Buffer overflow #38
Assignees
Labels
Comments
|
hi! thanks for noting and reporting this bug ... I fixed it with this commit: d9086e9 Could yo confirm that it works now? Thanks, |
|
Yes. Thank you. |
|
great! thanks for checking! Best, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello, my friend.
Thanks for sharing this wonderful package.
I found a little buffer overflow which goes unnoticed on x86_64, but prevents the libs from running at least on ARM32 (Raspberry Pi).
If you run one of the examples with the 'valgrind' memory leak & buffer overflow error detection tool, you will find that "JKQTPImageTools::getDefaultLUTs()" gives a series of invalid writes of 4 bytes each.
Inspecting the code at "lib/jkqtcommon/jkqtpbasicimagetools.cpp", I believe that the lines like:
plut[JKQTPImageTools::LUTSIZE+1]=plut[JKQTPImageTools::LUTSIZE];
are not necessary (the last element is already set on the loop... and the element at JKQTPImageTools::LUTSIZE+1 seems to be out of bounds, since, for what I understood, you allocate an array with that same size).
On Raspberry Pi 1, loading the libraries fail with the message:
malloc(): corrupted top size
Aborted (core dumped)
... indicating that the overflow corrupted the heap. A hard to follow issue without valgrind.
After deleting these lines, everything seems to run as intended both on x86_64 (linux) and Raspberry Pi.
Hope this report helps you to inspect the issue.
The text was updated successfully, but these errors were encountered: