search

openzim / zim-tools

Various ZIM command line tools
https://download.openzim.org/release/zim-tools/
GNU General Public License v3.0
133 stars 35 forks source link

Large `--illustration` image size lead to SIGSEGV #352

Closed shenlebantongying closed 1 year ago

shenlebantongying commented 1 year ago

Minimum demo

zim_dict.zip

~/src/zim-tools/build/src/zimwriterfs/zimwriterfs  --welcome A/index.html --illustration=lenna_wrong.png --language=eng --title=zimdict --description=asd --longDescription=asdasd --creator=slbtty --publisher=slbtty --name=hwat ./zim_dict/ ./ok.zim

The crash exists in both the master as of today https://github.com/openzim/zim-tools/commit/6c1d2f5cf4e1a22ba9dab4f579da6d8c983f1adb and 3.2.0 installed from archlinux's repo.

Using --illustration=lenna_wrong.png, which has a size that is not 48x48 will lead to SIGEGV instead of printing a warning.

Using --illustration=lenna_correct.png will generate as usual.

Expected

If the image size is wrong, it should print a warning instead of crashing without giving a reason/hint.

GDB

The middle part is omitted:

Starting program: /home/slbtty/src/zim-tools/build/src/zimwriterfs/zimwriterfs --welcome=A/index.html --illustration=lenna_wrong.png --language=eng --title=zimdict --description=asd --longDescription=asdasd --creator=slbtty --publisher=slbtty --name=hwat ./zim_dict/ ./ok.zim
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x000055555557b47f in std::__detail::_Executor<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::sub_match<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >, std::__cxx11::regex_traits<char>, true>::_M_dfs (this=0x7fffffffcc80,
__match_mode=std::__detail::_Executor<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::sub_match<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >, std::__cxx11::regex_traits<char>, true>::_Match_mode::_Exact, __i=16) at /usr/include/c++/13.1.1/bits/regex_executor.tcc:510
510           if (_M_states._M_visited(__i))
(gdb) bt
#0  0x000055555557b47f in std::__detail::_Executor<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::sub_match<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >, std::__cxx11::regex_traits<char>, true>::_M_dfs (this=0x7fffffffcc80,
__match_mode=std::__detail::_Executor<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::sub_match<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >, std::__cxx11::regex_traits<char>, true>::_Match_mode::_Exact, __i=16) at /usr/include/c++/13.1.1/bits/regex_executor.tcc:510
#1  0x0000555555580726 in std::__detail::_Executor<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::sub_match<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >, std::__cxx11::regex_traits<char>, true>::_M_handle_alternative (this=0x7fffffffcc80,
__match_mode=std::__detail::_Executor<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::sub_match<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >, std::__cxx11::regex_traits<char>, true>::_Match_mode::_Exact, __i=20) at /usr/include/c++/13.1.1/bits/regex_executor.tcc:488
#2  0x000055555557b5f2 in std::__detail::_Executor<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::sub_match<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >, std::__cxx11::regex_traits<char>, true>::_M_dfs (this=0x7fffffffcc80,
__match_mode=std::__detail::_Executor<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::sub_match<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >, std::__cxx11::regex_traits<char>, true>::_Match_mode::_Exact, __i=20) at /usr/include/c++/13.1.1/bits/regex_executor.tcc:536
#3  0x000055555557fef0 in std::__detail::_Executor<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::sub_match<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >, std::__cxx11::regex_traits<char>, true>::_M_handle_subexpr_begin (this=0x7fffffffcc80,
__match_mode=std::__detail::_Executor<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::sub_match<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >, std::__cxx11::regex_traits<char>, true>::_Match_mode::_Exact, __i=10) at /usr/include/c++/13.1.1/bits/regex_executor.tcc:255
#4  0x000055555557b50b in std::__detail::_Executor<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::sub_match<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >, std::__cxx11::regex_traits<char>, true>::_M_dfs (this=0x7fffffffcc80,
__match_mode=std::__detail::_Executor<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::sub_match<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >, std::__cxx11::regex_traits<char>, true>::_Match_mode::_Exact, __i=10) at /usr/include/c++/13.1.1/bits/regex_executor.tcc:518
#5  0x0000555555585071 in std::__detail::_Executor<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::sub_match<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >, std::__cxx11::regex_traits<char>, true>::_M_rep_once_more (this=0x7fffffffcc80,
__match_mode=std::__detail::_Executor<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::sub_match<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >, std::__cxx11::regex_traits<char>, true>::_Match_mode::_Exact, __i=22) at /usr/include/c++/13.1.1/bits/regex_executor.tcc:185
#6  0x000055555557fdf1 in std::__detail::_Executor<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::sub_match<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >, std::__cxx11::regex_traits<char>, true>::_M_handle_repeat (this=0x7fffffffcc80,
__match_mode=std::__detail::_Executor<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::sub_match<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >, std::__cxx11::regex_traits<char>, true>::_Match_mode::_Exact, __i=22) at /usr/include/c++/13.1.1/bits/regex_executor.tcc:213
#7  0x000055555557b4f0 in std::__detail::_Executor<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::sub_match<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, st--Type <RET> for more, q to quit, c to continue without paging--
d::allocator<char> > > > >, std::__cxx11::regex_traits<char>, true>::_M_dfs (this=0x7fffffffcc80,
__match_mode=std::__detail::_Executor<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::sub_match<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >, std::__cxx11::regex_traits<char>, true>::_Match_mode::_Exact, __i=22) at /usr/include/c++/13.1.1/bits/regex_executor.tcc:516
#8  0x000055555557ffbd in std::__detail::_Executor<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::sub_match<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >, std::__cxx11::regex_traits<char>, true>::_M_handle_subexpr_end (this=0x7fffffffcc80,
__match_mode=std::__detail::_Executor<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::sub_match<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >, std::__cxx11::regex_traits<char>, true>::_Match_mode::_Exact, __i=21) at /usr/include/c++/13.1.1/bits/regex_executor.tcc:270
#9  0x000055555557b526 in std::__detail::_Executor<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::sub_match<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >, std::__cxx11::regex_traits<char>, true>::_M_dfs (this=0x7fffffffcc80,
__match_mode=std::__detail::_Executor<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::sub_match<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >, std::__cxx11::regex_traits<char>, true>::_Match_mode::_Exact, __i=21) at /usr/include/c++/13.1.1/bits/regex_executor.tcc:520
#10 0x000055555558023f in std::__detail::_Executor<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::sub_match<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >, std::__cxx11::regex_traits<char>, true>::_M_handle_match (this=0x7fffffffcc80,
__match_mode=std::__detail::_Executor<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::sub_match<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >, std::__cxx11::regex_traits<char>, true>::_Match_mode::_Exact, __i=11) at /usr/include/c++/13.1.1/bits/regex_executor.tcc:330
#11 0x000055555557b5aa in std::__detail::_Executor<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::sub_match<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >, std::__cxx11::regex_traits<char>, true>::_M_dfs (this=0x7fffffffcc80,
__match_mode=std::__detail::_Executor<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::sub_match<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >, std::__cxx11::regex_traits<char>, true>::_Match_mode::_Exact, __i=11) at /usr/include/c++/13.1.1/bits/regex_executor.tcc:530

....................
....................
....................

#133497 0x00005555555763c7 in std::__detail::_Executor<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::sub_match<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >, std::__cxx11::regex_traits<char>, true>::_M_main (this=0x7fffffffcc80,
__match_mode=std::__detail::_Executor<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::sub_match<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >, std::__cxx11::regex_traits<char>, true>::_Match_mode::_Exact) at /usr/include/c++/13.1.1/bits/regex_executor.h:150
#133498 0x00005555555747e7 in std::__detail::_Executor<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::sub_match<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >, std::__cxx11::regex_traits<char>, true>::_M_match (this=0x7fffffffcc80) at /usr/include/c++/13.1.1/bits/regex_executor.h:94
#133499 0x0000555555572c49 in std::__detail::__regex_algo_impl<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::sub_match<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >, char, std::__cxx11::regex_traits<char> > (__s=-119 '\211', __e=0 '\000', __m=..., __re=...,
__flags=std::regex_constants::_S_default, __policy=std::__detail::_RegexExecutorPolicy::_S_auto, __match_mode=true)
at /usr/include/c++/13.1.1/bits/regex.tcc:80
#133500 0x00005555555713ce in std::regex_match<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::sub_match<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >, char, std::__cxx11::regex_traits<char> > (__s=-119 '\211', __e=0 '\000', __m=..., __re=..., __flags=std::regex_constants::_S_default)
at /usr/include/c++/13.1.1/bits/regex.h:2268
#133501 0x000055555557080e in std::regex_match<__gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, char, std::__cxx11::regex_traits<char> > (__first=-119 '\211', __last=0 '\000', __re=..., __flags=std::regex_constants::_S_default)
at /usr/include/c++/13.1.1/bits/regex.h:2294
#133502 0x000055555556d79a in zim::(anonymous namespace)::matchRegex (regexStr="^\211PNG\r\n\032\n(.|\\s|\000)+",
text="\211PNG\r\n\032\n\000\000\000\rIHDR\000\000\002\000\000\000\002\000\b\002\000\000\000{\032C\255\000\000\000\001sRGB\000\256\316\034\351\000\a:\241IDATx\332\354\341]\222m[\222\035\346\215\341\356s\256\265#\342\234{3\253 \b\344\213Z \243\214FQ\244\361O%\243\231:#\243\000\352U\rP\343\324\000Q\244\301\000\222H \253\262\362\336{\"\366^kNw\037J\265\003\371}\374\327\377\257\377'\200\302\tm\267\v\257\264ǡ$\246w^\256\243\264;\177\370㽒\275\026\306B\r\036'x\363sc$\253j\034Uts\253m\373\231\343\237BO\365\233ǧ\345\352c\372\252:~\266~\332", <incomplete sequence \373\207\275>...) at ../src/metadata.cpp:50
#133503 0x000055555556e69d in zim::Metadata::checkSimpleConstraints[abi:cxx11]() const (this=0x7fffffffd1b0) at ../src/metadata.cpp:213
#133504 0x000055555556e99e in zim::Metadata::check[abi:cxx11]() const (this=0x7fffffffd1b0) at ../src/metadata.cpp:239
#133505 0x000055555555d7a7 in (anonymous namespace)::checkMetadata (metadata=...) at ../src/zimwriterfs/zimwriterfs.cpp:111
#133506 0x000055555555ef9a in main (argc=12, argv=0x7fffffffd318) at ../src/zimwriterfs/zimwriterfs.cpp:484
kelson42 commented 1 year ago

@shenlebantongying Thanks for reporting this. One small remark, if the illustration resolution is wrong it should report IMO an error, not a warning.