Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
division-by-zero (SIGFPE) error in opj_tcd_init_tile function (line 730 of tcd.c) #733
Ubuntu + OpenJPEG (GitHub master, 2016/03/28)
username@ubuntu:~/Desktop/openjpeg/bin$ gdb opj_decompress -q
[INFO] Start to read j2k main header (131).
Program received signal SIGFPE, Arithmetic exception.
(gdb) p l_data_size
#1 0xb7fc571b in opj_tcd_init_decode_tile (p_tcd=0x8062850, p_tile_no=0,
#2 0xb7fa80be in opj_j2k_read_tile_header (p_j2k=0x8060298, p_tile_index=0xbfff9e84,
#3 0xb7fac298 in opj_j2k_decode_tiles (p_j2k=0x8060298, p_stream=0x8060170,
#4 0xb7fa661e in opj_j2k_exec (p_j2k=0x8060298, p_procedure_list=0x8062420,
#5 0xb7facaf9 in opj_j2k_decode (p_j2k=0x8060298, p_stream=0x8060170,
#6 0xb7fb1aad in opj_jp2_decode (jp2=0x8060210, p_stream=0x8060170,
#7 0xb7fb6c79 in opj_decode (p_codec=0x80601b8, p_stream=0x8060170, p_image=0x8062890)
#8 0x0804c2c0 in main (argc=5, argv=0xbffff124)
The value of l_data_size is zero.
Please decode the following content with base64 algorithm.
This vulnerability was discovered by Ke Liu of Tencent's Xuanwu LAB.
referenced this issue
May 5, 2016
@stweil, I saw what you did in your PR. I'd rather merge only one change. Now, regarding this specific check, it'll stop processing with "allocation failed" (malloc(0) = NULL). I don't know if Zero size tile data is legal or not (e.g. border tile with subsample components might lead to zero size tile => is that legal ?). Maybe @detonin can shed some light on this. If it's legal, I'd stick with what I just merged. If it's not legal, then your approach would be better.