search

tjko / jpegoptim

jpegoptim - utility to optimize/compress JPEG files
http://www.iki.fi/tjko/projects.html
GNU General Public License v3.0
1.56k stars 116 forks source link

SEGV in optimize, jpegoptim.c:906 #117

Closed waugustus closed 1 year ago

waugustus commented 1 year ago

Hi,

There is a SEGV error in optimize, jpegoptim.c:906, as shown as follows.

$ CFLAGS="-g -fsanitize=address -fno-omit-frame-pointer" CXXFLAGS="-g -fsanitize=address -fno-omit-frame-pointer" ./configure --prefix=$PWD/build_asan --disable-shared
$ build_asan/bin/jpegoptim -S50% poc
poc 32x32 24bit N  [OK] AddressSanitizer:DEADLYSIGNAL
=================================================================
==131682==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f7c4de882a7 bp 0x7ffcf262c320 sp 0x7ffcf262b9e0 T0)
==131682==The signal is caused by a READ memory access.
==131682==Hint: address points to the zero page.
    #0 0x7f7c4de882a6  (/lib/x86_64-linux-gnu/libjpeg.so.8+0x202a6)
    #1 0x7f7c4de88cb6  (/lib/x86_64-linux-gnu/libjpeg.so.8+0x20cb6)
    #2 0x7f7c4de86fce  (/lib/x86_64-linux-gnu/libjpeg.so.8+0x1efce)
    #3 0x7f7c4de7f2bc in jpeg_finish_decompress (/lib/x86_64-linux-gnu/libjpeg.so.8+0x172bc)
    #4 0x55be362b44b8 in optimize /root/programs/jpegoptim-1.5.0/jpegoptim.c:906
    #5 0x55be362b6899 in main /root/programs/jpegoptim-1.5.0/jpegoptim.c:1309
    #6 0x7f7c4dc9a082 in __libc_start_main ../csu/libc-start.c:308
    #7 0x55be362afccd in _start (/root/programs/jpegoptim-1.5.0/build_asan/bin/jpegoptim+0x7ccd)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libjpeg.so.8+0x202a6) 
==131682==ABORTING

poc.zip

Affected version: jpegoptim 1.5.0 and the master branch b922c2745a69accfc2f59d9d98ba9aef8972d541 (Fri Nov 11 19:17:31 2022 -0800)

Environment:

$ cat /etc/issue
Ubuntu 20.04.5 LTS \n \l

Additional information: It seems that the crash occurred in the libjpeg.so.8. Since it is the default version of libjpeg in Ubuntu 18.04, 20.04, etc., I think this crash may has a wider impact. A simple fix might be to limit the old version of libjpeg in configure.

tjko commented 1 year ago

This seems to be issue with the "libjpeg" library used. No indication this is issue in jpegoptim itself (?)

tjko commented 1 year ago

I was unable to reproduce issue. Can you test against latest (master branch) and see if this is still present?

(perhaps change 3401f250ace692a5b23eac1617dc429eb3566f9f fixed this as well)

waugustus commented 1 year ago

Hi, I have confirmed that this bug cannot be reproduced in commit https://github.com/tjko/jpegoptim/commit/3401f250ace692a5b23eac1617dc429eb3566f9f. Thanks for your fix.