Assertions thrown

[rwhitworth]

Hello, I was using American Fuzzy Lop (afl-fuzz) to fuzz input to the opj_decompress program on Linux. Is fixing the crashes from these input files something you're interested in? The input files can be found here: https://github.com/rwhitworth/openjpeg-fuzz/tree/master/2017-05-23.

The files can be executed as opj_decompress -i id_filename -o /tmp/output.tif to cause assertions to trigger. The version of opj_decompress was from commit 83d7a6d.

The files and output are as follows:
id:000004,sig:06,src:000679,op:arith8,pos:49,val:-17
opj_decompress: /root/openjpeg/src/lib/openjp2/opj_intmath.h:131: OPJ_INT32 opj_int_ceildiv(OPJ_INT32, OPJ_INT32): Assertion 'b' failed.

id:000020,sig:06,src:001958,op:flip4,pos:149
opj_decompress: /root/openjpeg/src/lib/openjp2/j2k.c:4044: OPJ_BOOL opj_j2k_merge_ppt(opj_tcp_t *, opj_event_mgr_t *): Assertion 'p_tcp->ppt_buffer == ((void*)0)' failed.

Let me know if I can provide any more information to help narrow down this issue.

[szukw000]

@rwhitworth ,

See: #882

opj_decompress -i id_000004,sig_06,src_000679,op_arith8,pos_49,val_-17 -o test.png

[INFO] Start to read j2k main header (0).
[ERROR] Invalid precision and/or sgnd values for comp[2]:
[0] prec(18) sgnd(1) [2] prec(5) sgnd(1)
[ERROR] Marker handler function failed to read the marker segment
ERROR -> opj_decompress: failed to read the header

opj_decompress -i id_000019,sig_08,src_001098,op_flip1,pos_49 -o test.png

[INFO] Start to read j2k main header (0).
[ERROR] Invalid precision and/or sgnd values for comp[2]:
[0] prec(18) sgnd(1) [2] prec(5) sgnd(1)
[ERROR] Marker handler function failed to read the marker segment
ERROR -> opj_decompress: failed to read the header

opj_decompress -i id_000020,sig_06,src_001958,op_flip4,pos_149 -o test.png

[INFO] Start to read j2k main header (0).
[ERROR] Invalid precision and/or sgnd values for comp[1]:
[0] prec(2) sgnd(1) [1] prec(18) sgnd(1)
[ERROR] Marker handler function failed to read the marker segment
ERROR -> opj_decompress: failed to read the header

opj_decompress -i id_000026,sig_08,src_002419,op_int32,pos_60,val_+32 -o test.png

[INFO] Start to read j2k main header (0).
[INFO] Main header has been correctly decoded.
[INFO] No decoded area parameters, set the decoded area to the whole image
[INFO] Psot value of the current tile-part is equal to zero, we assuming it is the last tile-part of the codestream.
[INFO] Header of tile 1 / 1 has been read.
[INFO] Tile 1/1 has been decoded.
[INFO] Image data has been updated with tile 1.

/sources/LIB/IMAGE_FORMATS/OPENJPEG/VERSION-2.2/openjpeg2-2017-05-11-1/src/bin/common/color.c:350:color_sycc_to_rgb
CAN NOT CONVERT
imagetopng: All components shall have the same subsampling, same bit depth, same sign.
Aborting
[ERROR] Error generating png file. Outfile test.png not generated

opj_decompress -i id_000034,sig_11,src_003240,op_flip1,pos_22 -o test.png

[INFO] Start to read j2k main header (0).
[ERROR] Invalid precision and/or sgnd values for comp[2]:
[0] prec(18) sgnd(1) [2] prec(5) sgnd(1)
[ERROR] Marker handler function failed to read the marker segment
ERROR -> opj_decompress: failed to read the header

opj_decompress -i id_000098,sig_11,src_005411,op_havoc,rep_2 -o test.png

[INFO] Start to read j2k main header (0).
[ERROR] Invalid precision and/or sgnd values for comp[2]:
[0] prec(18) sgnd(1) [2] prec(5) sgnd(1)
[ERROR] Marker handler function failed to read the marker segment
ERROR -> opj_decompress: failed to read the header

[INFO] Start to read j2k main header (0).
[INFO] Main header has been correctly decoded.
[INFO] No decoded area parameters, set the decoded area to the whole image
ERROR -> opj_decompress: failed to decode image!

[rouault]

All test cases of https://github.com/rwhitworth/openjpeg-fuzz/tree/master/2017-05-23 are now fixed. Closing