hugin-devs team mailing list archive

Thread
Date

[Bug 2025036] [NEW] NULL pointer defererence error in HuginBase::ImageVariable<double>::linkWith

To: hugin-devs@xxxxxxxxxxxxxxxxxxx
From: Heewon Park <2025036@xxxxxxxxxxxxxxxxxx>
Date: Mon, 26 Jun 2023 09:13:05 -0000
Reply-to: Bug 2025036 <2025036@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

*** This bug is a security vulnerability ***

Private security bug reported:

Hi there

We just want to share that the latest version (2022.0.0) of pto_merge
causes null pointer error.

Here is the output of program with address sanitizer attached.
### Bug Report

AddressSanitizer:DEADLYSIGNAL
=================================================================
==3844==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f1d38983b07 bp 0x7fff493bd1f0 sp 0x7fff493b6920 T0)
==3844==The signal is caused by a READ memory access.
==3844==Hint: address points to the zero page.
    #0 0x7f1d38983b06 in bool std::operator==<std::vector<double, std::allocator<double> >, std::vector<double, std::allocator<double> > >(std::shared_ptr<std::vector<double, std::allocator<double> > > const&, std::shared_ptr<std::vector<double, std::allocator<double> > > const&) /usr/include/c++/9/bits/shared_ptr.h:384
    #1 0x7f1d38983b06 in HuginBase::ImageVariable<std::vector<double, std::allocator<double> > >::linkWith(HuginBase::ImageVariable<std::vector<double, std::allocator<double> > >*) /home/ubuntu/targets/hugin-2022.0.0_original/src/hugin_base/panodata/ImageVariable.h:184
    #2 0x7f1d38983b06 in HuginBase::BaseSrcPanoImage::linkRadialDistortion(HuginBase::BaseSrcPanoImage*) /home/ubuntu/targets/hugin-2022.0.0_original/src/hugin_base/panodata/image_variables.h:93
    #3 0x7f1d38983b06 in HuginBase::PanoramaMemento::loadPTScript(std::istream&, int&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/ubuntu/targets/hugin-2022.0.0_original/src/hugin_base/panodata/image_variables.h:93
    #4 0x7f1d389a6618 in HuginBase::Panorama::readData(std::istream&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) /home/ubuntu/targets/hugin-2022.0.0_original/src/hugin_base/panodata/Panorama.cpp:2178
    #5 0x56488e0f5975 in main /home/ubuntu/targets/hugin-2022.0.0_original/src/tools/pto_merge.cpp:99
    #6 0x7f1d3609a082 in __libc_start_main ../csu/libc-start.c:308
    #7 0x56488e0f6c5d in _start (/home/ubuntu/targets/hugin-2022.0.0_original/build/src/tools/pto_merge+0xbc5d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /usr/include/c++/9/bits/shared_ptr.h:384 in bool std::operator==<std::vector<double, std::allocator<double> >, std::vector<double, std::allocator<double> > >(std::shared_ptr<std::vector<double, std::allocator<double> > > const&, std::shared_ptr<std::vector<double, std::allocator<double> > > const&)
==3844==ABORTING

### Envionment
OS: Ubuntu 20.04.5 LTS x86_64
Release: hugin 2022.0.0
Program: pto_merge
To reproduce the problem, we need to build hugin:
sudo cmake -DCMAKE_C_FLAGS="-g" -DCMAKE_CXX_FLAGS="-g" ..

### How to reproduce
$ pto_merge poc-file *.jpg
(*.jpg any name of jpg file including asterisk(*))
poc-file is attached.

** Affects: hugin
     Importance: Undecided
         Status: New

** Attachment added: "poc-file.txt"
   https://bugs.launchpad.net/bugs/2025036/+attachment/5682014/+files/poc-file.txt

-- 
You received this bug notification because you are a member of Hugin
Developers, which is subscribed to Hugin.
https://bugs.launchpad.net/bugs/2025036

Title:
  NULL pointer defererence error in
  HuginBase::ImageVariable<double>::linkWith

Status in Hugin:
  New

Bug description:
  Hi there

  We just want to share that the latest version (2022.0.0) of pto_merge
  causes null pointer error.

  Here is the output of program with address sanitizer attached.
  ### Bug Report

  AddressSanitizer:DEADLYSIGNAL
  =================================================================
  ==3844==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f1d38983b07 bp 0x7fff493bd1f0 sp 0x7fff493b6920 T0)
  ==3844==The signal is caused by a READ memory access.
  ==3844==Hint: address points to the zero page.
      #0 0x7f1d38983b06 in bool std::operator==<std::vector<double, std::allocator<double> >, std::vector<double, std::allocator<double> > >(std::shared_ptr<std::vector<double, std::allocator<double> > > const&, std::shared_ptr<std::vector<double, std::allocator<double> > > const&) /usr/include/c++/9/bits/shared_ptr.h:384
      #1 0x7f1d38983b06 in HuginBase::ImageVariable<std::vector<double, std::allocator<double> > >::linkWith(HuginBase::ImageVariable<std::vector<double, std::allocator<double> > >*) /home/ubuntu/targets/hugin-2022.0.0_original/src/hugin_base/panodata/ImageVariable.h:184
      #2 0x7f1d38983b06 in HuginBase::BaseSrcPanoImage::linkRadialDistortion(HuginBase::BaseSrcPanoImage*) /home/ubuntu/targets/hugin-2022.0.0_original/src/hugin_base/panodata/image_variables.h:93
      #3 0x7f1d38983b06 in HuginBase::PanoramaMemento::loadPTScript(std::istream&, int&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/ubuntu/targets/hugin-2022.0.0_original/src/hugin_base/panodata/image_variables.h:93
      #4 0x7f1d389a6618 in HuginBase::Panorama::readData(std::istream&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) /home/ubuntu/targets/hugin-2022.0.0_original/src/hugin_base/panodata/Panorama.cpp:2178
      #5 0x56488e0f5975 in main /home/ubuntu/targets/hugin-2022.0.0_original/src/tools/pto_merge.cpp:99
      #6 0x7f1d3609a082 in __libc_start_main ../csu/libc-start.c:308
      #7 0x56488e0f6c5d in _start (/home/ubuntu/targets/hugin-2022.0.0_original/build/src/tools/pto_merge+0xbc5d)

  AddressSanitizer can not provide additional info.
  SUMMARY: AddressSanitizer: SEGV /usr/include/c++/9/bits/shared_ptr.h:384 in bool std::operator==<std::vector<double, std::allocator<double> >, std::vector<double, std::allocator<double> > >(std::shared_ptr<std::vector<double, std::allocator<double> > > const&, std::shared_ptr<std::vector<double, std::allocator<double> > > const&)
  ==3844==ABORTING

  ### Envionment
  OS: Ubuntu 20.04.5 LTS x86_64
  Release: hugin 2022.0.0
  Program: pto_merge
  To reproduce the problem, we need to build hugin:
  sudo cmake -DCMAKE_C_FLAGS="-g" -DCMAKE_CXX_FLAGS="-g" ..

  ### How to reproduce
  $ pto_merge poc-file *.jpg
  (*.jpg any name of jpg file including asterisk(*))
  poc-file is attached.

To manage notifications about this bug go to:
https://bugs.launchpad.net/hugin/+bug/2025036/+subscriptions

Follow ups

[Bug 2025036] Re: NULL pointer defererence error in HuginBase::ImageVariable<double>::linkWith
From: Heewon Park, 2023-12-27
[Bug 2025036] Re: NULL pointer defererence error in HuginBase::ImageVariable<double>::linkWith
From: tmodes, 2023-09-23
[Bug 2025036] Re: NULL pointer defererence error in HuginBase::ImageVariable<double>::linkWith
From: Heewon Park, 2023-06-30
[Bug 2025036] Re: NULL pointer defererence error in HuginBase::ImageVariable<double>::linkWith
From: tmodes, 2023-06-29
[Bug 2025036] Re: NULL pointer defererence error in HuginBase::ImageVariable<double>::linkWith
From: Heewon Park, 2023-06-26