Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Floating Point Exception in cv::HOGDescriptor::getDescriptorSize() #15287

Closed
YourButterfly opened this issue Aug 13, 2019 · 1 comment

Comments

@YourButterfly
Copy link

commented Aug 13, 2019

System information (version)
  • OpenCV => 4.1.0
  • Operating System / Platform => Ubuntu 18.04 LTS
  • Compiler => 7.0.1
Detailed description

An issue was discovered in opencv 4.1.0. There is a FPE in cv::HOGDescriptor::getDescriptorSize.

DEBUG

In file: opencv-4.1.0/modules/objdetect/src/hog.cpp
   88         blockSize.height % cellSize.height == 0);
   89     CV_Assert((winSize.width - blockSize.width) % blockStride.width == 0 &&
   90         (winSize.height - blockSize.height) % blockStride.height == 0 );
   91 
   92     return (size_t)nbins*
 ► 93         (blockSize.width/cellSize.width)*
   94         (blockSize.height/cellSize.height)*
   95         ((winSize.width - blockSize.width)/blockStride.width + 1)*
   96         ((winSize.height - blockSize.height)/blockStride.height + 1);
   97 }
   98 
pwndbg> p cellSize 
$2 = {
  width = 0, 
  height = 0
}

ASAN report

AddressSanitizer:DEADLYSIGNAL
=================================================================
==76303==ERROR: AddressSanitizer: FPE on unknown address 0x7f89dc67e495 (pc 0x7f89dc67e495 bp 0x7ffeedf44e90 sp 0x7ffeedf44d20 T0)
    #0 0x7f89dc67e494 in cv::HOGDescriptor::getDescriptorSize() const /home/pwd/fuzz/opencv/opencv-4.1.0/modules/objdetect/src/hog.cpp:93:25
    #1 0x7f89dc67f994 in cv::HOGDescriptor::checkDetectorSize() const /home/pwd/fuzz/opencv/opencv-4.1.0/modules/objdetect/src/hog.cpp:106:64
    #2 0x7f89dc67f994 in cv::HOGDescriptor::setSVMDetector(cv::_InputArray const&) /home/pwd/fuzz/opencv/opencv-4.1.0/modules/objdetect/src/hog.cpp:115
    #3 0x7f89dc683045 in cv::HOGDescriptor::read(cv::FileNode&) /home/pwd/fuzz/opencv/opencv-4.1.0/modules/objdetect/src/hog.cpp:168:9
    #4 0x7f89dc689eb2 in cv::HOGDescriptor::load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/pwd/fuzz/opencv/opencv-4.1.0/modules/objdetect/src/hog.cpp:200:12
    #5 0x518fb0 in cv::HOGDescriptor::HOGDescriptor(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/pwd/fuzz/opencv/opencv-4.1.0/installed-asan/include/opencv4/opencv2/objdetect.hpp:421:9
    #6 0x518fb0 in main /home/pwd/fuzz/opencv/opencv-4.1.0/mytests/hog.cc:17
    #7 0x7f89d149db96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
    #8 0x41b909 in _start (/home/pwd/fuzz/opencv/opencv-4.1.0/mytests/hog+0x41b909)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE /home/pwd/fuzz/opencv/opencv-4.1.0/modules/objdetect/src/hog.cpp:93:25 in cv::HOGDescriptor::getDescriptorSize() const
==76303==ABORTING

Steps to reproduce
./hog timg.jpeg getDescriptorSize__FPE

hog-vuln.tar.gz

@nluedtke

This comment has been minimized.

Copy link

commented Sep 9, 2019

This was assigned CVE-2019-15939.

clrpackages pushed a commit to clearlinux-pkgs/compat-opencv-soname34 that referenced this issue Sep 16, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
3 participants
You can’t perform that action at this time.