Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
There is a heap use-after-free vulnerability in openjpeg/build/bin/libopenjp2.so.7.
Here is the ASAN output:
Here is the command executed to reproduce the issue:
If you would also like the files I have in the Inputs/, let me know and I can find a way to provide them.
Can you reproduce it with latest master ?
yes, if you need one, please file the request
yes, that would be needed to investigate the issue
By the way, after reviewing the source code I believe (though may be wrong) the issue emerges on the fulfillment of these conditions:
This means that opj_image_destroy is called twice on the same image. The use-after-free is more specifically a read-after-free and occurs when opj_image_destroy tries to read from the image after it has been freed: if (image->comps)
On the first iteration of:
The image is destroyed as per:
Then because there is a file in the Input/ directory, whose header cannot be read, a second call to opj_image_destroy occurs on the second iteration of the for loop at image.c:1395
Note that there is a second iteration because that's how many files there are in the Input/ directory.