Skip to content

Crash in vips_foreign_load_jp2k_pack #4154

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
mika-fischer opened this issue Sep 16, 2024 · 3 comments
Closed

Crash in vips_foreign_load_jp2k_pack #4154

mika-fischer opened this issue Sep 16, 2024 · 3 comments
Labels
bug

Comments

@mika-fischer
Copy link

Certain images from the openjpeg test data repo cause vips to crash

Steps to reproduce the behavior:

  1. Download e.g. Bretagne2_4.j2k
  2. vips copy Bretagne2_4.j2k foo.jpg
  3. Crash

This happens with the windows builds from 8.15.3 down until 8.12.0. 8.11.4 does not crash. Unfortunately these builds do not contain debug info. But with our custom builds we get the following stack traces on Linux and Windows:

(gdb) bt
#0  0x00007ffff69c0684 in vips_foreign_load_jp2k_pack () from ../lib/libvips.so.42
#1  0x00007ffff69c2ec5 in vips_foreign_load_jp2k_generate_untiled () from ../lib/libvips.so.42
#2  0x00007ffff6b7198e in vips_region_prepare_to_generate () from ../lib/libvips.so.42
#3  0x00007ffff6b7ece0 in vips_region_prepare_to () from ../lib/libvips.so.42
#4  0x00007ffff6acf552 in vips_tile_cache_gen () from ../lib/libvips.so.42
#5  0x00007ffff6b7044f in vips_region_generate () from ../lib/libvips.so.42
#6  0x00007ffff6b71085 in vips_region_fill () from ../lib/libvips.so.42
#7  0x00007ffff6b7eae9 in vips_region_prepare () from ../lib/libvips.so.42
#8  0x00007ffff6b61909 in vips_image_write_gen () from ../lib/libvips.so.42
#9  0x00007ffff6b7044f in vips_region_generate () from ../lib/libvips.so.42
#10 0x00007ffff6b71085 in vips_region_fill () from ../lib/libvips.so.42
#11 0x00007ffff6b7eae9 in vips_region_prepare () from ../lib/libvips.so.42
#12 0x00007ffff69bd439 in vips_foreign_load_generate () from ../lib/libvips.so.42
#13 0x00007ffff6b7044f in vips_region_generate () from ../lib/libvips.so.42
#14 0x00007ffff6b71085 in vips_region_fill () from ../lib/libvips.so.42
#15 0x00007ffff6b7eae9 in vips_region_prepare () from ../lib/libvips.so.42
#16 0x00007ffff6adfcb9 in vips_copy_gen () from ../lib/libvips.so.42
#17 0x00007ffff6b7044f in vips_region_generate () from ../lib/libvips.so.42
#18 0x00007ffff6b71085 in vips_region_fill () from ../lib/libvips.so.42
#19 0x00007ffff6b7eae9 in vips_region_prepare () from ../lib/libvips.so.42
#20 0x00007ffff6b61909 in vips_image_write_gen () from ../lib/libvips.so.42
#21 0x00007ffff6b7044f in vips_region_generate () from ../lib/libvips.so.42
#22 0x00007ffff6b71085 in vips_region_fill () from ../lib/libvips.so.42
#23 0x00007ffff6b7eae9 in vips_region_prepare () from ../lib/libvips.so.42
#24 0x00007ffff6adfcb9 in vips_copy_gen () from ../lib/libvips.so.42
#25 0x00007ffff6b7198e in vips_region_prepare_to_generate () from ../lib/libvips.so.42
#26 0x00007ffff6b7ece0 in vips_region_prepare_to () from ../lib/libvips.so.42
#27 0x00007ffff6b69428 in wbuffer_work_fn () from ../lib/libvips.so.42
#28 0x00007ffff6b53229 in vips_thread_main_loop () from ../lib/libvips.so.42
#29 0x00007ffff6b5293a in vips_threadset_work () from ../lib/libvips.so.42
#30 0x00007ffff6b5245f in vips_thread_run () from ../lib/libvips.so.42
#31 0x00007ffff67e56ad in g_thread_proxy () from ../lib/libglib-2.0.so.0
#32 0x00007ffff651aac3 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
#33 0x00007ffff65ac850 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
2024-09-16_16h21_58

Let me know if I can help resolving this issue.
@mika-fischer
Copy link
Author

Here's a better stack trace:

zsh ❯ LD_LIBRARY_PATH=lib gdb --args bin/vips copy openjpeg-data/baseline/nonregression/Bretagne2_4.j2k foo.jpg
[...]
(gdb) r
Starting program: /home/mfischer/src/videmo/packages/libvips/artifacts/libvips-8.15.3-x86_64-linux/bin/vips copy /shared/data/videmo360/pictures/formats/openjpeg-data/baseline/nonregression/Bretagne2_4.j2k foo.jpg
[...]
Thread 53 "libvips worker" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff3cff9640 (LWP 596391)]
0x00007ffff69c0684 in vips_foreign_load_jp2k_pack (upsample=0, image=0x4ea830, im=0x7fff08026a00, q=q@entry=0x7ffff40b4248 "BTyBTyBTyBTyBTyBTyBTyBTyBTyBTyBTyBTyBTyBTyBTyBTyBTyBTyBTyBTyBTyBTyBTyBTyBTyBTyCUzCUzCUzCUzCUzCUzCUzCUzCUzCUzCUzCUzCUzCUzCUzCUzCU{DV{DV{DV{DV{DV{DV{DV{DUzDUzDUzDUzDUzDUzDUzDUzFV{FV{FV{FV{FV{FV{FV{FV{FV"..., left=left@entry=0, 
    top=top@entry=211, length=512) at ../../src/vips-8.15.3/libvips/foreign/jp2kload.c:658
warning: 658    ../../src/vips-8.15.3/libvips/foreign/jp2kload.c: No such file or directory
(gdb) bt
#0  0x00007ffff69c0684 in vips_foreign_load_jp2k_pack (upsample=0, image=0x4ea830, im=0x7fff08026a00, q=q@entry=0x7ffff40b4248 "BTyBTyBTyBTyBTyBTyBTyBTyBTyBTyBTyBTyBTyBTyBTyBTyBTyBTyBTyBTyBTyBTyBTyBTyBTyBTyCUzCUzCUzCUzCUzCUzCUzCUzCUzCUzCUzCUzCUzCUzCUzCUzCU{DV{DV{DV{DV{DV{DV{DV{DUzDUzDUzDUzDUzDUzDUzDUzFV{FV{FV{FV{FV{FV{FV{FV{FV"..., left=left@entry=0, 
    top=top@entry=211, length=512) at ../../src/vips-8.15.3/libvips/foreign/jp2kload.c:658
#1  0x00007ffff69c2ec5 in vips_foreign_load_jp2k_generate_untiled (out=0x7fff0403e460, seq=<optimized out>, a=0x4dc220, b=<optimized out>, stop=<optimized out>) at ../../src/vips-8.15.3/libvips/foreign/jp2kload.c:839
#2  0x00007ffff6b7198e in vips_region_generate (reg=0x7fff0403e460, a=0x0) at ../../src/vips-8.15.3/libvips/iofuncs/region.c:1624
#3  vips_region_prepare_to_generate (reg=reg@entry=0x7fff0403e460, dest=dest@entry=0x7fff0403e7a0, r=r@entry=0x7fff3cff87f0, x=x@entry=0, y=y@entry=0) at ../../src/vips-8.15.3/libvips/iofuncs/region.c:1748
#4  0x00007ffff6b7ece0 in vips_region_prepare_to (reg=reg@entry=0x7fff0403e460, dest=0x7fff0403e7a0, r=r@entry=0x7fff0403e6bc, x=0, y=0) at ../../src/vips-8.15.3/libvips/iofuncs/region.c:1887
#5  0x00007ffff6acf552 in vips_tile_cache_gen (out_region=0x7fff04032100, seq=0x7fff0403e460, a=<optimized out>, b=0x7fff08027440, stop=0x7fff3cff88dc) at ../../src/vips-8.15.3/libvips/conversion/tilecache.c:689
#6  0x00007ffff6b7044f in vips_region_generate (reg=reg@entry=0x7fff04032100, a=a@entry=0x0) at ../../src/vips-8.15.3/libvips/iofuncs/region.c:1624
#7  0x00007ffff6b71085 in vips_region_fill (reg=reg@entry=0x7fff04032100, r=r@entry=0x7fff04025d78, fn=fn@entry=0x7ffff6b70410 <vips_region_generate>, a=a@entry=0x0) at ../../src/vips-8.15.3/libvips/iofuncs/region.c:881
#8  0x00007ffff6b7eae9 in vips_region_prepare (reg=reg@entry=0x7fff04032100, r=r@entry=0x7fff04025d78) at ../../src/vips-8.15.3/libvips/iofuncs/region.c:1692
#9  0x00007ffff6b61909 in vips_image_write_gen (out_region=0x7fff04025d20, seq=0x7fff04032100, a=<optimized out>, b=<optimized out>, stop=<optimized out>) at ../../src/vips-8.15.3/libvips/iofuncs/image.c:2598
#10 0x00007ffff6b7044f in vips_region_generate (reg=reg@entry=0x7fff04025d20, a=a@entry=0x0) at ../../src/vips-8.15.3/libvips/iofuncs/region.c:1624
#11 0x00007ffff6b71085 in vips_region_fill (reg=reg@entry=0x7fff04025d20, r=r@entry=0x7fff040199e8, fn=fn@entry=0x7ffff6b70410 <vips_region_generate>, a=a@entry=0x0) at ../../src/vips-8.15.3/libvips/iofuncs/region.c:881
#12 0x00007ffff6b7eae9 in vips_region_prepare (reg=reg@entry=0x7fff04025d20, r=r@entry=0x7fff040199e8) at ../../src/vips-8.15.3/libvips/iofuncs/region.c:1692
#13 0x00007ffff69bd439 in vips_foreign_load_generate (out_region=0x7fff04019990, seq=0x7fff04025d20, a=<optimized out>, b=<optimized out>, stop=<optimized out>) at ../../src/vips-8.15.3/libvips/foreign/foreign.c:1066
#14 0x00007ffff6b7044f in vips_region_generate (reg=reg@entry=0x7fff04019990, a=a@entry=0x0) at ../../src/vips-8.15.3/libvips/iofuncs/region.c:1624
#15 0x00007ffff6b71085 in vips_region_fill (reg=reg@entry=0x7fff04019990, r=r@entry=0x7fff0400d658, fn=fn@entry=0x7ffff6b70410 <vips_region_generate>, a=a@entry=0x0) at ../../src/vips-8.15.3/libvips/iofuncs/region.c:881
#16 0x00007ffff6b7eae9 in vips_region_prepare (reg=reg@entry=0x7fff04019990, r=r@entry=0x7fff0400d658) at ../../src/vips-8.15.3/libvips/iofuncs/region.c:1692
#17 0x00007ffff6adfcb9 in vips_copy_gen (out_region=0x7fff0400d600, seq=0x7fff04019990, a=<optimized out>, b=<optimized out>, stop=<optimized out>) at ../../src/vips-8.15.3/libvips/conversion/copy.c:140
#18 0x00007ffff6b7044f in vips_region_generate (reg=reg@entry=0x7fff0400d600, a=a@entry=0x0) at ../../src/vips-8.15.3/libvips/iofuncs/region.c:1624
#19 0x00007ffff6b71085 in vips_region_fill (reg=reg@entry=0x7fff0400d600, r=r@entry=0x7fff040010e8, fn=fn@entry=0x7ffff6b70410 <vips_region_generate>, a=a@entry=0x0) at ../../src/vips-8.15.3/libvips/iofuncs/region.c:881
#20 0x00007ffff6b7eae9 in vips_region_prepare (reg=reg@entry=0x7fff0400d600, r=r@entry=0x7fff040010e8) at ../../src/vips-8.15.3/libvips/iofuncs/region.c:1692
#21 0x00007ffff6b61909 in vips_image_write_gen (out_region=0x7fff04001090, seq=0x7fff0400d600, a=<optimized out>, b=<optimized out>, stop=<optimized out>) at ../../src/vips-8.15.3/libvips/iofuncs/image.c:2598
#22 0x00007ffff6b7044f in vips_region_generate (reg=reg@entry=0x7fff04001090, a=a@entry=0x0) at ../../src/vips-8.15.3/libvips/iofuncs/region.c:1624
#23 0x00007ffff6b71085 in vips_region_fill (reg=reg@entry=0x7fff04001090, r=r@entry=0x7fff04000c68, fn=fn@entry=0x7ffff6b70410 <vips_region_generate>, a=a@entry=0x0) at ../../src/vips-8.15.3/libvips/iofuncs/region.c:881
#24 0x00007ffff6b7eae9 in vips_region_prepare (reg=reg@entry=0x7fff04001090, r=r@entry=0x7fff04000c68) at ../../src/vips-8.15.3/libvips/iofuncs/region.c:1692
#25 0x00007ffff6adfcb9 in vips_copy_gen (out_region=0x7fff04000c10, seq=0x7fff04001090, a=<optimized out>, b=<optimized out>, stop=<optimized out>) at ../../src/vips-8.15.3/libvips/conversion/copy.c:140
#26 0x00007ffff6b7198e in vips_region_generate (reg=0x7fff04000c10, a=0x0) at ../../src/vips-8.15.3/libvips/iofuncs/region.c:1624
#27 vips_region_prepare_to_generate (reg=reg@entry=0x7fff04000c10, dest=dest@entry=0x4f3bd0, r=r@entry=0x7fff3cff8d40, x=x@entry=128, y=y@entry=0) at ../../src/vips-8.15.3/libvips/iofuncs/region.c:1748
#28 0x00007ffff6b7ece0 in vips_region_prepare_to (reg=0x7fff04000c10, dest=0x4f3bd0, r=r@entry=0x7fff04000bd0, x=128, y=0) at ../../src/vips-8.15.3/libvips/iofuncs/region.c:1887
#29 0x00007ffff6b69428 in wbuffer_work_fn (state=0x7fff04000b70, a=<optimized out>) at ../../src/vips-8.15.3/libvips/iofuncs/sinkdisc.c:431
#30 0x00007ffff6b53229 in vips_worker_work_unit (worker=0x512100) at ../../src/vips-8.15.3/libvips/iofuncs/threadpool.c:380
#31 vips_thread_main_loop (a=0x512100, b=<optimized out>) at ../../src/vips-8.15.3/libvips/iofuncs/threadpool.c:407
#32 0x00007ffff6b5293a in vips_threadset_work (pointer=0x512120) at ../../src/vips-8.15.3/libvips/iofuncs/threadset.c:134
#33 0x00007ffff6b5245f in vips_thread_run (data=0x5121c0) at ../../src/vips-8.15.3/libvips/iofuncs/thread.c:148
#34 0x00007ffff67e56ad in g_thread_proxy () from lib/libglib-2.0.so.0
#35 0x00007ffff651aac3 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
#36 0x00007ffff65ac850 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

@jcupitt
Copy link
Member

jcupitt commented Sep 16, 2024

Hi @mika-fischer,

I see this here too, I'll take a look. Thanks for the report!

jcupitt added a commit that referenced this issue Sep 18, 2024
@jcupitt
fix x0/y0 handling
57062e9 
We were not taking account of x0/y0 correctly.

See #4154

Thanks @mika-fischer
@jcupitt jcupitt mentioned this issue Sep 18, 2024
Merged
@jcupitt
Copy link
Member

jcupitt commented Sep 18, 2024

I made a PR which fixes this case at least. We should get those other test files working too.

Let's close this issue and continue any discussion in the PR.

@jcupitt jcupitt closed this as completed Sep 18, 2024
jcupitt added a commit that referenced this issue Sep 20, 2024
@jcupitt
make jp2kload work with the openjpeg test images (#4158)
f784d0b 
* fix x0/y0 handling
* fix tiled mode too
* add two tricky jp2k test images
* reject jp2k images without a valid container

We were not taking account of x0/y0 correctly.

Some valid jp2k images appear to be mono (for example) when you read the
header, but are RGB when decoded. This will break libvips's guarantees
about header and image being consistent, so we can't load them.

Reject all images of this type.

See #4154

Thanks @mika-fischer
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mika-fischer @jcupitt