BufferOverflow BugReport, Fuzzing suggestion

[autofuzzoss]

System information (version)

• OpenCV => commit: 1b07274 (master branch latest commit)
• Operating System / Platform => ubuntu 18.04
• Compiler => clang++ 10.0.1

Detailed description

Steps to reproduce

##### Issue submission checklist

 - [X] I report the issue, it's not a question
   <!--
   OpenCV team works with forum.opencv.org, Stack Overflow and other communities
   to discuss problems. Tickets with questions without a real issue statement will be
   closed.
   -->
 - [ X] I checked the problem with documentation, FAQ, open issues,
       forum.opencv.org, Stack Overflow, etc and have not found any solution
   <!--
   Places to check:
   * OpenCV documentation: https://docs.opencv.org
   * FAQ page: https://github.com/opencv/opencv/wiki/FAQ
   * OpenCV forum: https://forum.opencv.org
   * OpenCV issue tracker: https://github.com/opencv/opencv/issues?q=is%3Aissue
   * Stack Overflow branch: https://stackoverflow.com/questions/tagged/opencv
   -->
 - [X ] I updated to the latest OpenCV version and the issue is still there
   <!--
   master branch for OpenCV 4.x and 3.4 branch for OpenCV 3.x releases.
   OpenCV team supports only the latest release for each branch.
   The ticket is closed if the problem is not reproduced with the modern version.
   -->
 - [X ] There is reproducer code and related data files: videos, images, onnx, etc
   <!--
   The best reproducer -- test case for OpenCV that we can add to the library.
   Recommendations for media files and binary files:
   * Try to reproduce the issue with images and videos in opencv_extra repository
     to reduce attachment size
   * Use PNG for images, if you report some CV related bug, but not image reader
     issue
   * Attach the image as an archive to the ticket, if you report some reader issue.
     Image hosting services compress images and it breaks the repro code.
   * Provide ONNX file for some public model or ONNX file with random weights,
     if you report ONNX parsing or handling issue. Architecture details diagram
     from netron tool can be very useful too. See https://lutzroeder.github.io/netron/
   -->

Reproduce code

#include "opencv2/dnn.hpp"
#include <fstream>

using namespace cv;
using namespace dnn;

std::string Input1
    { 0x0a, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x0a, 0x00,
      (char)0xba, 0x0a, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x0a, 0x00,
      0x0a, (char)0xbd, 0x00, 0x1a, 0x00, 0x0a, 0x00, 0x0a, 0x00, (char)0xba,
      0x0a, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x0a, 0x00,
      0x0a, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x0a, 0x00, (char)0xba, 0x0a, 0x00,
      0x0a, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x0a, 0x00, (char)0xba,
      0x0a, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x0a, 0x00,
      0x0a, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x2a, 0x00, (char)0xba, 0x0a, 0x00,
      0x0a, 0x00, 0x5d, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x0a, 0x40 };
std::string Input1Path = "Input1";

bool saveFile(std::string Path, std::string Content) {
  std::ofstream OFS(Path);
  if (!OFS.is_open())
    return false;

  OFS << Content;
  return true;
}

int main(int argc, char* argv[]) {
  if (!saveFile(Input1Path, Input1)) return 1;

  Net net;
  net = readNetFromTensorflow(Input1Path);
  return 0;
}	

Build steps to opencv

mkdir -p build && cd build
cmake -DBUILD_SHARED_LIBS=OFF -DOPENCV_ENABLE_ALLOCATOR_STATS=OFF -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ -DCMAKE_AR=/bin/llvm-ar -DCMAKE_C_FLAGS="-fsanitize=address,fuzzer-no-link -fno-omit-frame-pointer -g" -DCMAKE_CXX_FLAGS="-fsanitize=address,fuzzer-no-link -fno-omit-frame-pointer -g" -DCMAKE_EXE_LINKER_FLAGS="-fsanitize=address,fuzzer-no-link -fno-omit-frame-pointer -g" -DCMAKE_SHARED_LINKER_FLAGS="-fsanitize=address,fuzzer-no-link -fno-omit-frame-pointer -g" ..
make -j16

Reason

tf_graph_simplifier.cpp : sortByExecutionOrder(tensorflow::GraphDef& net)

void sortByExecutionOrder(tensorflow::GraphDef& net)
{
...
std::map<std::string, int> nodesMap;
...
987~991
    for (int i = 0; i < net.node_size(); ++i)
    {
        const tensorflow::NodeDef& node = net.node(i);
        nodesMap.insert(std::make_pair(node.name(), i)); //nodesMap size and net.node_size() can be different if there is duplicated node.name() in net instance.
    }
...
995
std::vector<int> numRefsToAdd(nodesMap.size(), 0); //numRefsToAdd size is depends on nodesMap.size().
...
997
for (int i = 0; i < net.node_size(); ++i) //loop from 0 to net.node_size().
...
1026
                numRefsToAdd[i] = numInputsInGraph; // numRegsToAdd is accessed with index i that depends on net.node_size(). However, numRefsToAdd's size is depends on nodesMap size that can be smaller than net.node_size(), finally heap overflow happened.
...

Address Sanitizer Report

==11303==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000002578 at pc 0x000000762ffc bp 0x7fff554bd0f0 sp 0x7fff554bd0e8
WRITE of size 4 at 0x602000002578 thread T0
    #0 0x762ffb in cv::dnn::dnn4_v20211220::sortByExecutionOrder(opencv_tensorflow::GraphDef&) /root/fuzz-test-generation/exp/opencv/modules/dnn/src/tensorflow/tf_graph_simplifier.cpp:1026:33
    #1 0x5f0fe9 in cv::dnn::dnn4_v20211220::(anonymous namespace)::TFImporter::populateNet() /root/fuzz-test-generation/exp/opencv/modules/dnn/src/tensorflow/tf_importer.cpp:3018:9
    #2 0x5e6743 in cv::dnn::dnn4_v20211220::(anonymous namespace)::TFImporter::TFImporter(cv::dnn::dnn4_v20211220::Net&, char const*, char const*) /root/fuzz-test-generation/exp/opencv/modules/dnn/src/tensorflow/tf_importer.cpp:2709:5
    #3 0x5e6743 in cv::dnn::dnn4_v20211220::Net cv::dnn::dnn4_v20211220::detail::readNet<cv::dnn::dnn4_v20211220::(anonymous namespace)::TFImporter, char const*, char const*>(char const*&&, char const*&&) /root/fuzz-test-generation/exp/opencv/modules/dnn/src/tensorflow/../dnn_common.hpp:75:14
    #4 0x5e2b33 in cv::dnn::dnn4_v20211220::Net cv::dnn::dnn4_v20211220::detail::readNetDiagnostic<cv::dnn::dnn4_v20211220::(anonymous namespace)::TFImporter, char const*, char const*>(char const*&&, char const*&&) /root/fuzz-test-generation/exp/opencv/modules/dnn/src/tensorflow/../dnn_common.hpp:82:25
    #5 0x5e2b33 in cv::dnn::dnn4_v20211220::readNetFromTensorflow(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /root/fuzz-test-generation/exp/opencv/modules/dnn/src/tensorflow/tf_importer.cpp:3219:12
    #6 0x4d90ce in main (/root/fuzz-test-generation/exp/opencv/fuzzer/imread/crash_3/crash+0x4d90ce)
    #7 0x7fafffa17c86 in __libc_start_main /build/glibc-uZu3wS/glibc-2.27/csu/../csu/libc-start.c:310
    #8 0x42e459 in _start (/root/fuzz-test-generation/exp/opencv/fuzzer/imread/crash_3/crash+0x42e459)

0x602000002578 is located 4 bytes to the right of 4-byte region [0x602000002570,0x602000002574)
freed by thread T0 here:
    #0 0x4d6b6d in operator delete(void*) (/root/fuzz-test-generation/exp/opencv/fuzzer/imread/crash_3/crash+0x4d6b6d)
    #1 0x7611f5 in __gnu_cxx::new_allocator<int>::deallocate(int*, unsigned long) /usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/ext/new_allocator.h:125:2
    #2 0x7611f5 in std::allocator_traits<std::allocator<int> >::deallocate(std::allocator<int>&, int*, unsigned long) /usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/alloc_traits.h:462:13
    #3 0x7611f5 in std::_Vector_base<int, std::allocator<int> >::_M_deallocate(int*, unsigned long) /usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/stl_vector.h:180:4
    #4 0x7611f5 in void std::vector<int, std::allocator<int> >::_M_realloc_insert<int const&>(__gnu_cxx::__normal_iterator<int*, std::vector<int, std::allocator<int> > >, int const&) /usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/vector.tcc:448:7
    #5 0x7611f5 in std::vector<int, std::allocator<int> >::push_back(int const&) /usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/stl_vector.h:948:4
    #6 0x7611f5 in cv::dnn::dnn4_v20211220::sortByExecutionOrder(opencv_tensorflow::GraphDef&) /root/fuzz-test-generation/exp/opencv/modules/dnn/src/tensorflow/tf_graph_simplifier.cpp:1015:24
    #7 0x5f0fe9 in cv::dnn::dnn4_v20211220::(anonymous namespace)::TFImporter::populateNet() /root/fuzz-test-generation/exp/opencv/modules/dnn/src/tensorflow/tf_importer.cpp:3018:9
    #8 0x5e6743 in cv::dnn::dnn4_v20211220::(anonymous namespace)::TFImporter::TFImporter(cv::dnn::dnn4_v20211220::Net&, char const*, char const*) /root/fuzz-test-generation/exp/opencv/modules/dnn/src/tensorflow/tf_importer.cpp:2709:5
    #9 0x5e6743 in cv::dnn::dnn4_v20211220::Net cv::dnn::dnn4_v20211220::detail::readNet<cv::dnn::dnn4_v20211220::(anonymous namespace)::TFImporter, char const*, char const*>(char const*&&, char const*&&) /root/fuzz-test-generation/exp/opencv/modules/dnn/src/tensorflow/../dnn_common.hpp:75:14
    #10 0x5e2b33 in cv::dnn::dnn4_v20211220::Net cv::dnn::dnn4_v20211220::detail::readNetDiagnostic<cv::dnn::dnn4_v20211220::(anonymous namespace)::TFImporter, char const*, char const*>(char const*&&, char const*&&) /root/fuzz-test-generation/exp/opencv/modules/dnn/src/tensorflow/../dnn_common.hpp:82:25
    #11 0x5e2b33 in cv::dnn::dnn4_v20211220::readNetFromTensorflow(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /root/fuzz-test-generation/exp/opencv/modules/dnn/src/tensorflow/tf_importer.cpp:3219:12
    #12 0x4d90ce in main (/root/fuzz-test-generation/exp/opencv/fuzzer/imread/crash_3/crash+0x4d90ce)
    #13 0x7fafffa17c86 in __libc_start_main /build/glibc-uZu3wS/glibc-2.27/csu/../csu/libc-start.c:310

previously allocated by thread T0 here:
    #0 0x4d630d in operator new(unsigned long) (/root/fuzz-test-generation/exp/opencv/fuzzer/imread/crash_3/crash+0x4d630d)
    #1 0x76116c in __gnu_cxx::new_allocator<int>::allocate(unsigned long, void const*) /usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/ext/new_allocator.h:111:27
    #2 0x76116c in std::allocator_traits<std::allocator<int> >::allocate(std::allocator<int>&, unsigned long) /usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/alloc_traits.h:436:20
    #3 0x76116c in std::_Vector_base<int, std::allocator<int> >::_M_allocate(unsigned long) /usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/stl_vector.h:172:20
    #4 0x76116c in void std::vector<int, std::allocator<int> >::_M_realloc_insert<int const&>(__gnu_cxx::__normal_iterator<int*, std::vector<int, std::allocator<int> > >, int const&) /usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/vector.tcc:406:33
    #5 0x76116c in std::vector<int, std::allocator<int> >::push_back(int const&) /usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/stl_vector.h:948:4
    #6 0x76116c in cv::dnn::dnn4_v20211220::sortByExecutionOrder(opencv_tensorflow::GraphDef&) /root/fuzz-test-generation/exp/opencv/modules/dnn/src/tensorflow/tf_graph_simplifier.cpp:1015:24
    #7 0x5f0fe9 in cv::dnn::dnn4_v20211220::(anonymous namespace)::TFImporter::populateNet() /root/fuzz-test-generation/exp/opencv/modules/dnn/src/tensorflow/tf_importer.cpp:3018:9
    #8 0x5e6743 in cv::dnn::dnn4_v20211220::(anonymous namespace)::TFImporter::TFImporter(cv::dnn::dnn4_v20211220::Net&, char const*, char const*) /root/fuzz-test-generation/exp/opencv/modules/dnn/src/tensorflow/tf_importer.cpp:2709:5
    #9 0x5e6743 in cv::dnn::dnn4_v20211220::Net cv::dnn::dnn4_v20211220::detail::readNet<cv::dnn::dnn4_v20211220::(anonymous namespace)::TFImporter, char const*, char const*>(char const*&&, char const*&&) /root/fuzz-test-generation/exp/opencv/modules/dnn/src/tensorflow/../dnn_common.hpp:75:14
    #10 0x5e2b33 in cv::dnn::dnn4_v20211220::Net cv::dnn::dnn4_v20211220::detail::readNetDiagnostic<cv::dnn::dnn4_v20211220::(anonymous namespace)::TFImporter, char const*, char const*>(char const*&&, char const*&&) /root/fuzz-test-generation/exp/opencv/modules/dnn/src/tensorflow/../dnn_common.hpp:82:25
    #11 0x5e2b33 in cv::dnn::dnn4_v20211220::readNetFromTensorflow(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /root/fuzz-test-generation/exp/opencv/modules/dnn/src/tensorflow/tf_importer.cpp:3219:12
    #12 0x4d90ce in main (/root/fuzz-test-generation/exp/opencv/fuzzer/imread/crash_3/crash+0x4d90ce)
    #13 0x7fafffa17c86 in __libc_start_main /build/glibc-uZu3wS/glibc-2.27/csu/../csu/libc-start.c:310

SUMMARY: AddressSanitizer: heap-buffer-overflow /root/fuzz-test-generation/exp/opencv/modules/dnn/src/tensorflow/tf_graph_simplifier.cpp:1026:33 in cv::dnn::dnn4_v20211220::sortByExecutionOrder(opencv_tensorflow::GraphDef&)
Shadow bytes around the buggy address:
  0x0c047fff8450: fa fa fd fa fa fa fd fd fa fa fd fd fa fa fd fa
  0x0c047fff8460: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
  0x0c047fff8470: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
  0x0c047fff8480: fa fa fd fa fa fa fd fd fa fa fd fd fa fa fd fa
  0x0c047fff8490: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fd
=>0x0c047fff84a0: fa fa fd fd fa fa fd fd fa fa 04 fa fa fa fd[fa]
  0x0c047fff84b0: fa fa fd fa fa fa fd fd fa fa 04 fa fa fa fa fa
  0x0c047fff84c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff84d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff84e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff84f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==11303==ABORTING

Effect

This bug may cause security vulnerability by reading invalid memory address.

Recommendations

2 suggestions for opencv security improvements.
[1] Request CVE number for this bug to inform opencv users to prevent potential security vulnerabilities.
[2] Register below fuzzer code to ossfuzz (https://github.com/google/oss-fuzz) for continuous fuzzing.
(This fuzzer already found fixes #21852, and found this bug again.)
ossfuzz already has fuzzers for opencv thus only commit below fuzzer code and build script to ossfuzz is enough I think.
(https://github.com/google/oss-fuzz/tree/master/projects/opencv)
Note that, the git repo of UTopia project(https://github.com/Samsung/UTopia) is currently empty and will be updated until the end of May.

FuzzerCode:

/*
 * This fuzzer is generated by UTopia project based on TEST(Test_Tensorflow, read_inception).
 * (UTopia Project: https://github.com/Samsung/UTopia)
 */
#include <opencv2/dnn/dnn.hpp>
#include <opencv2/imgcodecs.hpp>
#include <opencv2/imgproc.hpp>
#include <Fuzzer/FuzzedDataProvider.h>
#include <fstream>

using namespace cv;
using namespace dnn;

bool saveFile(std::string Path, std::string Content) {
  std::ofstream OFS(Path);
  if (!OFS.is_open())
    return false;

  OFS << Content;
  return true;
}

static inline void fuzz(FuzzedDataProvider &Provider) {
  auto Input1 = Provider.ConsumeRandomLengthString();
  std::string Input1Path = "input1";
  if (!saveFile(Input1Path, Input1)) return;
  int Input2 = Provider.ConsumeIntegral<int>();
  auto Input3 = Provider.ConsumeRandomLengthString();
  std::string Input3Path = "input3";
  if (!saveFile(Input3Path, Input3)) return;
  int Input4 = Provider.ConsumeIntegralInRange<int>(0, 256);
  int Input5 = Provider.ConsumeIntegralInRange<int>(0, 256);
  int Input6 = Provider.ConsumeIntegralInRange<int>(0, 256);
  auto Input7 = Provider.ConsumeRandomLengthString();
  auto Input8 = Provider.ConsumeRandomLengthString();

  Net net;
  net = readNetFromTensorflow(Input1Path);
  if (net.empty())
    return;
  net.setPreferableBackend(Input2);

  Mat sample = imread(Input3Path);
  if (sample.empty())
    return;

  Mat input;
  resize(sample, input, Size(Input4, Input5));
  input -= Scalar::all(Input6);

  Mat inputBlob = blobFromImage(input);

  net.setInput(inputBlob, Input7);
  Mat out = net.forward(Input8);
}

extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  FuzzedDataProvider Provider(data, size);
  try {
    fuzz(Provider);
  } catch (std::exception &E) {}
  return 0;
}

[rogday]

@autofuzzoss, are you sure this is the right reproducer? This input triggers an assert earlier as per my testing:

CV_Assert(nodeToAdd < edges.size());

[autofuzzoss]

@rogday
Yes, I checked that reproducer works.

I found that CV_Assert(nodeToAdd < edges.size()) is at tf_Graph_simplifier.cpp:1038, and program crashed at line 1026, so CV_assert will not protect this bug, I think.

I'll try to find any other reproduce code for this bug.

[autofuzzoss]

@rogday
I think you may not compile reproducer with -fsanitize=address (libopencv_dnn library also should be built with that flag.)
When I use reproduce code without that flag, i got same status.

what(): OpenCV(4.5.5-dev) opencv/modules/dnn/src/tensorflow/tf_graph_simplifier.cpp:1038: error: (-215:Assertion failed) nodeToAdd < edges.size() in function 'sortByExecutionOrder'

Aborted (core dumped)

[autofuzzoss]

And.. how do you think about the second recommendation (fuzzer for ossfuzz)?

[alalek]

Extending oss-fuzz scenarios is not a high priority task now.
However you could prepare oss-fuzz PR for opencv project with new fuzzer.
Please note, that testing scenarios should not emit massive timeout or out-of-memory cases.

[autofuzzoss]

Thank, I'll try to prepare oss-fuzz PR with new fuzzer considering your concern.
(Suggested fuzzer code will not emit those cases.)