Logical defect in FilterSpecklesImpl

[CanCanZeng]

System Information

OpenCV version: 4.8.0
Operating System / Platform: Ubuntu 20.04
Compiler & compiler version: GCC 9.3.0

Detailed description

the source code is here:

opencv/modules/calib3d/src/stereosgbm.cpp

Line 2343 in 250cfe8

void filterSpecklesImpl(cv::Mat& img, int newVal, int maxSpeckleSize, int maxDiff, cv::Mat& _buf)

The initial value of curlabel is 0, but when it is used first time, it has been incresed to 1. So the actual start value of curlabel will be 1.

opencv/modules/calib3d/src/stereosgbm.cpp

Line 2359 in 250cfe8

int curlabel = 0;

opencv/modules/calib3d/src/stereosgbm.cpp

Line 2383 in 250cfe8

curlabel++; // next label

So if the maxDiff is not properly set, the max curlabel can be npixels if all pixels are not equal, which will cause memory access out of bounds.

Strangely, if I change the actual start value of curlabel to 0, even I set maxDiff properly, the program crashes faster, and I haven't figured out the reason yet.

Steps to reproduce

no need to reproduce, it can be drawn through theoretical analysis

Issue submission checklist

• I report the issue, it's not a question
• I checked the problem with documentation, FAQ, open issues, forum.opencv.org, Stack Overflow, etc and have not found any solution
• I updated to the latest OpenCV version and the issue is still there
• There is reproducer code and related data files (videos, images, onnx, etc)