Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Assertions thrown #939

Closed
rwhitworth opened this issue May 24, 2017 · 2 comments
Closed

Assertions thrown #939

rwhitworth opened this issue May 24, 2017 · 2 comments
Labels
bug

Comments

@rwhitworth
Copy link

rwhitworth commented May 24, 2017
edited
Loading

Hello, I was using American Fuzzy Lop (afl-fuzz) to fuzz input to the opj_decompress program on Linux. Is fixing the crashes from these input files something you're interested in? The input files can be found here: https://github.com/rwhitworth/openjpeg-fuzz/tree/master/2017-05-23.

The files can be executed as opj_decompress -i id_filename -o /tmp/output.tif to cause assertions to trigger. The version of opj_decompress was from commit 83d7a6d.

The files and output are as follows:
id:000004,sig:06,src:000679,op:arith8,pos:49,val:-17
opj_decompress: /root/openjpeg/src/lib/openjp2/opj_intmath.h:131: OPJ_INT32 opj_int_ceildiv(OPJ_INT32, OPJ_INT32): Assertion 'b' failed.

id:000020,sig:06,src:001958,op:flip4,pos:149
opj_decompress: /root/openjpeg/src/lib/openjp2/j2k.c:4044: OPJ_BOOL opj_j2k_merge_ppt(opj_tcp_t *, opj_event_mgr_t *): Assertion 'p_tcp->ppt_buffer == ((void*)0)' failed.

Let me know if I can provide any more information to help narrow down this issue.
@szukw000
Copy link
Contributor

@rwhitworth ,

See: #882

opj_decompress -i id_000004,sig_06,src_000679,op_arith8,pos_49,val_-17 -o test.png

[INFO] Start to read j2k main header (0).
[ERROR] Invalid precision and/or sgnd values for comp[2]:
[0] prec(18) sgnd(1) [2] prec(5) sgnd(1)
[ERROR] Marker handler function failed to read the marker segment
ERROR -> opj_decompress: failed to read the header

opj_decompress -i id_000019,sig_08,src_001098,op_flip1,pos_49 -o test.png

[INFO] Start to read j2k main header (0).
[ERROR] Invalid precision and/or sgnd values for comp[2]:
[0] prec(18) sgnd(1) [2] prec(5) sgnd(1)
[ERROR] Marker handler function failed to read the marker segment
ERROR -> opj_decompress: failed to read the header

opj_decompress -i id_000020,sig_06,src_001958,op_flip4,pos_149 -o test.png

[INFO] Start to read j2k main header (0).
[ERROR] Invalid precision and/or sgnd values for comp[1]:
[0] prec(2) sgnd(1) [1] prec(18) sgnd(1)
[ERROR] Marker handler function failed to read the marker segment
ERROR -> opj_decompress: failed to read the header

opj_decompress -i id_000026,sig_08,src_002419,op_int32,pos_60,val_+32 -o test.png

[INFO] Start to read j2k main header (0).
[INFO] Main header has been correctly decoded.
[INFO] No decoded area parameters, set the decoded area to the whole image
[INFO] Psot value of the current tile-part is equal to zero, we assuming it is the last tile-part of the codestream.
[INFO] Header of tile 1 / 1 has been read.
[INFO] Tile 1/1 has been decoded.
[INFO] Image data has been updated with tile 1.

/sources/LIB/IMAGE_FORMATS/OPENJPEG/VERSION-2.2/openjpeg2-2017-05-11-1/src/bin/common/color.c:350:color_sycc_to_rgb
CAN NOT CONVERT
imagetopng: All components shall have the same subsampling, same bit depth, same sign.
Aborting
[ERROR] Error generating png file. Outfile test.png not generated

opj_decompress -i id_000034,sig_11,src_003240,op_flip1,pos_22 -o test.png

[INFO] Start to read j2k main header (0).
[ERROR] Invalid precision and/or sgnd values for comp[2]:
[0] prec(18) sgnd(1) [2] prec(5) sgnd(1)
[ERROR] Marker handler function failed to read the marker segment
ERROR -> opj_decompress: failed to read the header

opj_decompress -i id_000098,sig_11,src_005411,op_havoc,rep_2 -o test.png

[INFO] Start to read j2k main header (0).
[ERROR] Invalid precision and/or sgnd values for comp[2]:
[0] prec(18) sgnd(1) [2] prec(5) sgnd(1)
[ERROR] Marker handler function failed to read the marker segment
ERROR -> opj_decompress: failed to read the header

[INFO] Start to read j2k main header (0).
[INFO] Main header has been correctly decoded.
[INFO] No decoded area parameters, set the decoded area to the whole image
ERROR -> opj_decompress: failed to decode image!

@rouault rouault mentioned this issue Jul 26, 2017
Closed
rouault added a commit that referenced this issue Jul 26, 2017
@rouault
Fix assertion / memory leak in opj_j2k_merge_ppt() on corrupted images (
8d2e69e 
#939)

Fixes issue on id:000020,sig:06,src:001958,op:flip4,pos:149 that has two
SOT markers for the same tile with the same tile part number, causing
opj_j2k_merge_ppt() to be called several times.
rouault added a commit that referenced this issue Jul 26, 2017
@rouault
opj_decompress: fix null pointer dereference on comps[].data on id_00…
94cc97c 
…0167,sig_11,src_006079,op_havoc,rep_4 (#939)
@rouault
Copy link
Collaborator

rouault commented Jul 26, 2017

All test cases of https://github.com/rwhitworth/openjpeg-fuzz/tree/master/2017-05-23 are now fixed. Closing

@rouault rouault closed this as completed Jul 26, 2017
@detonin detonin added the bug label Aug 3, 2017
rouault added a commit that referenced this issue Sep 6, 2017
@rouault
Fix 2.2.0 regression when reading codestream with reperated calls to …
297f202 
…opj_get_decoded_tile() where tile parts of a same tile are not consecutive

This check was introduced per #939, but relied on the incorrect assumption
we decode all the tile parts of all tiles.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@detonin @rouault @szukw000 @rwhitworth