Fix stack corruption and bus errors while scanning oversized QR codes #87
Conversation
claudiofelber
force-pushed
the
master
branch
from
7a4b0b6
to
963d6ed
Compare
|
The attached image is an example of a false positive. Quirc believes to detect two QR codes: one with version 49 and one with version 46. I have also attached an image of the binarized image. I think with the binarization method used in earlier versions of the library, this image example would not have lead to a problem because it would have been entirely black after the binarization, although the potential to crash would if course have been there. The new Otsu-based thresholding algorithm I contributed last year heavily improved binarization of low-light and unevenly lighted images but at the same time also increased the risk for the error, this pull request addresses, to happen.
|
|
Thanks for this. This was a pretty basic error -- I'm surprised nobody noticed it earlier! |
|
And thanks for the test case, I've added it as a regression test to node-quirc: https://github.com/kAworu/node-quirc/blob/master/test/index.js#L314-L335 |
|
You're both very welcome. Thank you for providing such a great library! |
Quirc sometimes falsely detects very large QR codes (false positives). This happens for example when the camera of a smartphone is facing downwards and is recording an almost black image. When the library is trying to decode such a large QR code it accesses more memory than has previously been allocated (quirc_code→cell_bitmap). This leads to stack corruption and bus errors.
This pull requests addresses the issue by first defining a maximum supported QR code version number and defining QUIRC_MAX_BITMAP based on this maximum version number instead of using a fixed number of bytes. Later in measure_timing_pattern() QR codes exceeding the maximum allowed version number are ignored and the decoding process is aborted. This also shortens the time needed to identify and reject a bad QR code.