Bug 1652624 - There is an illegal READ memory access at caca/dither.c:1337 (function:get_rgba_default )in libcaca latest version.
Summary: There is an illegal READ memory access at caca/dither.c:1337 (function:get_rg...
Status: NEW
Alias: None
Product: Fedora
Classification: Fedora
Component: libcaca
Version: rawhide
Hardware: All
OS: All
unspecified
urgent
Target Milestone: ---
Assignee: Matthias Saou
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-11-22 13:28 UTC by shuitao gan
Modified: 2018-12-29 14:20 UTC (History)
5 users (show)

(edit)
Clone Of:
(edit)
Last Closed:


Attachments (Terms of Use)
./img2txt POC3 (74 bytes, image/bmp)
2018-11-22 13:28 UTC, shuitao gan
no flags Details

Description shuitao gan 2018-11-22 13:28:06 UTC
Created attachment 1507961 [details]
./img2txt POC3

version: libcaca0.99beta19
Summary: 

There is an illegal READ memory access at caca/dither.c:1337 (function:get_rgba_default )in libcaca latest version.

Description:

The asan debug is as follows:

$./img2txt POC3

==27737==ERROR: AddressSanitizer: SEGV on unknown address 0x7f71ea60cc0e (pc 0x7f71eeaafdf4 bp 0x0000000002a3 sp 0x7ffd06944bf0 T0)
==27737==The signal is caused by a READ memory access.
    #0 0x7f71eeaafdf3 in get_rgba_default /home/company/real/libcaca-master/caca/dither.c:1337
    #1 0x7f71eeab2a16 in caca_dither_bitmap /home/company/real/libcaca-master/caca/dither.c:1009
    #2 0x56414976496e in main /home/company/real/libcaca-master/src/img2txt.c:210
    #3 0x7f71ee6d01c0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x211c0)
    #4 0x564149764f09 in _start (/home/company/real/libcaca-master/install_asan/bin/img2txt+0x2f09)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/company/real/libcaca-master/caca/dither.c:1337 in get_rgba_default
==27737==ABORTING




 static void get_rgba_default(caca_dither_t const *d, uint8_t const *pixels,
1313                              int x, int y, unsigned int *rgba)
1314 {
1315     uint32_t bits;
1316 
1317     pixels += (d->bpp / 8) * x + d->pitch * y;
1318 
1319     switch(d->bpp / 8)
1320     {
1321         case 4:
1322             bits = *(uint32_t const *)pixels;
1323             break;
1324         case 3:
1325         {
1326 #if defined(HAVE_ENDIAN_H)
1327             if(__BYTE_ORDER == __BIG_ENDIAN)
1328 #else
1329             /* This is compile-time optimised with at least -O1 or -Os */
1330             uint32_t const tmp = 0x12345678;
1331             if(*(uint8_t const *)&tmp == 0x12)
1332 #endif
1333                 bits = ((uint32_t)pixels[0] << 16) |
1334                        ((uint32_t)pixels[1] << 8) |
1335                        ((uint32_t)pixels[2]);
1336             else
1337                 bits = ((uint32_t)pixels[2] << 16) |   //illegal READ memory access
1338                        ((uint32_t)pixels[1] << 8) |
1339                        ((uint32_t)pixels[0]);
1340             break;
1341         }
1342         case 2:
1343             bits = *(uint16_t const *)pixels;
1344             break;
1345         case 1:
1346         default:
1347             bits = pixels[0];
1348             break;
1349     }
1350 
1351     if(d->has_palette)

Comment 1 Leonardo Taccari 2018-12-28 22:39:47 UTC
Hello shuitao!
was this reported upstream?  If not, can you please share this problem also with them?


Thank you!

Comment 2 Henri Salo 2018-12-29 03:29:07 UTC
Reported to upstream https://github.com/cacalabs/libcaca/issues/39

Comment 3 Leonardo Taccari 2018-12-29 14:20:13 UTC
Thank you very much Henri!


Note You need to log in before you can comment on or make changes to this bug.