google / draco

Draco is a library for compressing and decompressing 3D geometric meshes and point clouds. It is intended to improve the storage and transmission of 3D graphics.
https://google.github.io/draco/
Apache License 2.0
6.51k stars 964 forks source link

crash in draco::ans_read_init(draco::AnsDecoder*, unsigned char const*, int) #30

Closed geeknik closed 7 years ago

geeknik commented 7 years ago

./draco_encoder -i test000

==23044==ERROR: AddressSanitizer: SEGV on unknown address 0x61e02300f0f5 (pc 0x000000594b3b bp 0x7fffe8fe3cf0 sp 0x7fffe8fe3c20 T0)
    #0 0x594b3a in draco::ans_read_init(draco::AnsDecoder*, unsigned char const*, int) /root/draco/core/ans.h:302:7
    #1 0x594b3a in draco::RAnsBitDecoder::StartDecoding(draco::DecoderBuffer*) /root/draco/core/rans_coding.cc:133
    #2 0x71ec37 in draco::MeshEdgeBreakerTraversalPredictiveDecoder::Start() /root/draco/compression/mesh/mesh_edgebreaker_traversal_predictive_decoder.h:48:5
    #3 0x71bd8f in draco::MeshEdgeBreakerDecoderImpl<draco::MeshEdgeBreakerTraversalPredictiveDecoder>::DecodeConnectivity() /root/draco/compression/mesh/mesh_edgebreaker_decoder_impl.cc:255:46
    #4 0x738539 in draco::PointCloudDecoder::Decode(draco::DecoderBuffer*, draco::PointCloud*) /root/draco/compression/point_cloud/point_cloud_decoder.cc:28:8
    #5 0x6fc463 in draco::DecodeMeshFromBuffer(draco::DecoderBuffer*) /root/draco/compression/decode.cc:117:8
    #6 0x600ca4 in std::basic_ifstream<char, std::char_traits<char> >& draco::ReadMeshFromStream<std::basic_ifstream<char, std::char_traits<char> >&>(std::unique_ptr<draco::Mesh, std::default_delete<draco::Mesh> >*, std::basic_ifstream<char, std::char_traits<char> >&) /root/draco/io/mesh_io.h:66:11
    #7 0x60009d in draco::ReadMeshFromFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /root/draco/io/mesh_io.cc:50:8
    #8 0x52de2f in main /root/draco/tools/draco_encoder.cc:189:9
    #9 0x7fb7d071a2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
    #10 0x459d19 in _start (/root/draco/build/draco_encoder+0x459d19)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/draco/core/ans.h:302:7 in draco::ans_read_init(draco::AnsDecoder*, unsigned char const*, int)
==23044==ABORTING
ondys commented 7 years ago

Thanks for the reports! Are the used examples fuzzed or do they actually represent valid data? (We will fix it either way, but I need to know the expected behavior).

geeknik commented 7 years ago

I used the small files in testdata as a starting corpus for American Fuzzy Lop. The testcases attached are the results of a couple of hours of fuzzing.

ondys commented 7 years ago

This and your other reported issues should be now fixed in the master branch.