Open eszdman opened 8 months ago
Is it known issue? Why it is closed?
You should post minimal reproducible code & test DNG file
It happens on any DNG files Here minimal code with dng and cmake
Your code is broken. You should first fix your code.
$ clang++ -fsanitize=address -g repackTest.cpp
$ ./a.out colorchart.dng
=================================================================
==1419150==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7fb8b3642f30 at pc 0x559bb541b761 bp 0x7ffe72684d30 sp 0x7ffe72684d28
READ of size 2 at 0x7fb8b3642f30 thread T0
#0 0x559bb541b760 in main /home/syoyo/work/tinydng/repackTest.cpp:60:24
#1 0x7fb8b6503082 in __libc_start_main /build/glibc-BHL3KM/glibc-2.31/csu/../csu/libc-start.c:308:16
#2 0x559bb53197bd in _start (/home/syoyo/work/tinydng/a.out+0x277bd) (BuildId: 39e849e5e6725fdacf25e81a180dcc3e35c0e3f2)
0x7fb8b3642f30 is located 0 bytes to the right of 3905328-byte region [0x7fb8b3289800,0x7fb8b3642f30)
allocated by thread T0 here:
#0 0x559bb53d855d in operator new(unsigned long) (/home/syoyo/work/tinydng/a.out+0xe655d) (BuildId: 39e849e5e6725fdacf25e81a180dcc3e35c0e3f2)
#1 0x559bb548954b in __gnu_cxx::new_allocator<unsigned char>::allocate(unsigned long, void const*) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/ext/new_allocator.h:121:27
#2 0x559bb54894f0 in std::allocator_traits<std::allocator<unsigned char>>::allocate(std::allocator<unsigned char>&, unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/alloc_traits.h:460:20
#3 0x559bb54894af in std::_Vector_base<unsigned char, std::allocator<unsigned char>>::_M_allocate(unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/stl_vector.h:346:20
#4 0x559bb54970d8 in std::vector<unsigned char, std::allocator<unsigned char>>::_M_default_append(unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/vector.tcc:635:34
#5 0x559bb5478945 in std::vector<unsigned char, std::allocator<unsigned char>>::resize(unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/stl_vector.h:940:4
#6 0x559bb53e5a02 in tinydng::LoadDNGFromMemory(char const*, unsigned int, std::vector<tinydng::FieldInfo, std::allocator<tinydng::FieldInfo>>&, std::vector<tinydng::DNGImage, std::allocator<tinydng::DNGImage>>*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*) /home/syoyo/work/tinydng/./tiny_dng_loader.h:5096:21
#7 0x559bb53e2f10 in tinydng::LoadDNG(char const*, std::vector<tinydng::FieldInfo, std::allocator<tinydng::FieldInfo>>&, std::vector<tinydng::DNGImage, std::allocator<tinydng::DNGImage>>*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*) /home/syoyo/work/tinydng/./tiny_dng_loader.h:4941:10
#8 0x559bb541a715 in readDNG(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>) /home/syoyo/work/tinydng/repackTest.cpp:20:16
#9 0x559bb541b428 in main /home/syoyo/work/tinydng/repackTest.cpp:54:19
#10 0x7fb8b6503082 in __libc_start_main /build/glibc-BHL3KM/glibc-2.31/csu/../csu/libc-start.c:308:16
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/syoyo/work/tinydng/repackTest.cpp:60:24 in main
Shadow bytes around the buggy address:
0x0ff7966c0590: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff7966c05a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff7966c05b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff7966c05c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff7966c05d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ff7966c05e0: 00 00 00 00 00 00[fa]fa fa fa fa fa fa fa fa fa
0x0ff7966c05f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff7966c0600: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff7966c0610: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff7966c0620: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff7966c0630: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==1419150==ABORTING
Made a reproduction of the issue without the input dng file
You need to set RowsPerStrip == image.height
as done in https://github.com/syoyo/tinydng/blob/659491974e91e26c1667985fd1981985beee218c/examples/dngwriter/main.cc#L16
Writing an image with multiple strips is not supported yet: https://github.com/syoyo/tinydng/issues/40
I can't repack the dng, maybe some necessary data is missing during dng writing, despite the fact that I used all possible methods in the tinydngwriter::DNGImage
Dng reader notifies: Err: Failed to read StripByteCount value.
Simple example code on gist: https://gist.github.com/eszdman/34e83dacc70369b62d596be3a0ba5531