segfault / null pointer access in jpc_pi_destroy #30

Closed
hannob opened this Issue Oct 16, 2016 · 1 comment

Comments

Projects
None yet
2 participants
@hannob

hannob commented Oct 16, 2016

The attached file will crash jasper (can be tested with imginfo) with a null pointer access. It was found with american fuzzy lop.
jasper-nullptr-jpc_pi_destroy.zip

Stack trace from address sanitizer:

==22340==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00000059f33f bp 0x611000009fc8 sp 0x7fffa1dea040 T0)
    #0 0x59f33e in jpc_pi_destroy /f/jasper/src/libjasper/jpc/jpc_t2cod.c:521:10
    #1 0x54f43f in jpc_dec_tilefini /f/jasper/src/libjasper/jpc/jpc_dec.c:999:3
    #2 0x5403bd in jpc_dec_process_eoc /f/jasper/src/libjasper/jpc/jpc_dec.c:1151:3
    #3 0x547fb4 in jpc_dec_decode /f/jasper/src/libjasper/jpc/jpc_dec.c:390:10
    #4 0x547fb4 in jpc_decode /f/jasper/src/libjasper/jpc/jpc_dec.c:254
    #5 0x4f6032 in jas_image_decode /f/jasper/src/libjasper/base/jas_image.c:372:16
    #6 0x4f23cf in main /f/jasper/src/appl/imginfo.c:188:16
    #7 0x7f2ac820478f in __libc_start_main (/lib64/libc.so.6+0x2078f)
    #8 0x4195d8 in _start (/r/jasper/imginfo+0x4195d8)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /f/jasper/src/libjasper/jpc/jpc_t2cod.c:521:10 in jpc_pi_destroy
==22340==ABORTING
@mdadams

This comment has been minimized.

Show comment
Hide comment
@mdadams

mdadams Oct 19, 2016

Owner

This problem is now fixed. The above test file is successfully decoded.
See commit 69a1439.

Owner

mdadams commented Oct 19, 2016

This problem is now fixed. The above test file is successfully decoded.
See commit 69a1439.

@mdadams mdadams closed this Oct 19, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment