Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
An issue was discovered in opencv 4.1.0. There is a FPE in cv::HOGDescriptor::getDescriptorSize.
DEBUG
In file: opencv-4.1.0/modules/objdetect/src/hog.cpp 88 blockSize.height % cellSize.height == 0); 89 CV_Assert((winSize.width - blockSize.width) % blockStride.width == 0 && 90 (winSize.height - blockSize.height) % blockStride.height == 0 ); 91 92 return (size_t)nbins* ► 93 (blockSize.width/cellSize.width)* 94 (blockSize.height/cellSize.height)* 95 ((winSize.width - blockSize.width)/blockStride.width + 1)* 96 ((winSize.height - blockSize.height)/blockStride.height + 1); 97 } 98 pwndbg> p cellSize $2 = { width = 0, height = 0 }
ASAN report
AddressSanitizer:DEADLYSIGNAL ================================================================= ==76303==ERROR: AddressSanitizer: FPE on unknown address 0x7f89dc67e495 (pc 0x7f89dc67e495 bp 0x7ffeedf44e90 sp 0x7ffeedf44d20 T0) #0 0x7f89dc67e494 in cv::HOGDescriptor::getDescriptorSize() const /home/pwd/fuzz/opencv/opencv-4.1.0/modules/objdetect/src/hog.cpp:93:25 #1 0x7f89dc67f994 in cv::HOGDescriptor::checkDetectorSize() const /home/pwd/fuzz/opencv/opencv-4.1.0/modules/objdetect/src/hog.cpp:106:64 #2 0x7f89dc67f994 in cv::HOGDescriptor::setSVMDetector(cv::_InputArray const&) /home/pwd/fuzz/opencv/opencv-4.1.0/modules/objdetect/src/hog.cpp:115 #3 0x7f89dc683045 in cv::HOGDescriptor::read(cv::FileNode&) /home/pwd/fuzz/opencv/opencv-4.1.0/modules/objdetect/src/hog.cpp:168:9 #4 0x7f89dc689eb2 in cv::HOGDescriptor::load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/pwd/fuzz/opencv/opencv-4.1.0/modules/objdetect/src/hog.cpp:200:12 #5 0x518fb0 in cv::HOGDescriptor::HOGDescriptor(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/pwd/fuzz/opencv/opencv-4.1.0/installed-asan/include/opencv4/opencv2/objdetect.hpp:421:9 #6 0x518fb0 in main /home/pwd/fuzz/opencv/opencv-4.1.0/mytests/hog.cc:17 #7 0x7f89d149db96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310 #8 0x41b909 in _start (/home/pwd/fuzz/opencv/opencv-4.1.0/mytests/hog+0x41b909) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: FPE /home/pwd/fuzz/opencv/opencv-4.1.0/modules/objdetect/src/hog.cpp:93:25 in cv::HOGDescriptor::getDescriptorSize() const ==76303==ABORTING
./hog timg.jpeg getDescriptorSize__FPE
hog-vuln.tar.gz
The text was updated successfully, but these errors were encountered:
This was assigned CVE-2019-15939.
Sorry, something went wrong.
compat-opencv-soname34: Fix for CVE-2019-15939
adaeebb
opencv/opencv#15287 opencv/opencv@5a49707 CVEs fixed in this build: CVE-2019-15939
opencv: Fix CVE-2019-15939
d8e8d94
Fixes a floating point exception opencv/opencv#15287 Upstream-Status: Backport [opencv/opencv@c05595e] CVE: CVE-2019-15939 Signed-off-by: Gregory Vimont <gregory.vimont@softbankrobotics.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
8756c6b
f96aef3
No branches or pull requests
System information (version)
Detailed description
An issue was discovered in opencv 4.1.0. There is a FPE in cv::HOGDescriptor::getDescriptorSize.
DEBUG
ASAN report
AddressSanitizer:DEADLYSIGNAL ================================================================= ==76303==ERROR: AddressSanitizer: FPE on unknown address 0x7f89dc67e495 (pc 0x7f89dc67e495 bp 0x7ffeedf44e90 sp 0x7ffeedf44d20 T0) #0 0x7f89dc67e494 in cv::HOGDescriptor::getDescriptorSize() const /home/pwd/fuzz/opencv/opencv-4.1.0/modules/objdetect/src/hog.cpp:93:25 #1 0x7f89dc67f994 in cv::HOGDescriptor::checkDetectorSize() const /home/pwd/fuzz/opencv/opencv-4.1.0/modules/objdetect/src/hog.cpp:106:64 #2 0x7f89dc67f994 in cv::HOGDescriptor::setSVMDetector(cv::_InputArray const&) /home/pwd/fuzz/opencv/opencv-4.1.0/modules/objdetect/src/hog.cpp:115 #3 0x7f89dc683045 in cv::HOGDescriptor::read(cv::FileNode&) /home/pwd/fuzz/opencv/opencv-4.1.0/modules/objdetect/src/hog.cpp:168:9 #4 0x7f89dc689eb2 in cv::HOGDescriptor::load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/pwd/fuzz/opencv/opencv-4.1.0/modules/objdetect/src/hog.cpp:200:12 #5 0x518fb0 in cv::HOGDescriptor::HOGDescriptor(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/pwd/fuzz/opencv/opencv-4.1.0/installed-asan/include/opencv4/opencv2/objdetect.hpp:421:9 #6 0x518fb0 in main /home/pwd/fuzz/opencv/opencv-4.1.0/mytests/hog.cc:17 #7 0x7f89d149db96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310 #8 0x41b909 in _start (/home/pwd/fuzz/opencv/opencv-4.1.0/mytests/hog+0x41b909) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: FPE /home/pwd/fuzz/opencv/opencv-4.1.0/modules/objdetect/src/hog.cpp:93:25 in cv::HOGDescriptor::getDescriptorSize() const ==76303==ABORTINGSteps to reproduce
hog-vuln.tar.gz
The text was updated successfully, but these errors were encountered: