search

thorfdbg / libjpeg

A complete implementation of 10918-1 (JPEG) coming from jpeg.org (the ISO group) with extensions for HDR, lossless and alpha channel coding standardized as ISO/IEC 18477 (JPEG XT).
327 stars 81 forks source link

Segmentation fault in linebuffer.cpp:322 #29

Closed seviezhou closed 4 years ago

seviezhou commented 4 years ago

System info

Ubuntu X64, gcc (Ubuntu 5.5.0-12ubuntu1), jpeg (latest master e52406)

Command line

./jpeg -oz -h -s 1x1,2x2,2x2 @@ /dev/null

Output

*** Warning -1038 in Frame::StartParseHiddenScan, line 869, file frame.cpp
*** Reason is: Start of Scan SOS marker missing

*** Warning -1038 in Frame::ParseTrailer, line 1083, file frame.cpp
*** Reason is: missing an EOI marker at the end of the stream

*** Warning -1038 in Image::ParseTrailer, line 1464, file image.cpp
*** Reason is: expecting an EOI marker at the end of the stream

Segmentation fault

Address Sanitizer

ASAN:SIGSEGV
=================================================================
==9062==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000008583d3 bp 0x7ffc9436de80 sp 0x7ffc9436de60 T0)
    #0 0x8583d2 in LineBuffer::FetchRegion(int, Line const*, int*) /home/seviezhou/libjpeg/control/linebuffer.cpp:322
    #1 0x87ef78 in LineBitmapRequester::ReconstructRegion(RectAngle<int> const&, RectangleRequest const*) /home/seviezhou/libjpeg/control/linebitmaprequester.cpp:513
    #2 0x486b6c in Image::ReconstructRegion(BitMapHook*, RectangleRequest const*) /home/seviezhou/libjpeg/codestream/image.cpp:1111
    #3 0x45f10a in JPEG::InternalDisplayRectangle(JPG_TagItem*) /home/seviezhou/libjpeg/interface/jpeg.cpp:721
    #4 0x45f452 in JPEG::DisplayRectangle(JPG_TagItem*) /home/seviezhou/libjpeg/interface/jpeg.cpp:699
    #5 0x42c573 in Reconstruct(char const*, char const*, int, char const*, bool) /home/seviezhou/libjpeg/cmd/reconstruct.cpp:320
    #6 0x4055f0 in main /home/seviezhou/libjpeg/cmd/main.cpp:718
    #7 0x7fdc5ae9183f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f)
    #8 0x409da8 in _start (/home/seviezhou/libjpeg/jpeg+0x409da8)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/seviezhou/libjpeg/control/linebuffer.cpp:322 LineBuffer::FetchRegion(int, Line const*, int*)
==9062==ABORTING

POC

SEGV-FetchRegion-linebuffer-322.zip

thorfdbg commented 4 years ago

No longer reproducible, probably closed as part of another bug.