Closed bayandin closed 5 years ago
I'm playing with go-fuzz and have found a crash:
package main import ( "bytes" "github.com/pixiv/go-libjpeg/jpeg" ) func main() { data := []byte("\xff\xd8\xff\xdb\x00C\x000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000\xff\xc9\x00\v\b00\x000" + "\x01\x01\x14\x00\xff\xda\x00\b\x01\x010\x00?\x0000") jpeg.Decode(bytes.NewReader(data), &jpeg.DecoderOptions{}) }
fatal error: unexpected signal during runtime execution [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x7f321d858a60] runtime stack: runtime.throw(0x4d5feb, 0x2a) /usr/local/go/src/runtime/panic.go:617 +0x72 runtime.sigpanic() /usr/local/go/src/runtime/signal_unix.go:374 +0x4a9 goroutine 1 [syscall]: runtime.cgocall(0x495f40, 0xc000040e60, 0x495f00) /usr/local/go/src/runtime/cgocall.go:128 +0x5b fp=0xc000040e30 sp=0xc000040df8 pc=0x405f7b github.com/pixiv/go-libjpeg/jpeg._Cfunc_decode_gray(0x21257e0, 0xc0000a2000, 0x2000000040) _cgo_gotypes.go:678 +0x45 fp=0xc000040e60 sp=0xc000040e30 pc=0x490ec5 github.com/pixiv/go-libjpeg/jpeg.decodeGray.func3(0x21257e0, 0xc000040ef0, 0x20) /go/src/github.com/pixiv/go-libjpeg/jpeg/decompress.go:189 +0x96 fp=0xc000040ea8 sp=0xc000040e60 pc=0x493b96 github.com/pixiv/go-libjpeg/jpeg.decodeGray(0x21257e0, 0xc000096140, 0xc000040f48, 0xc000040f01) /go/src/github.com/pixiv/go-libjpeg/jpeg/decompress.go:189 +0xe1 fp=0xc000040ee8 sp=0xc000040ea8 pc=0x4920c1 github.com/pixiv/go-libjpeg/jpeg.Decode(0x4e9480, 0xc00007e1b0, 0xc000040f58, 0x0, 0x0, 0x0, 0x0) /go/src/github.com/pixiv/go-libjpeg/jpeg/decompress.go:164 +0x151 fp=0xc000040f20 sp=0xc000040ee8 pc=0x491e21 main.main() /go/test.go:15 +0xe4 fp=0xc000040f98 sp=0xc000040f20 pc=0x495634 runtime.main() /usr/local/go/src/runtime/proc.go:200 +0x20c fp=0xc000040fe0 sp=0xc000040f98 pc=0x42d82c runtime.goexit() /usr/local/go/src/runtime/asm_amd64.s:1337 +0x1 fp=0xc000040fe8 sp=0xc000040fe0 pc=0x455351 exit status 2
go version go1.12.9 linux/amd64 libjpeg-turbo 2.0.2
Thank you for your report. It will fix in #53.
I'm playing with go-fuzz and have found a crash: