System information (version)
- OpenCV => 4.1.0
- Operating System / Platform => Ubuntu 18.04 LTS
- Compiler => 7.0.1
Detailed description
An issue was discovered in opencv 4.1.0. There is a FPE in cv::HOGDescriptor::getDescriptorSize.
DEBUG
In file: opencv-4.1.0/modules/objdetect/src/hog.cpp
88 blockSize.height % cellSize.height == 0);
89 CV_Assert((winSize.width - blockSize.width) % blockStride.width == 0 &&
90 (winSize.height - blockSize.height) % blockStride.height == 0 );
91
92 return (size_t)nbins*
► 93 (blockSize.width/cellSize.width)*
94 (blockSize.height/cellSize.height)*
95 ((winSize.width - blockSize.width)/blockStride.width + 1)*
96 ((winSize.height - blockSize.height)/blockStride.height + 1);
97 }
98
pwndbg> p cellSize
$2 = {
width = 0,
height = 0
}
ASAN report
AddressSanitizer:DEADLYSIGNAL
=================================================================
==76303==ERROR: AddressSanitizer: FPE on unknown address 0x7f89dc67e495 (pc 0x7f89dc67e495 bp 0x7ffeedf44e90 sp 0x7ffeedf44d20 T0)
#0 0x7f89dc67e494 in cv::HOGDescriptor::getDescriptorSize() const /home/pwd/fuzz/opencv/opencv-4.1.0/modules/objdetect/src/hog.cpp:93:25
#1 0x7f89dc67f994 in cv::HOGDescriptor::checkDetectorSize() const /home/pwd/fuzz/opencv/opencv-4.1.0/modules/objdetect/src/hog.cpp:106:64
#2 0x7f89dc67f994 in cv::HOGDescriptor::setSVMDetector(cv::_InputArray const&) /home/pwd/fuzz/opencv/opencv-4.1.0/modules/objdetect/src/hog.cpp:115
#3 0x7f89dc683045 in cv::HOGDescriptor::read(cv::FileNode&) /home/pwd/fuzz/opencv/opencv-4.1.0/modules/objdetect/src/hog.cpp:168:9
#4 0x7f89dc689eb2 in cv::HOGDescriptor::load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/pwd/fuzz/opencv/opencv-4.1.0/modules/objdetect/src/hog.cpp:200:12
#5 0x518fb0 in cv::HOGDescriptor::HOGDescriptor(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/pwd/fuzz/opencv/opencv-4.1.0/installed-asan/include/opencv4/opencv2/objdetect.hpp:421:9
#6 0x518fb0 in main /home/pwd/fuzz/opencv/opencv-4.1.0/mytests/hog.cc:17
#7 0x7f89d149db96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
#8 0x41b909 in _start (/home/pwd/fuzz/opencv/opencv-4.1.0/mytests/hog+0x41b909)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE /home/pwd/fuzz/opencv/opencv-4.1.0/modules/objdetect/src/hog.cpp:93:25 in cv::HOGDescriptor::getDescriptorSize() const
==76303==ABORTING
Steps to reproduce
./hog timg.jpeg getDescriptorSize__FPE
hog-vuln.tar.gz
System information (version)
Detailed description
An issue was discovered in opencv 4.1.0. There is a FPE in cv::HOGDescriptor::getDescriptorSize.
DEBUG
ASAN report
AddressSanitizer:DEADLYSIGNAL ================================================================= ==76303==ERROR: AddressSanitizer: FPE on unknown address 0x7f89dc67e495 (pc 0x7f89dc67e495 bp 0x7ffeedf44e90 sp 0x7ffeedf44d20 T0) #0 0x7f89dc67e494 in cv::HOGDescriptor::getDescriptorSize() const /home/pwd/fuzz/opencv/opencv-4.1.0/modules/objdetect/src/hog.cpp:93:25 #1 0x7f89dc67f994 in cv::HOGDescriptor::checkDetectorSize() const /home/pwd/fuzz/opencv/opencv-4.1.0/modules/objdetect/src/hog.cpp:106:64 #2 0x7f89dc67f994 in cv::HOGDescriptor::setSVMDetector(cv::_InputArray const&) /home/pwd/fuzz/opencv/opencv-4.1.0/modules/objdetect/src/hog.cpp:115 #3 0x7f89dc683045 in cv::HOGDescriptor::read(cv::FileNode&) /home/pwd/fuzz/opencv/opencv-4.1.0/modules/objdetect/src/hog.cpp:168:9 #4 0x7f89dc689eb2 in cv::HOGDescriptor::load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/pwd/fuzz/opencv/opencv-4.1.0/modules/objdetect/src/hog.cpp:200:12 #5 0x518fb0 in cv::HOGDescriptor::HOGDescriptor(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/pwd/fuzz/opencv/opencv-4.1.0/installed-asan/include/opencv4/opencv2/objdetect.hpp:421:9 #6 0x518fb0 in main /home/pwd/fuzz/opencv/opencv-4.1.0/mytests/hog.cc:17 #7 0x7f89d149db96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310 #8 0x41b909 in _start (/home/pwd/fuzz/opencv/opencv-4.1.0/mytests/hog+0x41b909) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: FPE /home/pwd/fuzz/opencv/opencv-4.1.0/modules/objdetect/src/hog.cpp:93:25 in cv::HOGDescriptor::getDescriptorSize() const ==76303==ABORTINGSteps to reproduce
hog-vuln.tar.gz