Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-104398

Segmentation fault in Jpeg2000JasperReader when Jasper 3 is used

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P1: Critical
    • 6.2.5, 6.4.0 RC1, 6.5.0 Beta1
    • 5.15.4, 6.3.0
    • Image formats
    • None
    • OS: Arch Linux
      Relevant packages:
      - qt5-base 5.15.4+kde+r168-1
      - qt5-imageformats 5.15.4+kde+r2-1
      - qt6-base 6.3.0-3
      - qt6-imageformats 6.3.0-2
      - jasper 3.0.4-1
    • Linux/X11
    • ad2e721683 (qt/qtimageformats/dev) ad2e721683 (qt/tqtc-qtimageformats/dev) cd7e3c7b5e (qt/qtimageformats/6.3) 5c0e3c4a0f (qt/qtimageformats/6.4) f634aff325 (qt/tqtc-qtimageformats/6.2) cd7e3c7b5e (qt/tqtc-qtimageformats/6.3)

    Description

      On my Arch Linux PC, several Qt/KDE programs crash with segfault when they write JP2 images, such as Spectacle.

       

      A simple Qt program to reproduce the crash (both Qt5/6 are affected):

      #include <QCoreApplication>
      #include <QImage>
      
      int main(int argc, char *argv[])
      {
          QCoreApplication a(argc, argv);
      
          QImage image(64, 64, QImage::Format_RGB32);
          image.fill(0);
          image.save("test.jp2");
      
          return 0;
      }
      

       

      Console output (compiled in Qt5), the deprecation warning and "memory size too large" error might be relevant: 

      WARNING: YOUR CODE IS RELYING ON DEPRECATED FUNCTIONALITY IN THE JASPER
      LIBRARY.  THIS FUNCTIONALITY WILL BE REMOVED IN THE NEAR FUTURE. PLEASE
      FIX THIS PROBLEM BEFORE YOUR CODE STOPS WORKING.
      deprecation warning: use of jas_init is deprecated
      warning: The application program did not set the memory limit for the JasPer library.
      warning: The JasPer memory limit is being defaulted to a value that may be inappropriate for the system.  If the default is too small, some reasonable encoding/decoding operations will fail.  If the default is too large, security vulnerabilities will result (e.g., decoding a malicious image could exhaust all memory and crash the system.
      warning: setting JasPer memory limit to 16687968256 bytes
      requested memory size is too large (18446744073709551615)
      zsh: segmentation fault (core dumped)  ./DebugJasper
      

       

      GDB backtrace when it crashes: 

      (gdb) bt
      #0  jas_stream_putc_func (stream=0x0, c=0)
          at /usr/src/debug/jasper-version-3.0.4/src/libjasper/base/jas_stream.c:629
      #1  0x00007ffff33c6989 in jp2_putuint32 (out=out@entry=0x0, val=val@entry=12)
          at /usr/src/debug/jasper-version-3.0.4/src/libjasper/jp2/jp2_cod.c:762
      #2  0x00007ffff33c82e8 in jp2_box_put (box=box@entry=0x555555577020, out=out@entry=0x0)
          at /usr/src/debug/jasper-version-3.0.4/src/libjasper/jp2/jp2_cod.c:565
      #3  0x00007ffff33ca54e in jp2_encode (image=0x555555582b20, out=0x0, optstr=0x55555557e620 "")
          at /usr/src/debug/jasper-version-3.0.4/src/libjasper/jp2/jp2_enc.c:146
      #4  0x00007ffff7fbac82 in Jpeg2000JasperReader::write (quality=<optimized out>, image=..., 
          this=0x7fffffffdd40) at /usr/src/debug/qtimageformats/src/plugins/imageformats/jp2/qjp2handler.cpp:864
      #5  QJp2Handler::write (this=<optimized out>, image=...)
          at /usr/src/debug/qtimageformats/src/plugins/imageformats/jp2/qjp2handler.cpp:257
      #6  0x00007ffff79b3628 in QImageWriter::write (image=..., this=0x7fffffffde98) at image/qimagewriter.cpp:785
      #7  QImageWriter::write (this=0x7fffffffde98, image=...) at image/qimagewriter.cpp:753
      #8  0x00007ffff79978e8 in QImage::save (quality=-1, format=<optimized out>, fileName=..., 
          this=0x7fffffffdf10) at image/qimage.cpp:3739
      #9  QImage::save (this=0x7fffffffdf10, fileName=..., format=<optimized out>, quality=-1)
          at image/qimage.cpp:3734
      #10 0x000055555555526d in main (argc=1, argv=0x7fffffffe068) at /home/cuihao/dev/Qt/DebugJasper/main.cpp:10
      

       

       

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            liaqi Liang Qi
            cuihao Hao Cui
            Votes:
            2 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews