Application crashed when imdecode() is called for .jp2 image

[skomazec1]

[alalek]: Solution is to replace jasper (stalled development) to modern OpenJPEG library.

---

Hi,

i am working on application that uses opencv for images.
We have a crash when calling imdecode() function in our code for jpeg2000 images.
(attached example of the image that causes crash)
example1.zip

i have a dump file for this crash, related stack trace is following:

FAULTING_IP:
ContactService!jas_image_chclrspc+2ee
0978353e 8b4018 mov eax,dword ptr [eax+18h]

EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 0978353e (ContactService!jas_image_chclrspc+0x000002ee)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 88000027
Attempt to read from address 88000027

PROCESS_NAME: CiscoJabber.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 00000000
EXCEPTION_PARAMETER2: 88000027
READ_ADDRESS: 88000027
FOLLOWUP_IP:
ContactService!jas_image_chclrspc+2ee
0978353e 8b4018 mov eax,dword ptr [eax+18h]
MOD_LIST:
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
FAULTING_THREAD: 000027fc
BUGCHECK_STR: APPLICATION_FAULT_INVALID_POINTER_READ_FILL_PATTERN_ffffffff
PRIMARY_PROBLEM_CLASS: INVALID_POINTER_READ_FILL_PATTERN_ffffffff
DEFAULT_BUCKET_ID: INVALID_POINTER_READ_FILL_PATTERN_ffffffff
LAST_CONTROL_TRANSFER: from 096cfb68 to 0978353e

STACK_TEXT:
1409f14c 096cfb68 19f381d0 104dd9d0 00000001 ContactService!jas_image_chclrspc+0x2ee
1409f1a8 096c5329 1409f4d4 dd9bc1dc 00000000 ContactService!cv::Jpeg2KDecoder::readData+0xa8
1409f330 096c4d4e 1409f358 00000001 00000002 ContactService!cv::imdecode+0x5a9
1409f3a0 09522026 1409f4d4 1409f45c 00000001 ContactService!cv::imdecode+0x6e
// Application related details
...

SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: contactservice!jas_image_chclrspc+2ee
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: ContactService
IMAGE_NAME: ContactService.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 55c239be
STACK_COMMAND: ~62s; .ecxr ; kb
FAILURE_BUCKET_ID: INVALID_POINTER_READ_FILL_PATTERN_ffffffff_c0000005_ContactService.dll!jas_image_chclrspc
BUCKET_ID: APPLICATION_FAULT_INVALID_POINTER_READ_FILL_PATTERN_ffffffff_contactservice!jas_image_chclrspc+2ee
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/CiscoJabber_exe/11_0_1_19000/55c23a85/ContactService_dll/9_0_0_3829/55c239be/c0000005/0032353e.htm?Retriage=1

Please contact me for more information if needed.

[alalek]

OpenCV uses Jasper library to decode JPEG2000 images, but it fails by assert on this line: https://github.com/Itseez/opencv/blob/81f826db2b3945854a87cf7ceb1b2244103dbed9/3rdparty/libjasper/jas_image.c#L1387

BTW, I can't open this image in GIMP (error message). What library do you use to create this image?

[skomazec1]

Thanks for reply.

Debugging our application indeed points to this assertion.
Q1. Should this happen in release mode? AFAIK, asserts should be dis-included in release mode?
Q2 Even though we are trying to catch any exception when using imdecode() there is no exception raised.
Q3 Can you help me on what should be done from my side so that this gets fixed?

I haven't created this image, this image was sent to us with crash report from our customer.
we reproduced the issue with several other images, but not with all jp2 images. So far we were not able to distinguish bad from good jp2 image. Only difference so far was operating system on which they are created - Mac vs Windows.

[alalek]

1. You are right, assert should gone in the release mode but crash can happen a few lines below where unexpected j value is used.
2. Jasper library is "C", there is no chance to use C++ exceptions.
3. Are you able to open this file by some program? What program/tool/library is used?

I tried OpenCV with system jasper library, but this doesn't help.

dnf info jasper-libs
Installed Packages
Name        : jasper-libs
Arch        : x86_64
Epoch       : 0
Version     : 1.900.1
Release     : 31.fc23
Size        : 337 k

(gdb) bt
#0  0x00007ffff0798a98 in raise () at /lib64/libc.so.6
#1  0x00007ffff079a69a in abort () at /lib64/libc.so.6
#2  0x00007ffff0791227 in __assert_fail_base () at /lib64/libc.so.6
#3  0x00007ffff07912d2 in  () at /lib64/libc.so.6
#4  0x00007ffff6ae9f5f in jas_image_chclrspc () at /lib64/libjasper.so.1
#5  0x00000000005451d4 in cv::Jpeg2KDecoder::readData(cv::Mat&) ()

BTW, There is OpenJPEG library for JPEG2000 images, but OpenCV doesn't support OpenJPEG at this moment. Also there is no guarantee that image can be read by this library.

[skomazec1]

Hi,

I used several tools, programs to open this file - Free File Viewer, Honey View, jpylyzer etc.
(One note, for example Free File Viewer shows this image as Gray, and Honey View as RGB)
We used few other tools to check on the image, but except that "bad" images are created on Mac, we didn't notice anything useful.

The input where we use imdecode() is raw data, any image type can be passed into. As far as I could see, imdecode() inside dynamically chooses decoder and correct - Jpeg2KDecoder is used. Not sure how much we can influence that, from our own code.

[alalek]

Jpeg2KDecoder backend is 3rdparty library called "jasper". And failure is there.
System "Jasper" tools ("jasper-utils-1.900.1-31.fc23.x86_64" package) fail on this image also:

jiv example1.jp2
ICC Profile CS 52474220
jiv: jas_image.c:1394: jas_image_chclrspc: Assertion `j >= 0' failed.
Aborted (core dumped)

I also tried OpenJPEG tools (openjpeg2-tools.x86_64 2.1.0-7.fc23) and they work fine:

opj2_decompress -i example1.jp2 -o test.bmp

[INFO] Start to read j2k main header (691).
[INFO] Main header has been correctly decoded.
[INFO] No decoded area parameters, set the decoded area to the whole image
[INFO] Header of tile 0 / 0 has been read.
[INFO] Tile 1/1 has been decoded.
[INFO] Image data has been updated with tile 1.

[INFO] Stream reached its end !
[INFO] Generated Outfile test.bmp

But OpenCV currently supports only Jasper as JPEG2000 backend.

[skomazec1]

Can you advise me on what would be procedure in this case?
Do I need to report issue to jasper since even this gets fixed on jasper it should be integrated to openCV or no?

Thanks!

[skomazec1]

One additional thing I forgot to ask about assert where it fails:

for (i = 0; i < numinclrchans; ++i) {
j = jas_image_getcmptbytype(inimage, JAS_IMAGE_CT_COLOR(i));
assert(j >= 0); // -- @skomaze this is failing assert --
if (!(incmptfmts[i].buf = malloc(width * sizeof(long))))
goto error;
incmptfmts[i].prec = jas_image_cmptprec(inimage, j);
incmptfmts[i].sgnd = jas_image_cmptsgnd(inimage, j);
incmptfmts[i].width = width;
incmptfmts[i].height = 1;
}

You mentioned that it can fail for the call below the assert - jas_image_cmptprec() is the only such place that uses "j", but our stack trace doesn't point to the function below but to jas_image_chclrspc(), so I am not sure how this can occur in release mode?

[alalek]

We prefer to update 3rdparty libraries from the upstream, with minimal set of "inplace" fixes.
Looks like Jasper is not very active project at this moment (the latest version 1.900 has been released more than 8 years ago). Some security patches are got from the debian project. I tried the latest version of patches from here via "jiv" tool (without success, same message as above)

jas_image_cmptprec is macro here, not a function. Also compiler can inline function calls.

[skomazec1]

Hi,

I found almost the "same" issue reported already:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792226

I followed the suggestion from this bug report and build in the changes in my project. Initial tests seems to do prevent the crash and I think this could be considered as a valid workaround.

But, I don't think this is complete fix since now we will have some working and some non-working .jp2 images. And we still don't know what in this non-working images causing jasper and that way openCV as well to be unable to display this images.

Since jasper is inactive project, what are the chances that OpenCV starts supporting some other JPEG2000 backend instead of jasper and implements this in some newer OpenCV release?
Or any additional suggestions on how should I continue with this opened issue?

Thanks and regards!

[Pandinosaurus]

Could this help as a workaround example before the integration of OpenJPEG as a replacement for Jasper?
https://github.com/Pandinosaurus/OpenJPEGxOpenCV