You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I found a little buffer overflow which goes unnoticed on x86_64, but prevents the libs from running at least on ARM32 (Raspberry Pi).
If you run one of the examples with the 'valgrind' memory leak & buffer overflow error detection tool, you will find that "JKQTPImageTools::getDefaultLUTs()" gives a series of invalid writes of 4 bytes each.
Inspecting the code at "lib/jkqtcommon/jkqtpbasicimagetools.cpp", I believe that the lines like:
plut[JKQTPImageTools::LUTSIZE+1]=plut[JKQTPImageTools::LUTSIZE];
are not necessary (the last element is already set on the loop... and the element at JKQTPImageTools::LUTSIZE+1 seems to be out of bounds, since, for what I understood, you allocate an array with that same size).
On Raspberry Pi 1, loading the libraries fail with the message:
malloc(): corrupted top size
Aborted (core dumped)
... indicating that the overflow corrupted the heap. A hard to follow issue without valgrind.
After deleting these lines, everything seems to run as intended both on x86_64 (linux) and Raspberry Pi.
Hope this report helps you to inspect the issue.
The text was updated successfully, but these errors were encountered:
Hello, my friend.
Thanks for sharing this wonderful package.
I found a little buffer overflow which goes unnoticed on x86_64, but prevents the libs from running at least on ARM32 (Raspberry Pi).
If you run one of the examples with the 'valgrind' memory leak & buffer overflow error detection tool, you will find that "JKQTPImageTools::getDefaultLUTs()" gives a series of invalid writes of 4 bytes each.
Inspecting the code at "lib/jkqtcommon/jkqtpbasicimagetools.cpp", I believe that the lines like:
plut[JKQTPImageTools::LUTSIZE+1]=plut[JKQTPImageTools::LUTSIZE];
are not necessary (the last element is already set on the loop... and the element at JKQTPImageTools::LUTSIZE+1 seems to be out of bounds, since, for what I understood, you allocate an array with that same size).
On Raspberry Pi 1, loading the libraries fail with the message:
malloc(): corrupted top size
Aborted (core dumped)
... indicating that the overflow corrupted the heap. A hard to follow issue without valgrind.
After deleting these lines, everything seems to run as intended both on x86_64 (linux) and Raspberry Pi.
Hope this report helps you to inspect the issue.
The text was updated successfully, but these errors were encountered: