Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
5.15.4, 6.3.0
-
None
-
OS: Arch Linux
Relevant packages:
- qt5-base 5.15.4+kde+r168-1
- qt5-imageformats 5.15.4+kde+r2-1
- qt6-base 6.3.0-3
- qt6-imageformats 6.3.0-2
- jasper 3.0.4-1
-
Linux/X11
-
ad2e721683 (qt/qtimageformats/dev) ad2e721683 (qt/tqtc-qtimageformats/dev) cd7e3c7b5e (qt/qtimageformats/6.3) 5c0e3c4a0f (qt/qtimageformats/6.4) f634aff325 (qt/tqtc-qtimageformats/6.2) cd7e3c7b5e (qt/tqtc-qtimageformats/6.3)
Description
On my Arch Linux PC, several Qt/KDE programs crash with segfault when they write JP2 images, such as Spectacle.
A simple Qt program to reproduce the crash (both Qt5/6 are affected):
#include <QCoreApplication> #include <QImage> int main(int argc, char *argv[]) { QCoreApplication a(argc, argv); QImage image(64, 64, QImage::Format_RGB32); image.fill(0); image.save("test.jp2"); return 0; }
Console output (compiled in Qt5), the deprecation warning and "memory size too large" error might be relevant:
WARNING: YOUR CODE IS RELYING ON DEPRECATED FUNCTIONALITY IN THE JASPER LIBRARY. THIS FUNCTIONALITY WILL BE REMOVED IN THE NEAR FUTURE. PLEASE FIX THIS PROBLEM BEFORE YOUR CODE STOPS WORKING. deprecation warning: use of jas_init is deprecated warning: The application program did not set the memory limit for the JasPer library. warning: The JasPer memory limit is being defaulted to a value that may be inappropriate for the system. If the default is too small, some reasonable encoding/decoding operations will fail. If the default is too large, security vulnerabilities will result (e.g., decoding a malicious image could exhaust all memory and crash the system. warning: setting JasPer memory limit to 16687968256 bytes requested memory size is too large (18446744073709551615) zsh: segmentation fault (core dumped) ./DebugJasper
GDB backtrace when it crashes:
(gdb) bt
#0 jas_stream_putc_func (stream=0x0, c=0)
at /usr/src/debug/jasper-version-3.0.4/src/libjasper/base/jas_stream.c:629
#1 0x00007ffff33c6989 in jp2_putuint32 (out=out@entry=0x0, val=val@entry=12)
at /usr/src/debug/jasper-version-3.0.4/src/libjasper/jp2/jp2_cod.c:762
#2 0x00007ffff33c82e8 in jp2_box_put (box=box@entry=0x555555577020, out=out@entry=0x0)
at /usr/src/debug/jasper-version-3.0.4/src/libjasper/jp2/jp2_cod.c:565
#3 0x00007ffff33ca54e in jp2_encode (image=0x555555582b20, out=0x0, optstr=0x55555557e620 "")
at /usr/src/debug/jasper-version-3.0.4/src/libjasper/jp2/jp2_enc.c:146
#4 0x00007ffff7fbac82 in Jpeg2000JasperReader::write (quality=<optimized out>, image=...,
this=0x7fffffffdd40) at /usr/src/debug/qtimageformats/src/plugins/imageformats/jp2/qjp2handler.cpp:864
#5 QJp2Handler::write (this=<optimized out>, image=...)
at /usr/src/debug/qtimageformats/src/plugins/imageformats/jp2/qjp2handler.cpp:257
#6 0x00007ffff79b3628 in QImageWriter::write (image=..., this=0x7fffffffde98) at image/qimagewriter.cpp:785
#7 QImageWriter::write (this=0x7fffffffde98, image=...) at image/qimagewriter.cpp:753
#8 0x00007ffff79978e8 in QImage::save (quality=-1, format=<optimized out>, fileName=...,
this=0x7fffffffdf10) at image/qimage.cpp:3739
#9 QImage::save (this=0x7fffffffdf10, fileName=..., format=<optimized out>, quality=-1)
at image/qimage.cpp:3734
#10 0x000055555555526d in main (argc=1, argv=0x7fffffffe068) at /home/cuihao/dev/Qt/DebugJasper/main.cpp:10