null-pointer-dereference in function cv::XMLParser::parse #15127
Description
System information (version)
- OpenCV => 4.1.0
- Operating System / Platform => Ubuntu 18.04 LTS
- Compiler => clang-7
Detailed description
description
An issue was discovered in opencv 4.1.0, There is a null-pointer-dereference in function cv::XMLParser::parse at persistence_xml.cpp:795-17.
source
791 while( ptr && *ptr != '\0' )
792 {
793 ptr = skipSpaces( ptr, 0 );
794
> 795 if( *p \*bug=>*\ tr != '\0' )
796 {
797 ptr = parseTag( ptr, key, type_name, tag_type );
798 if( tag_type != CV_XML_OPENING_TAG || key != "opencv_storage" )
799 CV_PARSE_ERROR_CPP( "<opencv_storage> tag is missing" );
800 FileNode root = fs->addNode(root_collection, std::string(), FileNode::MAP, 0);bug report
AddressSanitizer:DEADLYSIGNAL
=================================================================
==8688==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fe7b7de5554 bp 0x7ffc4b0ef9b0 sp 0x7ffc4b0ef500 T0)
==8688==The signal is caused by a READ memory access.
==8688==Hint: address points to the zero page.
#0 0x7fe7b7de5553 in cv::XMLParser::parse(char*) /src/opencv/modules/core/src/persistence_xml.cpp:795:17
#1 0x7fe7b767cf11 in cv::FileStorage::Impl::open(char const*, int, char const*) /src/opencv/modules/core/src/persistence.cpp:765:34
#2 0x7fe7b76740ef in cv::FileStorage::FileStorage(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /src/opencv/modules/core/src/persistence.cpp:1775:18
#3 0x7fe7c1bafe0d in cv::CascadeClassifierImpl::load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /src/opencv/modules/objdetect/src/cascadedetect.cpp:911:17
#4 0x7fe7c1bd606e in cv::CascadeClassifier::load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /src/opencv/modules/objdetect/src/cascadedetect.cpp:1596:13
#5 0x51d296 in main /work/funcs/classifier.cc:24:29
#6 0x7fe7b616582f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#7 0x41bcc8 in _start (/src/aflbuild/installed/bin/classifier+0x41bcc8)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /src/opencv/modules/core/src/persistence_xml.cpp:795:17 in cv::XMLParser::parse(char*)
==8688==ABORTING
others
from fuzz project pwd-opencv-classifier-00
crash name pwd-opencv-classifier-00-00000208-20190627.xml
Auto-generated by pyspider at 2019-06-27 21:14:17
please send email to teamseri0us360@gmail.com if you have any questions.
Steps to reproduce
commandline
classifier /work/funcs/appname.bmp @@