Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Various memory access issues found via fuzzing #448

Closed
gcode-importer opened this issue Dec 4, 2014 · 5 comments
Closed

Various memory access issues found via fuzzing #448

gcode-importer opened this issue Dec 4, 2014 · 5 comments
Assignees
@detonin
Labels
bug Priority-Critical Restrict-View-CoreTeam

Comments

@gcode-importer
Copy link

Originally reported on Google Code with ID 448

The attached files will expose memory access issues in openjpeg (tested with opj_decompress
on latest svn code).

sample2.j2k will crash opj_decompress, the other two (sample0.j2k, sample1.j2k) can
only be seen when using additional debugging tools like valgrind or address sanitizer.
I'll attach address sanitizer output for further analysis.

Reported by [email protected] on 2014-12-04 18:52:36

- _Attachment: [sample0.j2k](https://storage.googleapis.com/google-code-attachments/openjpeg/issue-448/comment-0/sample0.j2k)_ - _Attachment: [sample0.asan.log](https://storage.googleapis.com/google-code-attachments/openjpeg/issue-448/comment-0/sample0.asan.log)_ - _Attachment: [sample1.j2k](https://storage.googleapis.com/google-code-attachments/openjpeg/issue-448/comment-0/sample1.j2k)_ - _Attachment: [sample1.asan.log](https://storage.googleapis.com/google-code-attachments/openjpeg/issue-448/comment-0/sample1.asan.log)_ - _Attachment: [sample2.j2k](https://storage.googleapis.com/google-code-attachments/openjpeg/issue-448/comment-0/sample2.j2k)_ - _Attachment: [sample2.asan.log](https://storage.googleapis.com/google-code-attachments/openjpeg/issue-448/comment-0/sample2.asan.log)_
@gcode-importer
Copy link
Author 

All issues reproduced on trunk (r2949).

Reported by mayeut on 2014-12-04 21:02:17

  • Status changed: Accepted
  • Labels added: Priority-Critical, Restrict-View-CoreTeam
  • Labels removed: Priority-Medium

@gcode-importer
Copy link
Author 

@antonin,

Seems to be the same issue as Issue 394 for sample0.j2k & sample1.j2k

I'll have a look at sample2.j2k when I get a chance (in imagetoxxx, whatever xxx is).

Reported by mayeut on 2014-12-04 21:20:38

@rouault
Copy link
Collaborator

rouault commented Aug 9, 2017

@detonin Could you attach https://storage.googleapis.com/google-code-attachments/openjpeg/issue-448/comment-0/sample0.j2k , https://storage.googleapis.com/google-code-attachments/openjpeg/issue-448/comment-0/sample1.j2k , https://storage.googleapis.com/google-code-attachments/openjpeg/issue-448/comment-0/sample2.j2k here ? (permission denied for me)

@detonin
Copy link
Contributor

detonin commented Aug 9, 2017

Most of the google code issues are still available (and the IDs correspond to the github ones) but this is apparently not the case for the issues that were marked as "private" in Google Code, like this one. Unfortunately, I do not know at this point a way to login back into Google Code to get access to it.
https://code.google.com/archive/p/openjpeg/

@rouault
Copy link
Collaborator

rouault commented Aug 18, 2017

Google answer to our request to access those tickets : """ Unfortunately the Google Code Archive only
contains public project data, so restricted-access issues are no longer
available."""

So closing as there's nothing actionable anymore... Hopefully those issues have been spotted by other people doing fuzzing or will be by OSS-Fuzz

@rouault rouault closed this as completed Aug 18, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@detonin detonin

Labels
bug Priority-Critical Restrict-View-CoreTeam
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@detonin @rouault @gcode-importer