warning: component data type mismatch
=================================================================
==6293==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60900000c247 at pc 0x0000005ce1a3 bp 0x7fff71a94400 sp 0x7fff71a943f8
WRITE of size 1 at 0x60900000c247 thread T0
#0 0x5ce1a2 in cv::Jpeg2KDecoder::readComponent8u(unsigned char*, void*, int, int, int, int, int) /home/opencv/fuzz/target/opencv-3.3.1/modules/imgcodecs/src/grfmt_jpeg2000.cpp:343:38
#1 0x5cb417 in cv::Jpeg2KDecoder::readData(cv::Mat&) /home/opencv/fuzz/target/opencv-3.3.1/modules/imgcodecs/src/grfmt_jpeg2000.cpp:255:42
#2 0x51d2c1 in cv::imread_(cv::String const&, int, int, cv::Mat*) /home/opencv/fuzz/target/opencv-3.3.1/modules/imgcodecs/src/loadsave.cpp:487:13
#3 0x51a78c in cv::imread(cv::String const&, int) /home/opencv/fuzz/target/opencv-3.3.1/modules/imgcodecs/src/loadsave.cpp:638:5
#4 0x50cf4f in main /home/opencv/fuzz/target/opencv-3.3.1/samples/cpp/example_cmake/test_png.cpp:46:25
#5 0x7f1e5d14ef44 in __libc_start_main /build/eglibc-SvCtMH/eglibc-2.19/csu/libc-start.c:287
#6 0x42f9f3 in _start (/home/opencv/test/target/12.7asan/opencv_afl-test+0x42f9f3)
0x60900000c247 is located 1 bytes to the right of 6-byte region [0x60900000c240,0x60900000c246)
allocated by thread T0 here:
#0 0x4da835 in __interceptor_posix_memalign (/home/opencv/test/target/12.7asan/opencv_afl-test+0x4da835)
#1 0x9b28c9 in cv::fastMalloc(unsigned long) /home/opencv/fuzz/target/opencv-3.3.1/modules/core/src/alloc.cpp:64:8
#2 0xb8b0ca in cv::StdMatAllocator::allocate(int, int const*, int, void*, unsigned long*, int, cv::UMatUsageFlags) const /home/opencv/fuzz/target/opencv-3.3.1/modules/core/src/matrix.cpp:191:55
#3 0xa924da in cv::Mat::create(int, int const*, int) /home/opencv/fuzz/target/opencv-3.3.1/modules/core/src/matrix.cpp:429:17
#4 0x553b39 in cv::Mat::create(int, int, int) /home/opencv/fuzz/target/opencv-3.3.1/modules/core/include/opencv2/core/mat.inl.hpp:784:5
#5 0x5c92e0 in cv::Jpeg2KDecoder::readData(cv::Mat&) /home/opencv/fuzz/target/opencv-3.3.1/modules/imgcodecs/src/grfmt_jpeg2000.cpp:171:9
#6 0x51d2c1 in cv::imread_(cv::String const&, int, int, cv::Mat*) /home/opencv/fuzz/target/opencv-3.3.1/modules/imgcodecs/src/loadsave.cpp:487:13
#7 0x51a78c in cv::imread(cv::String const&, int) /home/opencv/fuzz/target/opencv-3.3.1/modules/imgcodecs/src/loadsave.cpp:638:5
#8 0x50cf4f in main /home/opencv/fuzz/target/opencv-3.3.1/samples/cpp/example_cmake/test_png.cpp:46:25
#9 0x7f1e5d14ef44 in __libc_start_main /build/eglibc-SvCtMH/eglibc-2.19/csu/libc-start.c:287
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/opencv/fuzz/target/opencv-3.3.1/modules/imgcodecs/src/grfmt_jpeg2000.cpp:343:38 in cv::Jpeg2KDecoder::readComponent8u(unsigned char*, void*, int, int, int, int, int)
Shadow bytes around the buggy address:
0x0c127fff97f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c127fff9800: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c127fff9810: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c127fff9820: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c127fff9830: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c127fff9840: fa fa fa fa fa fa fa fa[06]fa fa fa fa fa fa fa
0x0c127fff9850: fa fa fa fa fa fa fa fa 01 fa fa fa fa fa fa fa
0x0c127fff9860: fa fa fa fa fa fa fa fa 00 00 04 fa fa fa fa fa
0x0c127fff9870: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c127fff9880: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c127fff9890: fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==6293==ABORTING
System information (version)
Detailed description
A heap-based buffer overflow happens in function
cv::Jpeg2KDecoder::readComponent8uin grfmt_jpeg2000.cpp:343The crash details as follows:
=================================================================
=================================================================
Steps to reproduce
Please refer to the following url for the testcases:
https://github.com/Epeius/NBPOC/tree/master/readComponent8u_heap_overflow
The text was updated successfully, but these errors were encountered: