Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
OPENJPEG null ptr dereference in openjpeg-2.3.0/src/bin/jp2/convert.c:2243 #1152
OPENJPEG null ptr dereference in openjpeg-2.3.0/src/bin/jp2/convert.c:2243
#0 0x0000555555560a5d in imagetopnm (image=0x555555a22660, outfile=0x7fffffffbcac "out.ppm", force_split=0) at /home/pwnjs/Desktop/openjpeg/openjpeg-2.3.0/src/bin/jp2/convert.c:2243
#3 0x00005555555567aa in _start ()
pwndbg> print red
image->comps[compno].data = NULL and it was assigned to red, so the program accesses to red, segment fault occurs.
I have made one change in opj_decompress.c and one in convert.c .
bin/opj_decompress -i 291554_FlipDeter -o 291554_FlipDeter.ppm
are_comps_similar() can not be used.
If you agree, I'll create a PR.
This was referenced
Oct 12, 2018
This issue was assigned CVE-2018-18088.
FTR, how to reproduce: rename the poc "poc.jp2". Then,
Image components might have NULL data pointer by defining a zero component size (in this case, zero component size is achieved by defining large horizontal sampling period dx = 254).
It looks very much like this NULL data pointer is a legit state, not handled at multiple places in the source code (not only in jp2!).
I'll submit a PR addressing these issues.