search

etemesi254 / zune-image

A fast and memory efficient image library in Rust
Other
327 stars 30 forks source link

crash: assertion `left == right` failed for JPEG #236

Open TheOneric opened 1 month ago

TheOneric commented 1 month ago

I stumbled into a crash from a failed assertion on current dev (b3b244df208131a9a931cc9b83527b504b461d66) while running the fuzzer a bit

thread '<unnamed>' panicked at /home/gekota/img-fuzz/zune-image/crates/zune-jpeg/src/upsampler/scalar.rs:59:5:
assertion `left == right` failed
  left: 512
 right: 256

stack backtrace:
   0: rust_begin_unwind
             at /usr/src/rustc-1.80.1/library/std/src/panicking.rs:652:5
   1: core::panicking::panic_fmt
             at /usr/src/rustc-1.80.1/library/core/src/panicking.rs:72:14
   2: core::panicking::assert_failed_inner
             at /usr/src/rustc-1.80.1/library/core/src/panicking.rs:408:17
   3: core::panicking::assert_failed
             at /usr/src/rustc-1.80.1/library/core/src/panicking.rs:363:5
   4: zune_jpeg::upsampler::scalar::upsample_vertical
   5: zune_jpeg::upsampler::scalar::upsample_hv
             at ./src/upsampler/scalar.rs:83:5
   6: zune_jpeg::worker::upsample
             at ./src/worker.rs:402:21
   7: zune_jpeg::mcu::<impl zune_jpeg::decoder::JpegDecoder<T>>::post_process
             at ./src/mcu.rs:418:17
   8: zune_jpeg::mcu::<impl zune_jpeg::decoder::JpegDecoder<T>>::decode_mcu_ycbcr_baseline
             at ./src/mcu.rs:201:13
   9: zune_jpeg::decoder::JpegDecoder<T>::decode_into
             at ./src/decoder.rs:712:13
  10: zune_jpeg::decoder::JpegDecoder<T>::decode
             at ./src/decoder.rs:209:9
  11: decode_buffer::_::__libfuzzer_sys_run
             at ./fuzz/fuzz_targets/decode_buffer.rs:9:13

Minimised test file: zune-jpeg_assertfail.jpg Even if the file is invalid (likely, but not sure), it probably shouldn't lead to an outright, ungraceful crash.

etemesi254 commented 1 month ago

Correct, it should not crash.

Looking into it