You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
$ git clone https://github.com/uclouvain/openjpeg.git
$ cd openjpeg
$ mkdir build
$ cd build
$ CFLAGS='-fsanitize=address -g3' CXXFLAGS='-fsanitize=address -g3' cmake ..
$ CFLAGS='-fsanitize=address -g3' CXXFLAGS='-fsanitize=address -g3' make
run with AddressSanitizer
$ ./bin/opj_decompress -o ./tmp/a.ppm -r 5 -i poc.jpg
===========================================
The extension of this file is incorrect.
FOUND .jpg. SHOULD BE .j2k or .jpc or .j2c or .jhc
===========================================
[INFO] Start to read j2k main header (0).
[INFO] Main header has been correctly decoded.
[INFO] No decoded area parameters, set the decoded area to the whole image
[INFO] Header of tile 49 / 256 has been read.
[INFO] Tile 49/256 has been decoded.
[INFO] Image data has been updated with tile 49.
=================================================================
==36806==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7fab83eb3800 at pc 0x56281db9c67d bp 0x7ffd67b60c60 sp 0x7ffd67b60c50
READ of size 4 at 0x7fab83eb3800 thread T0
#0 0x56281db9c67c in sycc420_to_rgb /home/oceane/fuzz/report/openjpeg/src/bin/common/color.c:314
#1 0x56281db9d901 in color_sycc_to_rgb /home/oceane/fuzz/report/openjpeg/src/bin/common/color.c:416
#2 0x56281db78ade in main /home/oceane/fuzz/report/openjpeg/src/bin/jp2/opj_decompress.c:1629
#3 0x7fab92dfe0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x240b2)
#4 0x56281db6ef0d in _start (/home/oceane/fuzz/report/openjpeg/build/bin/opj_decompress+0x9f0d)
0x7fab83eb3800 is located 0 bytes to the right of 37748736-byte region [0x7fab81ab3800,0x7fab83eb3800)
allocated by thread T0 here:
#0 0x7fab9342c6e5 in __interceptor_posix_memalign ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:217
#1 0x7fab932e906a in opj_aligned_alloc_n /home/oceane/fuzz/report/openjpeg/src/lib/openjp2/opj_malloc.c:61
#2 0x7fab932e92a6 in opj_aligned_malloc /home/oceane/fuzz/report/openjpeg/src/lib/openjp2/opj_malloc.c:209
#3 0x7fab9324d460 in opj_image_data_alloc /home/oceane/fuzz/report/openjpeg/src/lib/openjp2/openjpeg.c:1130
#4 0x7fab9321fb13 in opj_j2k_update_image_data /home/oceane/fuzz/report/openjpeg/src/lib/openjp2/j2k.c:10137
#5 0x7fab9322c5f2 in opj_j2k_decode_tiles /home/oceane/fuzz/report/openjpeg/src/lib/openjp2/j2k.c:11743
#6 0x7fab93218ab9 in opj_j2k_exec /home/oceane/fuzz/report/openjpeg/src/lib/openjp2/j2k.c:9032
#7 0x7fab9322e867 in opj_j2k_decode /home/oceane/fuzz/report/openjpeg/src/lib/openjp2/j2k.c:12036
#8 0x7fab9324b58f in opj_decode /home/oceane/fuzz/report/openjpeg/src/lib/openjp2/openjpeg.c:521
#9 0x56281db782d6 in main /home/oceane/fuzz/report/openjpeg/src/bin/jp2/opj_decompress.c:1582
#10 0x7fab92dfe0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x240b2)
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/oceane/fuzz/report/openjpeg/src/bin/common/color.c:314 in sycc420_to_rgb
Shadow bytes around the buggy address:
0x0ff5f07ce6b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff5f07ce6c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff5f07ce6d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff5f07ce6e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff5f07ce6f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ff5f07ce700:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff5f07ce710: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff5f07ce720: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff5f07ce730: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff5f07ce740: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff5f07ce750: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==36806==ABORTING
Operating system
$ uname -a
Linux lab117 5.15.0-57-generic #63~20.04.1-Ubuntu SMP Wed Nov 30 13:40:16 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
openjpeg version
$ git log --oneline -1
2d606701 (HEAD -> master, origin/master, origin/HEAD) Merge pull request #1448 from rouault/fix_1447
$ ./bin/opj_decompress -h
This is the opj_decompress utility from the OpenJPEG project.
It decompresses JPEG 2000 codestreams to various image formats.
It has been compiled against openjp2 library v2.5.0.
(ignore ...)
poc
The text was updated successfully, but these errors were encountered:
Expected behavior and actual behavior.
Expect running without heap-buffer-overflow.
Steps to reproduce the problem.
build with AddressSanitizer
run with AddressSanitizer
Operating system
openjpeg version
poc
The text was updated successfully, but these errors were encountered: