Discussion:
[gs-bugs] [Bug 696871] - Ghostscript - Luratech jpx image decoder fails in valgrind
b***@artifex.com
2016-06-26 06:41:31 UTC
Permalink
http://bugs.ghostscript.com/show_bug.cgi?id=696871

Bug ID: 696871
Summary: Luratech jpx image decoder fails in valgrind
Product: Ghostscript
Version: master
Hardware: PC
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: P4
Component: JPX/JBIG2 encode/decode
Assignee: ***@artifex.com
Reporter: ***@hotmail.com
QA Contact: gs-***@ghostscript.com
Word Size: ---

I compiled the jp2_demo program under linux (using the attached makefile). Next
I ran valgrind ./jp2_demo d -o test.tif -i file.jp2 for all files in
https://github.com/uclouvain/openjpeg-data

While doing so I noticed that the following files consistenly segfaulted:

input/nonregression/issue775.j2k
input/nonregression/issue775-2.j2k

Moreoever the following files generated various warnings in valgrind:

input/conformance/p0_13.j2k
input/conformance/p1_06.j2k
input/nonregression/1851.pdf.SIGSEGV.ce9.948.jp2
input/nonregression/4241ac039aba57e6a9c948d519d94216_asan_heap-input/nonregression/oob_14650f2_7469_602.jp2
input/nonregression/451.pdf.SIGSEGV.5b5.3723.jp2
input/nonregression/451.pdf.SIGSEGV.f4c.3723.jp2
input/nonregression/dwt_interleave_h.gsr105.jp2
input/nonregression/edf_c2_1000691.jp2
input/nonregression/gdal_fuzzer_check_number_of_tiles.jp2
input/nonregression/issue363-4723.jp2
input/nonregression/issue363-4740.jp2
input/nonregression/issue391.jp2
input/nonregression/issue397.jp2
input/nonregression/issue399.j2k
input/nonregression/issue414.jp2
input/nonregression/issue429.jp2
input/nonregression/issue432.jp2
input/nonregression/text_GBR.jp2
input/nonregression/v4dwt_interleave_h.gsr105.j2k

This proves that the valgrind issues are with the Luratech jpx decoder itself
rather than with gs, but should any of these files be embedded in a .pdf-file
then this is likely to cause problems in valgrind for Ghostscript (and in the
future MuPDF).
--
You are receiving this mail because:
You are the QA Contact for the bug.
b***@artifex.com
2016-06-26 07:06:34 UTC
Permalink
http://bugs.ghostscript.com/show_bug.cgi?id=696871

--- Comment #2 from Sebastian Rasmussen <***@hotmail.com> ---
In addition it looks like in.pdf from 689362 also causes a valgrind error.
--
You are receiving this mail because:
You are the QA Contact for the bug.
b***@artifex.com
2016-06-27 20:18:23 UTC
Permalink
http://bugs.ghostscript.com/show_bug.cgi?id=696871

--- Comment #3 from Henry Stiles <***@artifex.com> ---
Reported to Luratech.
--
You are receiving this mail because:
You are the QA Contact for the bug.
b***@artifex.com
2016-07-27 17:08:56 UTC
Permalink
http://bugs.ghostscript.com/show_bug.cgi?id=696871

--- Comment #4 from Sebastian Rasmussen <***@hotmail.com> ---
A similar error was using the attachment from 696945, which proves that these
errors indeed affect real world cases, not just testsuites:

...
page Boswell.pdf 178 156ms
==19941== Source and destination overlap in memcpy(0x47a65d0, 0x47a65d0, 32)
==19941== at 0x4030CF9: memcpy (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==19941== by 0x82B5870: _JP2_Wavelet_Synthesis_Vertical_Fixed
(jp2d_wavelet_lifting.c:1176)
==19941== by 0x82B5CCD: _JP2_Wavelet_Synthesis_Vertical
(jp2d_wavelet_lifting.c:1478)
==19941== by 0x82B5FE1: _JP2_Wavelet_Synthesis (jp2d_wavelet_lifting.c:1623)
==19941== by 0x82B6035: JP2_Wavelet_Synthesis_Next_Line
(jp2d_wavelet_lifting.c:1651)
==19941== by 0x82B5E7C: _JP2_Wavelet_Synthesis (jp2d_wavelet_lifting.c:1564)
==19941== by 0x82B6035: JP2_Wavelet_Synthesis_Next_Line
(jp2d_wavelet_lifting.c:1651)
==19941== by 0x82B5E7C: _JP2_Wavelet_Synthesis (jp2d_wavelet_lifting.c:1564)
==19941== by 0x82B6035: JP2_Wavelet_Synthesis_Next_Line
(jp2d_wavelet_lifting.c:1651)
==19941== by 0x82B5E7C: _JP2_Wavelet_Synthesis (jp2d_wavelet_lifting.c:1564)
==19941== by 0x82B6035: JP2_Wavelet_Synthesis_Next_Line
(jp2d_wavelet_lifting.c:1651)
==19941== by 0x82B5E7C: _JP2_Wavelet_Synthesis (jp2d_wavelet_lifting.c:1564)
==19941==
page Boswell.pdf 177 417ms
...
--
You are receiving this mail because:
You are the QA Contact for the bug.
b***@artifex.com
2017-02-19 16:39:36 UTC
Permalink
http://bugs.ghostscript.com/show_bug.cgi?id=696871

Henry Stiles <***@artifex.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
Assignee|***@artifex.com |***@hotmail.co.
| |uk
--
You are receiving this mail because:
You are the QA Contact for the bug.
b***@artifex.com
2017-10-16 13:33:36 UTC
Permalink
http://bugs.ghostscript.com/show_bug.cgi?id=696871

Chris Liddell (chrisl) <***@artifex.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
Group| |Security
Priority|P4 |P1
Version|master |unspecified
Product|Ghostscript |Security
Component|JPX/JBIG2 encode/decode |Security
Severity|normal |blocker
--
You are receiving this mail because:
You are the QA Contact for the bug.
b***@artifex.com
2017-12-01 13:23:45 UTC
Permalink
http://bugs.ghostscript.com/show_bug.cgi?id=696871

Chris Liddell (chrisl) <***@artifex.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |***@artifex.com
Assignee|***@hotmail.co. |luratech-***@artifex.com
|uk |
--
You are receiving this mail because:
You are the QA Contact for the bug.
b***@artifex.com
2017-12-01 13:41:04 UTC
Permalink
http://bugs.ghostscript.com/show_bug.cgi?id=696871

Sebastian Rasmussen <***@hotmail.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
Assignee|luratech-***@artifex.com |***@hotmail.com
--
You are receiving this mail because:
You are the QA Contact for the bug.
Loading...