search

etemesi254 / zune-image

A fast and memory efficient image library in Rust
Other
308 stars 30 forks source link

zune-jpeg assertion panic during upsampling #172

Closed q2p closed 4 months ago

q2p commented 5 months ago

zune-jpeg panics when trying to parse a valid JPEG image. The assertion fails at: https://github.com/etemesi254/zune-image/blob/ba38f3fd50294ed68df5ee382898ea1af185555f/crates/zune-jpeg/src/worker.rs#L412

Image that produced the crash: https://github.com/etemesi254/zune-image/assets/11664429/ae728232-9be8-4314-8518-9ecaa57d3ac3

Cargo.toml:

[package]
name = "jpeg_panic"
version = "0.0.1"
edition = "2021"
publish = false

[dependencies]
zune-jpeg = "0.4.11"

main.rs:

fn main() {
  let data = std::fs::read("C:/buggy.jpg").unwrap();
  let mut decoder = zune_jpeg::JpegDecoder::new(&data);
  let ignore_result = decoder.decode();
  println!("Result: {}", ignore_result.is_ok());
}
Stack trace ``` thread 'main' panicked at C:\Users\user\.cargo\registry\src\index.crates.io-6f17d22bba15001f\zune-jpeg-0.4.11\src\worker.rs:411:13: assertion `left == right` failed left: 6400 right: 3200 stack backtrace: 0: rust_begin_unwind at /rustc/c67326b063bd27ed04f306ba2e372cd92e0a8751/library\std\src/panicking.rs:645:5 1: core::panicking::panic_fmt at /rustc/c67326b063bd27ed04f306ba2e372cd92e0a8751/library\core\src/panicking.rs:72:14 2: core::panicking::assert_failed_inner at /rustc/c67326b063bd27ed04f306ba2e372cd92e0a8751/library\core\src/panicking.rs:343:17 3: core::panicking::assert_failed at /rustc/c67326b063bd27ed04f306ba2e372cd92e0a8751\library\core\src/panicking.rs:298:5 4: zune_jpeg::worker::upsample at C:\Users\user\.cargo\registry\src\index.crates.io-6f17d22bba15001f\zune-jpeg-0.4.11\src\worker.rs:411:13 5: zune_jpeg::mcu::>::post_process at C:\Users\user\.cargo\registry\src\index.crates.io-6f17d22bba15001f\zune-jpeg-0.4.11\src\mcu.rs:385:17 6: zune_jpeg::mcu::>::decode_mcu_ycbcr_baseline at C:\Users\user\.cargo\registry\src\index.crates.io-6f17d22bba15001f\zune-jpeg-0.4.11\src\mcu.rs:199:13 7: zune_jpeg::decoder::JpegDecoder::decode_into at C:\Users\user\.cargo\registry\src\index.crates.io-6f17d22bba15001f\zune-jpeg-0.4.11\src\decoder.rs:708:13 8: zune_jpeg::decoder::JpegDecoder::decode at C:\Users\user\.cargo\registry\src\index.crates.io-6f17d22bba15001f\zune-jpeg-0.4.11\src\decoder.rs:209:9 9: jpeg_panic::main at .\jpeg_panic\src\main.rs:4:23 10: core::ops::function::FnOnce::call_once at /rustc/c67326b063bd27ed04f306ba2e372cd92e0a8751\library\core\src\ops/function.rs:250:5 note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace. error: process didn't exit successfully: `target\debug\jpeg_panic.exe` (exit code: 0xc0000409, STATUS_STACK_BUFFER_OVERRUN) ```
etemesi254 commented 5 months ago

Hi, this was promoted to an error in https://github.com/etemesi254/zune-image/commit/efb4cb094a0ba27616c9d4a0909cd7b052e2a72a.

With the assumption that a legitimate image doesn't exist with the said sampling factors, but seems that's not the case.

I should dedicate some time to fix it

q2p commented 5 months ago

Hi, I'm glad to hear that you plan on addressing it. Thank you for a quick response :)

etemesi254 commented 4 months ago

Fixed correctly by ac18d0bf2a672a8ee57653bbae1c4c2d8fafbba0.

Exposed another bug, hence the delay.

I have also added a test for it via https://github.com/etemesi254/zune-image/commit/69139b4502c0901976213f2e8d5fd07b3f8d1287 using the reference image you provided, hence pinging you to ask if it's okay or I should remove it

q2p commented 4 months ago

Thank you! I don't remember from where the image came from, but I guess it's okay