Skip to content

segfault / null pointer access in jpc_pi_destroy #30

Closed
@hannob

Description

@hannob

The attached file will crash jasper (can be tested with imginfo) with a null pointer access. It was found with american fuzzy lop.
jasper-nullptr-jpc_pi_destroy.zip

Stack trace from address sanitizer:

==22340==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00000059f33f bp 0x611000009fc8 sp 0x7fffa1dea040 T0)
    #0 0x59f33e in jpc_pi_destroy /f/jasper/src/libjasper/jpc/jpc_t2cod.c:521:10
    #1 0x54f43f in jpc_dec_tilefini /f/jasper/src/libjasper/jpc/jpc_dec.c:999:3
    #2 0x5403bd in jpc_dec_process_eoc /f/jasper/src/libjasper/jpc/jpc_dec.c:1151:3
    #3 0x547fb4 in jpc_dec_decode /f/jasper/src/libjasper/jpc/jpc_dec.c:390:10
    #4 0x547fb4 in jpc_decode /f/jasper/src/libjasper/jpc/jpc_dec.c:254
    #5 0x4f6032 in jas_image_decode /f/jasper/src/libjasper/base/jas_image.c:372:16
    #6 0x4f23cf in main /f/jasper/src/appl/imginfo.c:188:16
    #7 0x7f2ac820478f in __libc_start_main (/lib64/libc.so.6+0x2078f)
    #8 0x4195d8 in _start (/r/jasper/imginfo+0x4195d8)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /f/jasper/src/libjasper/jpc/jpc_t2cod.c:521:10 in jpc_pi_destroy
==22340==ABORTING

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions