[BUG] Error when trying to repack dng

[eszdman]

I can't repack the dng, maybe some necessary data is missing during dng writing, despite the fact that I used all possible methods in the tinydngwriter::DNGImage

Dng reader notifies: Err: Failed to read StripByteCount value.

Simple example code on gist: https://gist.github.com/eszdman/34e83dacc70369b62d596be3a0ba5531

[eszdman]

Is it known issue? Why it is closed?

[syoyo]

You should post minimal reproducible code & test DNG file

[eszdman]

It happens on any DNG files Here minimal code with dng and cmake

testProject.tar.gz

[syoyo]

Your code is broken. You should first fix your code.

$ clang++ -fsanitize=address -g repackTest.cpp
$ ./a.out colorchart.dng
=================================================================
==1419150==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7fb8b3642f30 at pc 0x559bb541b761 bp 0x7ffe72684d30 sp 0x7ffe72684d28
READ of size 2 at 0x7fb8b3642f30 thread T0
    #0 0x559bb541b760 in main /home/syoyo/work/tinydng/repackTest.cpp:60:24
    #1 0x7fb8b6503082 in __libc_start_main /build/glibc-BHL3KM/glibc-2.31/csu/../csu/libc-start.c:308:16
    #2 0x559bb53197bd in _start (/home/syoyo/work/tinydng/a.out+0x277bd) (BuildId: 39e849e5e6725fdacf25e81a180dcc3e35c0e3f2)

0x7fb8b3642f30 is located 0 bytes to the right of 3905328-byte region [0x7fb8b3289800,0x7fb8b3642f30)
allocated by thread T0 here:
    #0 0x559bb53d855d in operator new(unsigned long) (/home/syoyo/work/tinydng/a.out+0xe655d) (BuildId: 39e849e5e6725fdacf25e81a180dcc3e35c0e3f2)
    #1 0x559bb548954b in __gnu_cxx::new_allocator<unsigned char>::allocate(unsigned long, void const*) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/ext/new_allocator.h:121:27
    #2 0x559bb54894f0 in std::allocator_traits<std::allocator<unsigned char>>::allocate(std::allocator<unsigned char>&, unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/alloc_traits.h:460:20
    #3 0x559bb54894af in std::_Vector_base<unsigned char, std::allocator<unsigned char>>::_M_allocate(unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/stl_vector.h:346:20
    #4 0x559bb54970d8 in std::vector<unsigned char, std::allocator<unsigned char>>::_M_default_append(unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/vector.tcc:635:34
    #5 0x559bb5478945 in std::vector<unsigned char, std::allocator<unsigned char>>::resize(unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/stl_vector.h:940:4
    #6 0x559bb53e5a02 in tinydng::LoadDNGFromMemory(char const*, unsigned int, std::vector<tinydng::FieldInfo, std::allocator<tinydng::FieldInfo>>&, std::vector<tinydng::DNGImage, std::allocator<tinydng::DNGImage>>*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*) /home/syoyo/work/tinydng/./tiny_dng_loader.h:5096:21
    #7 0x559bb53e2f10 in tinydng::LoadDNG(char const*, std::vector<tinydng::FieldInfo, std::allocator<tinydng::FieldInfo>>&, std::vector<tinydng::DNGImage, std::allocator<tinydng::DNGImage>>*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*) /home/syoyo/work/tinydng/./tiny_dng_loader.h:4941:10
    #8 0x559bb541a715 in readDNG(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>) /home/syoyo/work/tinydng/repackTest.cpp:20:16
    #9 0x559bb541b428 in main /home/syoyo/work/tinydng/repackTest.cpp:54:19
    #10 0x7fb8b6503082 in __libc_start_main /build/glibc-BHL3KM/glibc-2.31/csu/../csu/libc-start.c:308:16

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/syoyo/work/tinydng/repackTest.cpp:60:24 in main
Shadow bytes around the buggy address:
  0x0ff7966c0590: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff7966c05a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff7966c05b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff7966c05c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff7966c05d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ff7966c05e0: 00 00 00 00 00 00[fa]fa fa fa fa fa fa fa fa fa
  0x0ff7966c05f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ff7966c0600: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ff7966c0610: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ff7966c0620: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ff7966c0630: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==1419150==ABORTING

[eszdman]

Made a reproduction of the issue without the input dng file

testProjectFix.tar.gz

[syoyo]

You need to set RowsPerStrip == image.height as done in https://github.com/syoyo/tinydng/blob/659491974e91e26c1667985fd1981985beee218c/examples/dngwriter/main.cc#L16

Writing an image with multiple strips is not supported yet: https://github.com/syoyo/tinydng/issues/40