search

nothings / stb

stb single-file public domain libraries for C/C++
https://twitter.com/nothings
Other
27.13k stars 7.72k forks source link

Assertion failed in stbir__calculate_filters() at stb_image_resize2.h:3969 #1691

Open TimChan2001 opened 2 months ago

TimChan2001 commented 2 months ago

Describe the bug Hi, we encountered an assertion failure in stb_image_resize2.h while processing a specific image. The error message is as follows:

stb_image_resize2.h:3969: stbir__calculate_filters: 
Assertion `(scatter_contributors->n1 - scatter_contributors->n0 + 1) <= scatter_coefficient_width' failed.

To Reproduce

#include <stdio.h>
#include <stdlib.h>
#include "stb_image.h"
#include "stb_image_resize2.h"

int main(int argc, char** argv) {
    if (argc < 2) {
        printf("Usage: %s <input_image>\n", argv[0]);
        return 1;
    }

    int input_width, input_height, channels;
    unsigned char* input_image = stbi_load(argv[1], &input_width, &input_height, &channels, 0);
    if (!input_image) {
        printf("Failed to load image: %s\n", argv[1]);
        return 1;
    }

    printf("Loaded image: %s (width: %d, height: %d, channels: %d)\n", argv[1], input_width, input_height, channels);

    int output_width = 100;
    int output_height = 100;

    unsigned char* output_image = (unsigned char*)malloc(output_width * output_height * channels);
    if (!output_image) {
        printf("Failed to allocate output image memory!\n");
        stbi_image_free(input_image);
        return 1;
    }

    int result = stbir_resize_uint8_srgb(
        input_image, input_width, input_height, 0,
        output_image, output_width, output_height, 0,
        channels
    );

    if (result) {
        printf("Image resized successfully!\n");
    } else {
        printf("Failed to resize image.\n");
    }

    stbi_image_free(input_image);
    free(output_image);

    return 0;
}

compile the above code and run it on the $POC

./demo $POC

Expected behavior Shouldn't crash.

Screenshots

Starting program: /root/stbfuzz/resize_demo_gcc /root/pocs/stb_image-assertion
Loaded image: /root/pocs/stb_image-assertion (width: 32, height: 393184, channels: 3)
resize_demo_gcc: stb_image_resize2.h:3969: stbir__calculate_filters: Assertion `( scatter_contributors->n1 - scatter_contributors->n0 + 1 ) <= scatter_coefficient_width' failed.

Program received signal SIGABRT, Aborted.
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff76847f1 in __GI_abort () at abort.c:79
#2  0x00007ffff76743fa in __assert_fail_base (
    fmt=0x7ffff77fb6c0 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", 
    assertion=assertion@entry=0x5555555d47a0 "( scatter_contributors->n1 - scatter_contributors->n0 + 1 ) <= scatter_coefficient_width", file=file@entry=0x5555555d44f0 "stb_image_resize2.h", line=line@entry=3969, 
    function=function@entry=0x5555555d4f70 <__PRETTY_FUNCTION__.10466> "stbir__calculate_filters")
    at assert.c:92
#3  0x00007ffff7674472 in __GI___assert_fail (
    assertion=0x5555555d47a0 "( scatter_contributors->n1 - scatter_contributors->n0 + 1 ) <= scatter_coefficient_width", file=0x5555555d44f0 "stb_image_resize2.h", line=3969, 
    function=0x5555555d4f70 <__PRETTY_FUNCTION__.10466> "stbir__calculate_filters") at assert.c:101
#4  0x000055555557605a in stbir.calculate_filters ()
#5  0x00005555555d0f5a in stbir.alloc_internal_mem_and_build_samplers ()
#6  0x00005555555d28fb in stbir.perform_build ()
#7  0x00005555555d2a31 in stbir_build_samplers_with_splits ()
#8  0x00005555555d2a57 in stbir_build_samplers ()
#9  0x00005555555d2ac8 in stbir_resize_extended ()
#10 0x00005555555d2f86 in stbir_resize_uint8_srgb ()
#11 0x00005555555d343a in main ()
jeffrbig2 commented 2 weeks ago

The link above to the poc file gives me an invalid file back. All I really need to repro is the image width/height and channels that you are testing with...