search

lijian8 / yagf

Automatically exported from code.google.com/p/yagf
0 stars 0 forks source link

crash due to invalid parameters for QIPGrayscaleImage::copy() call #45

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Run "yagf scan.jpg" (file is attached)
2. YAGF dumps core

What is the expected output? What do you see instead?
The "this" object in QIPGrayscaleImage::copy() call has "h" (height) 2711, but 
the value of provided "y2" parameter is 2768. You could probably add some 
assertion at the top of QIPGrayscaleImage::copy() and catch the problem 
yourself.

What version of the product are you using? On what operating system?
YAGF 0.9.4, OpenBSD 5.6-BETA

Please provide any additional information below.

I've changed the copy() in the following way as in imagelog.patch (attached), 
and took a log in yagf.log (attached, too).

And here is backtrace from unmodified version:

#0  memcpy () at /usr/src/lib/libc/arch/i386/string/bcopy.S:82
82              rep
(gdb) bt
#0  memcpy () at /usr/src/lib/libc/arch/i386/string/bcopy.S:82
#1  0x1b989b10 in QIPGrayscaleImage::copy (this=0xcfbc33b4, x1=0, x2=Variable 
"x2" is not available.
)
    at /usr/obj/p/yagf-0.9.4/yagf-538f3d9144ff/src/core/qipgrayscaleimage.cpp:323
#2  0x1b97ba3d in ImageProcessor::crop (this=0xcfbc33ac) at 
/usr/obj/p/yagf-0.9.4/yagf-538f3d9144ff/src/core/imageprocessor.cpp:48
#3  0x1b97573a in Page::loadFile (this=0x87344680, fileName=@0xcfbc3480, 
tiled=1, loadIntoView=false)
    at /usr/obj/p/yagf-0.9.4/yagf-538f3d9144ff/src/tpage.cpp:89
#4  0x1b97957c in PageCollection::appendPage (this=0x812b1d20, 
fileName=@0x7c3032d8)
    at /usr/obj/p/yagf-0.9.4/yagf-538f3d9144ff/src/tpagecollection.cpp:53
#5  0x1b91d210 in MainForm::loadFile (this=0xcfbc3680, fn=@0x7c3032d8, 
loadIntoView=true)
    at /usr/obj/p/yagf-0.9.4/yagf-538f3d9144ff/src/mainform.cpp:553
#6  0x1b91df51 in MainForm::loadFromCommandLine (this=0xcfbc3680) at 
/usr/obj/p/yagf-0.9.4/yagf-538f3d9144ff/src/mainform.cpp:216
#7  0x1b928c8d in MainForm (this=0xcfbc3680, parent=0x0) at 
/usr/obj/p/yagf-0.9.4/yagf-538f3d9144ff/src/mainform.cpp:185
#8  0x1b919e32 in main (argc=Cannot access memory at address 0x2
) at /usr/obj/p/yagf-0.9.4/yagf-538f3d9144ff/src/main.cpp:87

Original issue reported on code.google.com by persgray@gmail.com on 5 Aug 2014 at 11:18

Attachments:

GoogleCodeExporter commented 9 years ago 
Thanks for your report!
I had no such problems on Linux. This may be BSD-related. Under Linux I was 
able to open your document and recognize it (see the attached screenshot). 
Anyway I will add sanity checks so that copy() would never run out of borders.

Original comment by andrei.b...@gmail.com on 6 Aug 2014 at 1:29

Attachments:

GoogleCodeExporter commented 9 years ago 
Issue 44 has been merged into this issue.

Original comment by andrei.b...@gmail.com on 6 Aug 2014 at 1:32

GoogleCodeExporter commented 9 years ago

Original comment by andrei.b...@gmail.com on 6 Aug 2014 at 2:27

GoogleCodeExporter commented 9 years ago 
Yes, I see this commit: 
http://code.google.com/p/yagf/source/detail?r=bbe684220a82f216803907038e0dcf670c
ead33f

However, it: 1. Clearly doesn't fix the underlying issue; 2. Makes 
QIPGrayscaleImage::copy() return non-expected value, which could strike at some 
point later (if you call copy(10, 10, 20, 20), you await for 10x10 image, 
right?).

If you're not interested in fixing the underlying issue, I'll try to go on my 
own.

Original comment by persgray@gmail.com on 6 Aug 2014 at 4:41

GoogleCodeExporter commented 9 years ago 
So I found the source(-s) of problem. The patch with further comments is 
attached.

Original comment by persgray@gmail.com on 10 Aug 2014 at 9:27

Attachments:

GoogleCodeExporter commented 9 years ago 
ping?

Original comment by persgray@gmail.com on 2 Oct 2014 at 12:52