Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

jasper crashes -- assertion failure #174

Closed
thuanpv opened this issue Apr 22, 2018 · 2 comments
Closed

jasper crashes -- assertion failure #174

thuanpv opened this issue Apr 22, 2018 · 2 comments

Comments

@thuanpv
Copy link

thuanpv commented Apr 22, 2018

Hi all,

This bug was found with AFLSmart, an extension of AFL. Thanks also to Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu.

This bug was found on Ubuntu 16.04 64-bit.

To reproduce:
imginfo -f jasper_crash1.jpg
Error message:

warning: trailing garbage in marker segment (214 bytes)
imginfo: /home/ubuntu/experiments/jasper/src/libjasper/jpc/jpc_dec.c:1296: jpc_dec_process_siz: Assertion `dec->numhtiles >= 0' failed.
Aborted

Valgrind says:

==34446== Process terminating with default action of signal 6 (SIGABRT)
==34446==    at 0x5236428: raise (raise.c:54)
==34446==    by 0x5238029: abort (abort.c:89)
==34446==    by 0x522EBD6: __assert_fail_base (assert.c:92)
==34446==    by 0x522EC81: __assert_fail (assert.c:101)
==34446==    by 0x4F118B6: jpc_dec_process_siz (jpc_dec.c:1296)
==34446==    by 0x4F1C1D8: jpc_dec_decode (jpc_dec.c:424)
==34446==    by 0x4F1C1D8: jpc_decode (jpc_dec.c:261)
==34446==    by 0x4EA8E03: jas_image_decode (jas_image.c:442)
==34446==    by 0x4018D5: main (imginfo.c:238)

Regards,
Thuan

jasper_crash1
@thoger
Copy link
Contributor

thoger commented May 29, 2018

The same assertion and traceback as in #165 - probably a duplicate.

@MaxKellermann
Copy link
Contributor

This vulnerability has been fixed in our fork: https://github.com/jasper-maint/jasper/

@jubalh jubalh closed this as completed in 1b1c591 Jul 28, 2020
jubalh added a commit to jubalh/buildroot that referenced this issue Jul 28, 2020
@jubalh
Update Jasper to 2.0.19
3c4f2bc 
Changes:
* Fix CVE-2018-9154
  jasper-software/jasper#215
  jasper-software/jasper#166
  jasper-software/jasper#175
  jasper-maint/jasper#8

* Fix CVE-2018-19541
  jasper-software/jasper#199
  jasper-maint/jasper#6

* Fix CVE-2016-9399, CVE-2017-13751
  jasper-maint/jasper#1

* Fix CVE-2018-19540
  jasper-software/jasper#182
  jasper-maint/jasper#22

* Fix CVE-2018-9055
  jasper-maint/jasper#9

* Fix CVE-2017-13748
  jasper-software/jasper#168

* Fix CVE-2017-5503, CVE-2017-5504, CVE-2017-5505
  jasper-maint/jasper#3
  jasper-maint/jasper#4
  jasper-maint/jasper#5
  jasper-software/jasper#88
  jasper-software/jasper#89
  jasper-software/jasper#90

* Fix CVE-2018-9252
  jasper-maint/jasper#16

* Fix CVE-2018-19139
  jasper-maint/jasper#14

* Fix CVE-2018-19543, CVE-2017-9782
  jasper-maint/jasper#13
  jasper-maint/jasper#18
  jasper-software/jasper#140
  jasper-software/jasper#182

* Fix CVE-2018-20570
  jasper-maint/jasper#11
  jasper-software/jasper#191

* Fix CVE-2018-20622
  jasper-maint/jasper#12
  jasper-software/jasper#193

* Fix CVE-2016-9398
  jasper-maint/jasper#10

* Fix CVE-2017-14132
  jasper-maint/jasper#17

* Fix CVE-2017-5499
  jasper-maint/jasper#2
  jasper-software/jasper#63

* Fix CVE-2018-18873
  jasper-maint/jasper#15
  jasper-software/jasper#184

* Fix jasper-software/jasper#207

* Fix jasper-software/jasper#194 part 1

* Fix CVE-2017-13750
  jasper-software/jasper#165
  jasper-software/jasper#174

* New option -DJAS_ENABLE_HIDDEN=true to not export internal symbols in the public symbol table

* Fix various memory leaks

* Plenty of code cleanups, and performance improvements
buildroot-auto-update pushed a commit to buildroot/buildroot that referenced this issue Aug 3, 2020
@jubalh @jacmet
package/jasper: security bump to version 2.0.19
d0f7b24 
Fixes the following security issues:
* Fix CVE-2018-9154
  jasper-software/jasper#215
  jasper-software/jasper#166
  jasper-software/jasper#175
  jasper-maint/jasper#8

* Fix CVE-2018-19541
  jasper-software/jasper#199
  jasper-maint/jasper#6

* Fix CVE-2016-9399, CVE-2017-13751
  jasper-maint/jasper#1

* Fix CVE-2018-19540
  jasper-software/jasper#182
  jasper-maint/jasper#22

* Fix CVE-2018-9055
  jasper-maint/jasper#9

* Fix CVE-2017-13748
  jasper-software/jasper#168

* Fix CVE-2017-5503, CVE-2017-5504, CVE-2017-5505
  jasper-maint/jasper#3
  jasper-maint/jasper#4
  jasper-maint/jasper#5
  jasper-software/jasper#88
  jasper-software/jasper#89
  jasper-software/jasper#90

* Fix CVE-2018-9252
  jasper-maint/jasper#16

* Fix CVE-2018-19139
  jasper-maint/jasper#14

* Fix CVE-2018-19543, CVE-2017-9782
  jasper-maint/jasper#13
  jasper-maint/jasper#18
  jasper-software/jasper#140
  jasper-software/jasper#182

* Fix CVE-2018-20570
  jasper-maint/jasper#11
  jasper-software/jasper#191

* Fix CVE-2018-20622
  jasper-maint/jasper#12
  jasper-software/jasper#193

* Fix CVE-2016-9398
  jasper-maint/jasper#10

* Fix CVE-2017-14132
  jasper-maint/jasper#17

* Fix CVE-2017-5499
  jasper-maint/jasper#2
  jasper-software/jasper#63

* Fix CVE-2018-18873
  jasper-maint/jasper#15
  jasper-software/jasper#184

* Fix CVE-2017-13750
  jasper-software/jasper#165
  jasper-software/jasper#174

Furthermore, drop now upstreamed patches and change to the new
jasper-software upstream location.

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
[Peter: reword for security bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
woodsts pushed a commit to woodsts/buildroot that referenced this issue Aug 18, 2020
@jubalh @jacmet
package/jasper: security bump to version 2.0.19
5a9d409 
Fixes the following security issues:
* Fix CVE-2018-9154
  jasper-software/jasper#215
  jasper-software/jasper#166
  jasper-software/jasper#175
  jasper-maint/jasper#8

* Fix CVE-2018-19541
  jasper-software/jasper#199
  jasper-maint/jasper#6

* Fix CVE-2016-9399, CVE-2017-13751
  jasper-maint/jasper#1

* Fix CVE-2018-19540
  jasper-software/jasper#182
  jasper-maint/jasper#22

* Fix CVE-2018-9055
  jasper-maint/jasper#9

* Fix CVE-2017-13748
  jasper-software/jasper#168

* Fix CVE-2017-5503, CVE-2017-5504, CVE-2017-5505
  jasper-maint/jasper#3
  jasper-maint/jasper#4
  jasper-maint/jasper#5
  jasper-software/jasper#88
  jasper-software/jasper#89
  jasper-software/jasper#90

* Fix CVE-2018-9252
  jasper-maint/jasper#16

* Fix CVE-2018-19139
  jasper-maint/jasper#14

* Fix CVE-2018-19543, CVE-2017-9782
  jasper-maint/jasper#13
  jasper-maint/jasper#18
  jasper-software/jasper#140
  jasper-software/jasper#182

* Fix CVE-2018-20570
  jasper-maint/jasper#11
  jasper-software/jasper#191

* Fix CVE-2018-20622
  jasper-maint/jasper#12
  jasper-software/jasper#193

* Fix CVE-2016-9398
  jasper-maint/jasper#10

* Fix CVE-2017-14132
  jasper-maint/jasper#17

* Fix CVE-2017-5499
  jasper-maint/jasper#2
  jasper-software/jasper#63

* Fix CVE-2018-18873
  jasper-maint/jasper#15
  jasper-software/jasper#184

* Fix CVE-2017-13750
  jasper-software/jasper#165
  jasper-software/jasper#174

Furthermore, drop now upstreamed patches and change to the new
jasper-software upstream location.

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
[Peter: reword for security bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d0f7b24)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
woodsts pushed a commit to woodsts/buildroot that referenced this issue Aug 18, 2020
@jubalh @jacmet
package/jasper: security bump to version 2.0.19
dc10b2e 
Fixes the following security issues:
* Fix CVE-2018-9154
  jasper-software/jasper#215
  jasper-software/jasper#166
  jasper-software/jasper#175
  jasper-maint/jasper#8

* Fix CVE-2018-19541
  jasper-software/jasper#199
  jasper-maint/jasper#6

* Fix CVE-2016-9399, CVE-2017-13751
  jasper-maint/jasper#1

* Fix CVE-2018-19540
  jasper-software/jasper#182
  jasper-maint/jasper#22

* Fix CVE-2018-9055
  jasper-maint/jasper#9

* Fix CVE-2017-13748
  jasper-software/jasper#168

* Fix CVE-2017-5503, CVE-2017-5504, CVE-2017-5505
  jasper-maint/jasper#3
  jasper-maint/jasper#4
  jasper-maint/jasper#5
  jasper-software/jasper#88
  jasper-software/jasper#89
  jasper-software/jasper#90

* Fix CVE-2018-9252
  jasper-maint/jasper#16

* Fix CVE-2018-19139
  jasper-maint/jasper#14

* Fix CVE-2018-19543, CVE-2017-9782
  jasper-maint/jasper#13
  jasper-maint/jasper#18
  jasper-software/jasper#140
  jasper-software/jasper#182

* Fix CVE-2018-20570
  jasper-maint/jasper#11
  jasper-software/jasper#191

* Fix CVE-2018-20622
  jasper-maint/jasper#12
  jasper-software/jasper#193

* Fix CVE-2016-9398
  jasper-maint/jasper#10

* Fix CVE-2017-14132
  jasper-maint/jasper#17

* Fix CVE-2017-5499
  jasper-maint/jasper#2
  jasper-software/jasper#63

* Fix CVE-2018-18873
  jasper-maint/jasper#15
  jasper-software/jasper#184

* Fix CVE-2017-13750
  jasper-software/jasper#165
  jasper-software/jasper#174

Furthermore, drop now upstreamed patches and change to the new
jasper-software upstream location.

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
[Peter: reword for security bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d0f7b24)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@MaxKellermann @thuanpv @thoger