Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CVE-2016-10505] Null Pointer Access in function color_esycc_to_rgb of color.c #785

Closed
trylab opened this issue May 25, 2016 · 1 comment
Closed

[CVE-2016-10505] Null Pointer Access in function color_esycc_to_rgb of color.c #785

trylab opened this issue May 25, 2016 · 1 comment
Labels
bug Priority-Critical
Milestone
OPJ v2.1.3

Comments

@trylab
Copy link
Contributor

trylab commented May 25, 2016

Title

Null Pointer Access in function color_esycc_to_rgb of color.c

Testing Environment

Ubuntu + OpenJPEG (GitHub master, 2016/05/25)

Exception Information

==31274== ERROR: AddressSanitizer: SEGV on unknown address 0x00000000 
    (pc 0x08072dd4 sp 0xbfca8780 bp 0xbfca87e8 T0)
AddressSanitizer can not provide additional info.
    #0 0x8072dd3 in color_esycc_to_rgb openjpeg/src/bin/common/color.c:937
    #1 0x80520b2 in main openjpeg/src/bin/jp2/opj_decompress.c:1381
    #2 0xb5e81a82 (/lib/i386-linux-gnu/libc.so.6+0x19a82)
    #3 0x804a150 in _start (openjpeg/bin/opj_decompress+0x804a150)
SUMMARY: AddressSanitizer: SEGV openjpeg/src/bin/common/color.c:937 color_esycc_to_rgb
==31274== ABORTING

PoC

https://raw.githubusercontent.com/trylab/PoCs/master/openjpeg/SIGSEGV_Null-Pointer-Access_color_esycc_to_rgb/color_esycc_to_rgb.j2k

Credit

Ke Liu of Tencent's Xuanwu LAB
@mayeut mayeut mentioned this issue Jul 14, 2016
Closed
@malaterre malaterre added this to the OPJ v2.1.2 milestone Sep 20, 2016
@detonin detonin modified the milestones: OPJ v2.1.2, OPJ v2.1.3 Sep 29, 2016
@rouault
Copy link
Collaborator

rouault commented Aug 9, 2017

No longer reproducible with master

$ bin/opj_decompress -i ../color_esycc_to_rgb.j2k -o out.j2k.pgx

===========================================
The extension of this file is incorrect.
FOUND .j2k. SHOULD BE .jp2

[INFO] Start to read j2k main header (85).
[INFO] Main header has been correctly decoded.
[INFO] No decoded area parameters, set the decoded area to the whole image
[ERROR] Failed to decode tile 1/1
[ERROR] Failed to decode the codestream in the JP2 file
ERROR -> opj_decompress: failed to decode image!

@rouault rouault closed this as completed Aug 9, 2017
@trylab trylab changed the title Null Pointer Access in function color_esycc_to_rgb of color.c [CVE-2016-10505] Null Pointer Access in function color_esycc_to_rgb of color.c Aug 30, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Priority-Critical
Projects
None yet
Milestone
OPJ v2.1.3
Development

No branches or pull requests
5 participants
@malaterre @detonin @rouault @mayeut @trylab