrrrrtuvvxwwyyyvyxvwx{xyyy{xxxyzwxwwzyyxxwyzwwyxwvvutuvwvxwuuvuvywywvwxwwxwxwvyvvvu{wwvuwwvxxwz{|wyywxxtvz{yxx{xzyy||z{{|{zy{}~}}~~\177\177\177~\177\177\177\201\201\200\200\200\200\201\202\202\200\200\201\177\177\177\200\200\200~\177\177\201\177\177\200}\177~\177~\200\200\177\177\200\177"..., blue=0x55555589d3d0 "KFFKKFGJKKKLLJJKLLMLKLKNOKKKKKLNMLLNPOOMOOONOQPMPNQNPPPPQRPRQPRQKPQPQOOPNPPOOMMONPOMOQQNNPNPRORPNPQQPQTRQRRPNPPUOOPPPQPPOKQPMMMIQMLPOONNOKPPPPLPQPOLOPQMROORRUUURSQQUSRWTTSVVTUVYUSRRTSSQSQQQOQSQSRRQSTS"..., stride=4000, fY=0x55555587313

Image to reproduce the issue can be downloaded here: https://gofile.io/d/MUyx7x

ermig1979 commented 2 years ago

Thank you for so detail bug report! It allowed for me to fast reproduce and fix the bug.

s-trinh commented 2 years ago

Thanks this solves the issue.