Skip to content

opj_decompress opj_j2k_update_image_data() Segment falut #948

New issue
New issue
Closed
Closed
opj_decompress opj_j2k_update_image_data() Segment falut#948
Labels
bug
@lcatro

Description

@lcatro
lcatro
opened on Jun 10, 2017

Crash File : https://raw.githubusercontent.com/sixtant/Fuzzing-Project/master/openjpeg/id_000000%2Csig_11%2Csrc_000001%2Cop_flip1%2Cpos_45.j2k Fuzzing by AFL

use valgrind for detect crash :

libfuzzer@libfuzzer-virtual-machine:~/fuzzing/openjpeg/bin$ valgrind ./opj_decompress -i fuzzing_decompress/crashes/id:000000,sig:11,src:000001,op:flip1,pos:45.j2k -o fuzzing_decompress/output.png
==23918== Memcheck, a memory error detector
==23918== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==23918== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==23918== Command: ./opj_decompress -i fuzzing_decompress/crashes/id:000000,sig:11,src:000001,op:flip1,pos:45.j2k -o fuzzing_decompress/output.png
==23918==

[INFO] Start to read j2k main header (0).
[INFO] Main header has been correctly decoded.
[INFO] No decoded area parameters, set the decoded area to the whole image
[INFO] Header of tile 1 / 1 has been read.
[INFO] Tile 1/1 has been decoded.
==23918==
==23918== Process terminating with default action of signal 11 (SIGSEGV)
==23918== General Protection Fault
==23918== at 0x4E9466C: opj_j2k_update_image_data.isra.14 (j2k.c:8948)
==23918== by 0x4EBDA5A: opj_j2k_decode_tiles (j2k.c:10354)
==23918== by 0x4E87CDD: opj_j2k_exec (j2k.c:7822)
==23918== by 0x4EC4CD2: opj_j2k_decode (j2k.c:10563)
==23918== by 0x40410D: main (opj_decompress.c:1435)
==23918==
==23918== HEAP SUMMARY:
==23918== in use at exit: 1,822,172 bytes in 454 blocks
==23918== total heap usage: 563 allocs, 109 frees, 1,846,807 bytes allocated
==23918==
==23918== LEAK SUMMARY:
==23918== definitely lost: 0 bytes in 0 blocks
==23918== indirectly lost: 0 bytes in 0 blocks
==23918== possibly lost: 0 bytes in 0 blocks
==23918== still reachable: 1,822,172 bytes in 454 blocks
==23918== suppressed: 0 bytes in 0 blocks
==23918== Rerun with --leak-check=full to see details of leaked memory
==23918==
==23918== For counts of detected and suppressed errors, rerun with: -v
==23918== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
Segment falut

Credit : Sixtant Security Lab

Metadata

Assignees

No one assigned

    Labels

    bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions