SEGV libheif/libheif/exif.cc:88 in find_exif_tag #1042
Description
Description
SEGV libheif/libheif/exif.cc:88 in find_exif_tag
Version
heif-convert libheif version: 1.17.5
-------------------------------------------
Usage: heif-convert [options] <input-image> [output-image]
The program determines the output file format from the output filename suffix.
These suffixes are recognized: jpg, jpeg, png, y4m. If no output filename is specified, 'jpg' is used.
Options:
-h, --help show help
-v, --version show version
-q, --quality quality (for JPEG output)
-o, --output FILENAME write output to FILENAME (optional)
-d, --decoder ID use a specific decoder (see --list-decoders)
--with-aux also write auxiliary images (e.g. depth images)
--with-xmp write XMP metadata to file (output filename with .xmp suffix)
--with-exif write EXIF metadata to file (output filename with .exif suffix)
--skip-exif-offset skip EXIF metadata offset bytes
--no-colons replace ':' characters in auxiliary image filenames with '_'
--list-decoders list all available decoders (built-in and plugins)
--quiet do not output status messages to console
-C, --chroma-upsampling ALGO Force chroma upsampling algorithm (nn = nearest-neighbor / bilinear)
--png-compression-level # Set to integer between 0 (fastest) and 9 (best). Use -1 for default.
Replay
cd libheif
mkdir build && cd build
CC="gcc -fsanitize=address" CXX="g++ -fsanitize=address" cmake --preset=release ..
make -j
./examples/heif-convert ./poc test.png
ASAN
=================================================================
==216883==ERROR: AddressSanitizer: SEGV on unknown address 0x60b0b184d2bc (pc 0x55f4628c3ca8 bp 0x00004e7b34c8 sp 0x7ffe414d49b0 T0)
==216883==The signal is caused by a READ memory access.
#0 0x55f4628c3ca8 in find_exif_tag eva/put/libheif/libheif/exif.cc:88
#1 0x55f4628c536b in modify_exif_tag_if_it_exists(unsigned char*, int, unsigned short, unsigned short) eva/put/libheif/libheif/exif.cc:124
#2 0x55f4628c536b in modify_exif_orientation_tag_if_it_exists(unsigned char*, int, unsigned short) eva/put/libheif/libheif/exif.cc:140
#3 0x55f4628cac75 in PngEncoder::Encode(heif_image_handle const*, heif_image const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) eva/put/libheif/examples/encoder_png.cc:126
#4 0x55f4628b4c99 in main eva/put/libheif/examples/heif_convert.cc:509
#5 0x7fb342a29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#6 0x7fb342a29e3f in __libc_start_main_impl ../csu/libc-start.c:392
#7 0x55f4628bd254 in _start (eva/put/libheif/build/examples/heif-convert+0x15254)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV eva/put/libheif/libheif/exif.cc:88 in find_exif_tag
==216883==ABORTING
POC
Environment
Description: Ubuntu 22.04.2 LTS
gcc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0
Credit
Yuchuan Meng (Fudan University)