Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

null-pointer-dereference in function cv::XMLParser::parse #15127

Closed
YourButterfly opened this issue Jul 23, 2019 · 0 comments · Fixed by #15145
Closed

null-pointer-dereference in function cv::XMLParser::parse #15127

YourButterfly opened this issue Jul 23, 2019 · 0 comments · Fixed by #15145

Comments

@YourButterfly
Copy link

System information (version)
  • OpenCV => 4.1.0
  • Operating System / Platform => Ubuntu 18.04 LTS
  • Compiler => clang-7
Detailed description

description

An issue was discovered in opencv 4.1.0, There is a null-pointer-dereference in function cv::XMLParser::parse at persistence_xml.cpp:795-17.

source

 791         while( ptr && *ptr != '\0' )
 792         {
 793             ptr = skipSpaces( ptr, 0 );
 794 
> 795             if( *p \*bug=>*\ tr != '\0' )
 796             {
 797                 ptr = parseTag( ptr, key, type_name, tag_type );
 798                 if( tag_type != CV_XML_OPENING_TAG || key != "opencv_storage" )
 799                     CV_PARSE_ERROR_CPP( "<opencv_storage> tag is missing" );
 800                 FileNode root = fs->addNode(root_collection, std::string(), FileNode::MAP, 0);

bug report

AddressSanitizer:DEADLYSIGNAL
=================================================================
==8688==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fe7b7de5554 bp 0x7ffc4b0ef9b0 sp 0x7ffc4b0ef500 T0)
==8688==The signal is caused by a READ memory access.
==8688==Hint: address points to the zero page.
    #0 0x7fe7b7de5553 in cv::XMLParser::parse(char*) /src/opencv/modules/core/src/persistence_xml.cpp:795:17
    #1 0x7fe7b767cf11 in cv::FileStorage::Impl::open(char const*, int, char const*) /src/opencv/modules/core/src/persistence.cpp:765:34
    #2 0x7fe7b76740ef in cv::FileStorage::FileStorage(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /src/opencv/modules/core/src/persistence.cpp:1775:18
    #3 0x7fe7c1bafe0d in cv::CascadeClassifierImpl::load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /src/opencv/modules/objdetect/src/cascadedetect.cpp:911:17
    #4 0x7fe7c1bd606e in cv::CascadeClassifier::load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /src/opencv/modules/objdetect/src/cascadedetect.cpp:1596:13
    #5 0x51d296 in main /work/funcs/classifier.cc:24:29
    #6 0x7fe7b616582f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #7 0x41bcc8 in _start (/src/aflbuild/installed/bin/classifier+0x41bcc8)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /src/opencv/modules/core/src/persistence_xml.cpp:795:17 in cv::XMLParser::parse(char*)
==8688==ABORTING

others

from fuzz project pwd-opencv-classifier-00
crash name pwd-opencv-classifier-00-00000208-20190627.xml
Auto-generated by pyspider at 2019-06-27 21:14:17

please send email to  teamseri0us360@gmail.com if you have any questions.
Steps to reproduce

commandline

classifier /work/funcs/appname.bmp @@

poc3.tar.gz

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

Successfully merging a pull request may close this issue.

3 participants