NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) #859
Description
DESCRIPTION
OPENJPEG null ptr dereference in convertbmp.c:2226
VERSION
OPENJPEG-2.1.2
Address Sanitizer Output
==25769==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000 (pc 0x0814979f bp 0xbfe95808 sp 0xbfe95720 T0)
#0 0x814979e (/home/yang/openjpeg/openjpeg-2.1.2/build-clang/bin/opj_decompress+0x814979e)
#1 0x81372ce (/home/yang/openjpeg/openjpeg-2.1.2/build-clang/bin/opj_decompress+0x81372ce)
#2 0xb7466636 (/lib/i386-linux-gnu/libc.so.6+0x18636)
#3 0x805f327 (/home/yang/openjpeg/openjpeg-2.1.2/build-clang/bin/opj_decompress+0x805f327)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/home/yang/openjpeg/openjpeg-2.1.2/build-clang/bin/opj_decompress+0x814979e)
GDB Information
Breakpoint 1, imagetoraw_common (image=0x9a065c0, outfile=0xbf8b9204 "image.raw", big_endian=1)
at /home/yang/openjpeg/openjpeg-2.1.2/src/bin/jp2/convert.c:2223
2223 ptr = image->comps[compno].data;
(rr) p image->comps[compno].data
$2 = (OPJ_INT32 *) 0x0
(rr) n
2224 for (line = 0; line < h; line++) {
(rr) n
2225 for(row = 0; row < w; row++) {
(rr) n
2226 curr = *ptr;
(rr) n
Program received signal SIGSEGV, Segmentation fault.
0x080528f5 in imagetoraw_common (image=0x9a065c0, outfile=0xbf8b9204 "image.raw", big_endian=1)
at /home/yang/openjpeg/openjpeg-2.1.2/src/bin/jp2/convert.c:2226
2226 curr = *ptr;
Analysis
image->comps[compno].data = NULL and it was assigned to ptr, so the program accesses to ptr, segment fault occurs.
Poc
Contact me if you need Poc file at [email protected]