A SIGKILL occurs while reading a JPEG file

tjko / jpegoptim

jpegoptim - utility to optimize/compress JPEG files

http://www.iki.fi/tjko/projects.html

GNU General Public License v3.0

1.56k stars 116 forks source link

A SIGKILL occurs while reading a JPEG file #81

Closed tank0123 closed 2 years ago

tank0123 commented 3 years ago

System Configuration

jpegoptim version: v1.4.7beta
Used arguments: --strip-all
Environment (Operating system, version and so on): Ubuntu 18.04.2 64bit

A SIGKILL interrupt occurs while reading the jpeg file. It causes while executing on the jpeg_read_coefficients function of jpegoptim.c (647 line).

Printed messages:

Starting program: /home/server/analysis/jpegoptim/jpegoptim --strip-all /home/server/jpegoptim_PoC /home/server/jpegoptim_PoC 33824x56064 24bit N JFIF Program terminated with signal SIGKILL, Killed.

I've attached the file. Please download and check the file. jpegoptim_PoC.zip

tjko commented 3 years ago

Seems like issue with the particular libjpeg version you are using (or libjpeg implementation if using replacement like libjpeg-turbo, etc...)

I couldn't replicate issue with libjpeg-turbo (1.5.2-2+deb10u1):

$ ./jpegoptim --strip-all -v jpegoptim_PoC
jpegoptim_PoC 33824x56064 24bit N JFIF  (Insufficient memory (case 11))  [ERROR]
$

tank0123 commented 3 years ago

Thanks for the reply. As a result of checking the contents you've mentioned, regardless of the version of libjpeg It has been confirmed that the SIGKILL message is reproduced. (Tested on libjpeg-turbo 2.1.1)

However, it could be confirmed that the occurrence or non-occurrence varies depending on the ram size. When the ram size is set to 4GB, a SIGKILL signal occurs, whereas when the ram size is set to 8GB or more, the output is as follows.

$/home/server/jpegoptim_PoC 33824x56064 24bit N JFIF [WARNING] 548 --> 11111758 bytes (-2027593.07%), skipped.

Also, when processing a file with an abnormally large pixel size it was confirmed that the SIGKILL signal was generated. We've generated another PoC file that pixel size is 65,280 * 65,280. jpegoptim_PoC_2.zip

This seems to require mitigation on the manipulated jpeg file that pixel size is abnormally huge.

tjko commented 3 years ago

I tested with libjpeg-turbo v2.1.1, no change:

$ ./jpegoptim -v jpegoptim_PoC_2.jpg 
jpegoptim_PoC_2.jpg 65280x65280 24bit N JFIF  (Insufficient memory (case 11))  [ERROR]
$

I was testing on ARM, maybe you're testing on Intel (?). In any case seems like you've run into some issue with libjpeg-turbo.... Or do you have stack trace, etc to prove otherwise?

tank0123 commented 3 years ago

Since it originated from an issue with libjpeg, I will further analyze the library and report it to libjpeg-turbo and inform you of the progress.

However, even in the jpegoptim, error handling logic for files with excessively sized pixels seems to be necessary.

tjko commented 3 years ago

jpegoptim already has error handling, it reported error normally on the PoC files you provided. I didn't see process crash, etc...