Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SIGILL openjpeg-2.5.0/src/lib/openjp2/ht_dec.c:330 in mel_init #1500

Open
schsiung opened this issue Jan 2, 2024 · 1 comment
Open

SIGILL openjpeg-2.5.0/src/lib/openjp2/ht_dec.c:330 in mel_init #1500

schsiung opened this issue Jan 2, 2024 · 1 comment

Comments

@schsiung
Copy link

schsiung commented Jan 2, 2024

Expected behavior and actual behavior.

Expect
POC_openjpeg-2.5.0.tar.gz
running without signal SIGILL.

Steps to reproduce the problem.

  1. ./opj_decompress -i id:000000.j2k -o 1.pgm
 ./opj_decompress -i id:000000.j2k -o 1.pgm
[AFL++ 4547ba12d0d6] /data/openeuler/openjpeg2/openjpeg-2.5.0/build/bin # ./opj_decompress -i /data/openeuler/openjpeg2/openjpeg-2.5.0/tests/fuzzers/id:000000.j2k -o 1.pgm

[INFO] Start to read j2k main header (0).
[INFO] Main header has been correctly decoded.
[INFO] No decoded area parameters, set the decoded area to the whole image
[INFO] Header of tile 1 / 1 has been read.
Illegal instruction
  1. GDB info gdb ./opj_decompress
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./opj_decompress...
(gdb) run -i /data/openeuler/openjpeg2/openjpeg-2.5.0/tests/fuzzers/id:000000.j2k -o 1.pgm
Starting program: /data/openeuler/openjpeg2/openjpeg-2.5.0/build/bin/opj_decompress -i /data/openeuler/openjpeg2/openjpeg-2.5.0/tests/fuzzers/id:000000.j2k -o 1.pgm
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

[INFO] Start to read j2k main header (0).
[INFO] Main header has been correctly decoded.
[INFO] No decoded area parameters, set the decoded area to the whole image
[INFO] Header of tile 1 / 1 has been read.

Program received signal SIGILL, Illegal instruction.
0x00007ffff7d1931d in opj_t1_ht_decode_cblk (t1=<optimized out>, cblk=<optimized out>, orient=<optimized out>, roishift=<optimized out>, cblksty=<optimized out>, p_manager=<optimized out>, p_manager_mutex=<optimized out>, check_pterm=<optimized out>) at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/lib/openjp2/ht_dec.c:330
330             melp->unstuff = ((d & 0xFF) == 0xFF); //true of next byte needs
(gdb) bt
#0  0x00007ffff7d1931d in opj_t1_ht_decode_cblk (t1=<optimized out>, cblk=<optimized out>, orient=<optimized out>, roishift=<optimized out>, cblksty=<optimized out>, p_manager=<optimized out>, 
    p_manager_mutex=<optimized out>, check_pterm=<optimized out>) at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/lib/openjp2/ht_dec.c:330
#1  0x00007ffff7e4d90e in opj_t1_clbl_decode_processor (user_data=0x607000000790, tls=<optimized out>) at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/lib/openjp2/t1.c:1690
#2  0x00007ffff7cb64c5 in opj_thread_pool_submit_job (tp=<optimized out>, job_fn=0x7ffff7e4d020 <opj_t1_clbl_decode_processor>, user_data=0x607000000790)
    at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/lib/openjp2/thread.c:835
#3  0x00007ffff7e4a011 in opj_t1_decode_cblks (tcd=0x60b000000250, pret=0x7fffffff8460, tilec=0x0, tccp=0x61f000000e80, p_manager=0x6100000000a8, p_manager_mutex=0x604000000110, check_pterm=1)
    at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/lib/openjp2/t1.c:1943
#4  0x00007ffff7f529bf in opj_tcd_t1_decode (p_tcd=0x6040000000d0, p_manager=<optimized out>) at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/lib/openjp2/tcd.c:2000
#5  opj_tcd_decode_tile (p_tcd=0x6040000000d0, win_x0=<optimized out>, win_y0=<optimized out>, win_x1=<optimized out>, win_y1=<optimized out>, numcomps_to_decode=<optimized out>, 
    comps_indices=<optimized out>, p_src=<optimized out>, p_max_length=<optimized out>, p_tile_no=<optimized out>, p_cstr_index=<optimized out>, p_manager=<optimized out>)
    at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/lib/openjp2/tcd.c:1654
#6  0x00007ffff7d9a8c7 in opj_j2k_decode_tile (p_j2k=<optimized out>, p_tile_index=<optimized out>, p_data=<optimized out>, p_data_size=<optimized out>, p_stream=0x60c000000040, 
    p_manager=<optimized out>) at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/lib/openjp2/j2k.c:9862
#7  0x00007ffff7dad1bc in opj_j2k_decode_tiles (p_j2k=<optimized out>, p_stream=<optimized out>, p_manager=<optimized out>)
    at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/lib/openjp2/j2k.c:11707
#8  0x00007ffff7d88e71 in opj_j2k_exec (p_j2k=0x6040000000d0, p_procedure_list=0x602000000030, p_stream=0x612000000740, p_manager=0x612000000748)
    at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/lib/openjp2/j2k.c:9006
#9  0x00007ffff7dac3f3 in opj_j2k_decode (p_j2k=0x613000000040, p_stream=0x612000000748, p_image=0x604000000050, p_manager=0x1)
    at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/lib/openjp2/j2k.c:12010
#10 0x00005555556878b3 in main (argc=<optimized out>, argv=<optimized out>) at /data/openeuler/openjpeg2/openjpeg-2.5.0/src/bin/jp2/opj_decompress.c:1582

Operating system

[AFL++ 4547ba12d0d6] /data/openeuler/openjpeg2/openjpeg-2.5.0/tests/fuzzers # uname -a
Linux 4547ba12d0d6 5.15.0-91-generic #101-Ubuntu SMP Tue Nov 14 13:30:08 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
[AFL++ 4547ba12d0d6] /data/openeuler/openjpeg2/openjpeg-2.5.0/tests/fuzzers #

openjpeg version

2.5.0
@rouault
Copy link
Collaborator

rouault commented Feb 18, 2024

I cannot reproduce with 2.5.0 nor master. Which build options did you use to build openjpeg?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rouault @schsiung