An infinite loop in function cv::dnn::readNetFromTensorflow()

[ConfZ]

System Information

OpenCV version: 4.6.0
Operating System / Platform: Ubuntu 22.04
Compiler & compiler version: gcc-11.3.0

Detailed description

We find an infinite loop when calling the function "cv::dnn::readNetFromTensorflow(input_file)". When the function read our input_file, it hangs and cannot terminate. We found that it stuck in a loop (located in cv::dnn::dnn4_v20220524::RemoveIdentityOps line 833-840 ). The vulnerable code is listed as follows:

                while (true)
                {
                    IdentityOpsMap::iterator nextIt = identity_ops.find(it->second);
                    if (nextIt != identity_ops.end())
                        it = nextIt;
                    else
                        break;
                }

By our debug, the iterator "nextIt" displayed as "nextIt = {first = "", second = ""}" as the loop execution, namely "first = second" in the map iterator. Once the map identity_ops.find(it->second) executed, "nextIt" will cyclically assigned by "", by which the loop cannot terminate.

Steps to reproduce

To reproduce the bug, only need to call the function readNetFromTensorflow(repo) by our reproduce file . The reproduce file repro. We triggered the bug by the following simple code:

#include <opencv2/dnn/dnn.hpp>

using namespace cv;
using namespace dnn;

int main(int argc, char* argv[]){
  try {
    readNetFromTensorflow((const char*)argv[1]);
  } catch (std::exception &e) {}
return 1;
}

Issue submission checklist

• I report the issue, it's not a question
• I checked the problem with documentation, FAQ, open issues, forum.opencv.org, Stack Overflow, etc and have not found any solution
• I updated to the latest OpenCV version and the issue is still there
• There is reproducer code and related data files (videos, images, onnx, etc)

[asmorkalov]

@ConfZ Could you add tf file that raises the issue? It could contain random weights, if you do not want to share ip. The file in archive is not recognized by netron as valid tensorflow model.

[ConfZ]

@ConfZ Could you add tf file that raises the issue? It could contain random weights, if you do not want to share ip. The file in archive is not recognized by netron as valid tensorflow model.

It can be reproduced by the file reproduce_file. What we need to do is just call the function "readNetFromTensorflow()" to read the reproduce_file. The bug can be triggered stably every time we run this function, so that it may be not due to a random value.

[zihaomu]

Hi, @ConfZ. What is the suffix of the file at reproduce_file.zip? I can not open this file with .pb suffix by Netron.

[ConfZ]

Hi @zihaomu , we found it by a fuzzing tool , so that this file may not be opened by Netron. But this infinite loop obviously exists in this code:

while (true)
       {
           IdentityOpsMap::iterator nextIt = identity_ops.find(it->second);
           if (nextIt != identity_ops.end())
                 it = nextIt;
             else
                   break;
         }

This infinite loop can be triggered once nextIt->second = nextIt->first. In that case, the finding function identity_ops.find() always return nextIt->first and keep doing infinitely.
Therefore, we suspected it is a bug and reported this issue.

[ConfZ]

Hi @alalek @zihaomu @asmorkalov , are you willing to help us to request a CVE ID through GitHub Security Advisories for this bug, which can cause Denial of Service. You can follow this tutorial to manage your bug fixing and alert any downstream dependencies of the issue so they can patch immediately if using the broken release. Thanks for your help!