Summary
when jasper parse a heif file may trigger a segment fault.
Details
Step to reproduce:
# Step 1 : build a libheif with asan
# Step 2: build jasper with libheif
CC="gcc -fsanitize=address -g" CXX="g++ -fsanitize=address -g" cmake -DCMAKE_INSTALL_PREFIX=`realpath .` -DALLOW_IN_SOURCE_BUILD=1 -DJAS_ENABLE_LIBHEIF=1 -DCMAKE_LIBRARY_PATH=`realpath ../../libheif/build_asan/lib` -DJAS_ENABLE_MULTITHREADING_SUPPORT=0 ..
make -j
./src/app/jasper --enable-all-formats --input poc --output test.jpg
ASAN report:
=================================================================
==3887617==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7ffff6a7c641 bp 0x7fffffffd8d0 sp 0x7fffffffd8c0 T0)
==3887617==The signal is caused by a READ memory access.
==3887617==Hint: address points to the zero page.
#0 0x7ffff6a7c640 in std::__shared_ptr<HeifContext::Image, (__gnu_cxx::_Lock_policy)2>::get() const /usr/include/c++/7/bits/shared_ptr_base.h:1258
#1 0x7ffff6a7fae9 in std::__shared_ptr_access<HeifContext::Image, (__gnu_cxx::_Lock_policy)2, false, false>::_M_get() const /usr/include/c++/7/bits/shared_ptr_base.h:975
#2 0x7ffff6a7b7d5 in std::__shared_ptr_access<HeifContext::Image, (__gnu_cxx::_Lock_policy)2, false, false>::operator->() const /usr/include/c++/7/bits/shared_ptr_base.h:969
#3 0x7ffff6a64e00 in heif_decode_image /home//supply/put/jasper_heif/libheif/libheif/heif.cc:1029
#4 0x7ffff7196988 in jas_heic_decode /home//supply/put/jasper_heif/jasper/src/libjasper/heic/heic_dec.c:222
#5 0x7ffff710cd5a in jas_image_decode /home//supply/put/jasper_heif/jasper/src/libjasper/base/jas_image.c:445
#6 0x5555555595f3 in main /home//supply/put/jasper_heif/jasper/src/app/jasper.c:320
#7 0x7ffff6f04082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082)
#8 0x55555555844d in _start (/home//supply/put/jasper_heif/jasper/build_asan/src/app/jasper+0x444d)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /usr/include/c++/7/bits/shared_ptr_base.h:1258 in std::__shared_ptr<HeifContext::Image, (__gnu_cxx::_Lock_policy)2>::get() const
==3887617==ABORTINGVersion
jasper : 29154a5
Code Analysis
// src/libjasper/heic/heic_dec.c
heif_context_get_primary_image_handle(ctx, &handle);
may be need a check for this handle.
POC
poc.zip
Summary
when jasper parse a heif file may trigger a segment fault.
Details
Step to reproduce:
ASAN report:
================================================================= ==3887617==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7ffff6a7c641 bp 0x7fffffffd8d0 sp 0x7fffffffd8c0 T0) ==3887617==The signal is caused by a READ memory access. ==3887617==Hint: address points to the zero page. #0 0x7ffff6a7c640 in std::__shared_ptr<HeifContext::Image, (__gnu_cxx::_Lock_policy)2>::get() const /usr/include/c++/7/bits/shared_ptr_base.h:1258 #1 0x7ffff6a7fae9 in std::__shared_ptr_access<HeifContext::Image, (__gnu_cxx::_Lock_policy)2, false, false>::_M_get() const /usr/include/c++/7/bits/shared_ptr_base.h:975 #2 0x7ffff6a7b7d5 in std::__shared_ptr_access<HeifContext::Image, (__gnu_cxx::_Lock_policy)2, false, false>::operator->() const /usr/include/c++/7/bits/shared_ptr_base.h:969 #3 0x7ffff6a64e00 in heif_decode_image /home//supply/put/jasper_heif/libheif/libheif/heif.cc:1029 #4 0x7ffff7196988 in jas_heic_decode /home//supply/put/jasper_heif/jasper/src/libjasper/heic/heic_dec.c:222 #5 0x7ffff710cd5a in jas_image_decode /home//supply/put/jasper_heif/jasper/src/libjasper/base/jas_image.c:445 #6 0x5555555595f3 in main /home//supply/put/jasper_heif/jasper/src/app/jasper.c:320 #7 0x7ffff6f04082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) #8 0x55555555844d in _start (/home//supply/put/jasper_heif/jasper/build_asan/src/app/jasper+0x444d) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /usr/include/c++/7/bits/shared_ptr_base.h:1258 in std::__shared_ptr<HeifContext::Image, (__gnu_cxx::_Lock_policy)2>::get() const ==3887617==ABORTINGVersion
jasper : 29154a5
Code Analysis
may be need a check for this
handle.POC
poc.zip