Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exist a issues of freeing uninitialized pointer in src/bin/jp2/opj_decompress.c,that will cause a segfault #1368

Closed
xiaoxiaoafeifei opened this issue Jul 13, 2021 · 1 comment · Fixed by #1369
Closed

Exist a issues of freeing uninitialized pointer in src/bin/jp2/opj_decompress.c,that will cause a segfault #1368

xiaoxiaoafeifei opened this issue Jul 13, 2021 · 1 comment · Fixed by #1369

Comments

@xiaoxiaoafeifei
Copy link
Contributor

xiaoxiaoafeifei commented Jul 13, 2021
edited

Hi,
I found a segmentation fault in current master, and I also reproduced it on latest released version 2.5.0.

Crash Summary:
A issues of freeing uninitialized pointer exist in src/bin/jp2/opj_decompress.c:1795 in main, it can lead to a segmentation fault via the POC provided below

Crash Analysis:

  1. run command: ./opj_decompress -ImgDir input -OutFor BMP
  2. If there are lots of files in the imgdir directory, that will cause memory malloc failure
    1
  3. Then, since the pointer dirptr->filename is not initialized, free(dirptr->filename) is failed
    2

GDB debugging results:
3

poc.zip
@xiaoxiaoafeifei xiaoxiaoafeifei mentioned this issue Jul 13, 2021
Merged
rouault pushed a commit that referenced this issue Jul 14, 2021
@xiaoxiaoafeifei
Fix segfault in src/bin/jp2/opj_decompress.c due to uninitialized poi…
0afbdcf 
…nter (fixes #1368) (#1369)
DanielHeath pushed a commit to radiopaedia/openjpeg that referenced this issue Sep 21, 2021
@xiaoxiaoafeifei @DanielHeath
Fix segfault in src/bin/jp2/opj_decompress.c due to uninitialized poi…
78401a9 
…nter (fixes uclouvain#1368) (uclouvain#1369)
@xiaoxiaoafeifei
Copy link
Contributor Author

CVE-2022-1122 was assigned for this issue.
https://access.redhat.com/security/cve/CVE-2022-1122
https://bugzilla.redhat.com/show_bug.cgi?id=2067052

kraj pushed a commit to YoeDistro/meta-openembedded that referenced this issue Apr 14, 2022
@eltricos @kraj
openjpeg: fix CVE-2022-1122
10c3059 
CVE: CVE-2022-1122

The defect is undergoing reanalysis and there may be follow-up commits.

Ref:
* uclouvain/openjpeg#1368

Signed-off-by: Nicolas Marguet <nicolas.marguet@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
kraj pushed a commit to YoeDistro/meta-openembedded that referenced this issue Apr 14, 2022
@eltricos @kraj
openjpeg: fix CVE-2022-1122
7a48dca 
CVE: CVE-2022-1122

The defect is undergoing reanalysis and there may be follow-up commits.

Ref:
* uclouvain/openjpeg#1368

Signed-off-by: Nicolas Marguet <nicolas.marguet@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
kraj pushed a commit to YoeDistro/meta-openembedded that referenced this issue Apr 15, 2022
@eltricos @kraj
openjpeg: fix CVE-2022-1122
08d9e91 
CVE: CVE-2022-1122

The defect is undergoing reanalysis and there may be follow-up commits.

Ref:
* uclouvain/openjpeg#1368

Signed-off-by: Nicolas Marguet <nicolas.marguet@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@xiaoxiaoafeifei