search

tjko / jpegoptim

jpegoptim - utility to optimize/compress JPEG files
http://www.iki.fi/tjko/projects.html
GNU General Public License v3.0
1.56k stars 116 forks source link

Asan errors detected in 32bit asan version. #133

Closed Zrzzzz closed 1 year ago

Zrzzzz commented 1 year ago

Environment

Distributor ID: Ubuntu Description: Ubuntu 18.04.6 LTS Release: 18.04 Codename: bionic

Version

from releases: jpegoptim-1.5.2, commit hash: f20f0e8775335d9f44efc65285a6ca85451e2036

Build command

CFLAGS="-g -fsanitize=address -fno-omit-frame-pointer -m32 -L/usr/local/lib" CXXFLAGS="-g -fsanitize=address -fno-omit-frame-pointer -m32" LDFLAGS="-m32" ./configure --prefix=$PWD/build

POC

https://drive.google.com/file/d/1utRF5dKBwsxMcllxeBb34FPKPkOlgjT1/view?usp=share_link

Crash example output

out/crashes/id:000000,sig:06,src:000000,op:flip32,pos:163 65087x65199 24bit N JFIF==14851==ERROR: AddressSanitizer failed to allocate 0x3b973000 (999763968) bytes of LargeMmapAllocator (error code: 12) ==14851==Process memory map follows: 0x1ffff000-0x24000000 0x24000000-0x28000000 0x28000000-0x40000000 0x56572000-0x56588000 /data/zzx/benchmark/jpegoptim-1.5.2/asanfuzzing/sys/toTest 0x56588000-0x56589000 /data/zzx/benchmark/jpegoptim-1.5.2/asanfuzzing/sys/toTest 0x56589000-0x5658c000 /data/zzx/benchmark/jpegoptim-1.5.2/asanfuzzing/sys/toTest 0x5658c000-0x5658d000 0x7d91a000-0xf4d00000 0xf4e00000-0xf4f00000 0xf5000000-0xf5100000 0xf5200000-0xf5300000 0xf5400000-0xf5500000 0xf5600000-0xf5700000 0xf5800000-0xf5900000 0xf5a00000-0xf5b00000 0xf5c00000-0xf5d00000 0xf5e00000-0xf5f00000 0xf6000000-0xf6100000 0xf6200000-0xf6300000 0xf63db000-0xf75f6000 0xf75f6000-0xf7612000 /lib/i386-linux-gnu/libgcc_s.so.1 0xf7612000-0xf7613000 /lib/i386-linux-gnu/libgcc_s.so.1 0xf7613000-0xf7614000 /lib/i386-linux-gnu/libgcc_s.so.1 0xf7614000-0xf762f000 /lib/i386-linux-gnu/libpthread-2.27.so 0xf762f000-0xf7630000 /lib/i386-linux-gnu/libpthread-2.27.so 0xf7630000-0xf7631000 /lib/i386-linux-gnu/libpthread-2.27.so 0xf7631000-0xf7632000 /lib/i386-linux-gnu/libpthread-2.27.so 0xf7632000-0xf7634000 0xf7634000-0xf763c000 /lib/i386-linux-gnu/librt-2.27.so 0xf763c000-0xf763d000 /lib/i386-linux-gnu/librt-2.27.so 0xf763d000-0xf763e000 /lib/i386-linux-gnu/librt-2.27.so 0xf763e000-0xf7641000 /lib/i386-linux-gnu/libdl-2.27.so 0xf7641000-0xf7642000 /lib/i386-linux-gnu/libdl-2.27.so 0xf7642000-0xf7643000 /lib/i386-linux-gnu/libdl-2.27.so 0xf7643000-0xf7818000 /lib/i386-linux-gnu/libc-2.27.so 0xf7818000-0xf7819000 /lib/i386-linux-gnu/libc-2.27.so 0xf7819000-0xf781b000 /lib/i386-linux-gnu/libc-2.27.so 0xf781b000-0xf781c000 /lib/i386-linux-gnu/libc-2.27.so 0xf781c000-0xf781f000 0xf781f000-0xf786a000 /usr/local/lib/libjpeg.so.9.5.0 0xf786a000-0xf786b000 /usr/local/lib/libjpeg.so.9.5.0 0xf786b000-0xf786c000 /usr/local/lib/libjpeg.so.9.5.0 0xf786c000-0xf786d000 /usr/local/lib/libjpeg.so.9.5.0 0xf786d000-0xf796d000 /lib/i386-linux-gnu/libm-2.27.so 0xf796d000-0xf796e000 /lib/i386-linux-gnu/libm-2.27.so 0xf796e000-0xf796f000 /lib/i386-linux-gnu/libm-2.27.so 0xf796f000-0xf7add000 /usr/lib32/libasan.so.4.0.0 0xf7add000-0xf7adf000 /usr/lib32/libasan.so.4.0.0 0xf7adf000-0xf7ae2000 /usr/lib32/libasan.so.4.0.0 0xf7ae2000-0xf7f39000 0xf7f3b000-0xf7f43000 0xf7f46000-0xf7f61000 0xf7f61000-0xf7f64000 [vvar] 0xf7f64000-0xf7f66000 [vdso] 0xf7f66000-0xf7f8c000 /lib/i386-linux-gnu/ld-2.27.so 0xf7f8c000-0xf7f8d000 /lib/i386-linux-gnu/ld-2.27.so 0xf7f8d000-0xf7f8e000 /lib/i386-linux-gnu/ld-2.27.so 0xff995000-0xff9b6000 [stack] ==14851==End of process memory map. ==14851==AddressSanitizer CHECK failed: ../../../../../src/libsanitizer/sanitizer_common/sanitizer_common.cc:118 "((0 && "unable to mmap")) != (0)" (0x0, 0x0)

0 0xf7a60eb1 (/usr/lib32/libasan.so.4+0xf1eb1)

#1 0xf7a81f8b in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/usr/lib32/libasan.so.4+0x112f8b)
#2 0xf7a6a8da  (/usr/lib32/libasan.so.4+0xfb8da)
#3 0xf7a78c78  (/usr/lib32/libasan.so.4+0x109c78)
#4 0xf79919e2  (/usr/lib32/libasan.so.4+0x229e2)
#5 0xf798dec6  (/usr/lib32/libasan.so.4+0x1eec6)
#6 0xf7a54f1c in malloc (/usr/lib32/libasan.so.4+0xe5f1c)
#7 0xf7862594 in jpeg_get_large (/usr/local/lib/libjpeg.so.9+0x43594)
#8 0xf7861356 in alloc_large (/usr/local/lib/libjpeg.so.9+0x42356)
#9 0xf7861581 in alloc_barray (/usr/local/lib/libjpeg.so.9+0x42581)
#10 0xf78619d7 in realize_virt_arrays (/usr/local/lib/libjpeg.so.9+0x429d7)
#11 0xf7841c42 in transdecode_master_selection (/usr/local/lib/libjpeg.so.9+0x22c42)
#12 0xf7841a95 in jpeg_read_coefficients (/usr/local/lib/libjpeg.so.9+0x22a95)
#13 0x565795fd in optimize /data/zzx/benchmark/jpegoptim-1.5.2/jpegoptim.c:744
#14 0x5657d33d in main /data/zzx/benchmark/jpegoptim-1.5.2/jpegoptim.c:1369
#15 0xf765bfa0 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18fa0)
#16 0x56575fe0  (/data/zzx/benchmark/jpegoptim-1.5.2/asanfuzzing/sys/toTest+0x3fe0)
tjko commented 1 year ago

What does this have to do with jpegoptim?

Zrzzzz commented 1 year ago

you mean it has to do with libjpeg?

tjko commented 1 year ago

All I see is an error from AddressSanitizer itself. How is this issue with jpegoptim?

Zrzzzz commented 1 year ago

yeah it seems like my mad.