hugin-devs team mailing list archive
-
hugin-devs team
-
Mailing list archive
-
Message #07847
[Bug 2025036] [NEW] NULL pointer defererence error in HuginBase::ImageVariable<double>::linkWith
*** This bug is a security vulnerability ***
Private security bug reported:
Hi there
We just want to share that the latest version (2022.0.0) of pto_merge
causes null pointer error.
Here is the output of program with address sanitizer attached.
### Bug Report
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3844==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f1d38983b07 bp 0x7fff493bd1f0 sp 0x7fff493b6920 T0)
==3844==The signal is caused by a READ memory access.
==3844==Hint: address points to the zero page.
#0 0x7f1d38983b06 in bool std::operator==<std::vector<double, std::allocator<double> >, std::vector<double, std::allocator<double> > >(std::shared_ptr<std::vector<double, std::allocator<double> > > const&, std::shared_ptr<std::vector<double, std::allocator<double> > > const&) /usr/include/c++/9/bits/shared_ptr.h:384
#1 0x7f1d38983b06 in HuginBase::ImageVariable<std::vector<double, std::allocator<double> > >::linkWith(HuginBase::ImageVariable<std::vector<double, std::allocator<double> > >*) /home/ubuntu/targets/hugin-2022.0.0_original/src/hugin_base/panodata/ImageVariable.h:184
#2 0x7f1d38983b06 in HuginBase::BaseSrcPanoImage::linkRadialDistortion(HuginBase::BaseSrcPanoImage*) /home/ubuntu/targets/hugin-2022.0.0_original/src/hugin_base/panodata/image_variables.h:93
#3 0x7f1d38983b06 in HuginBase::PanoramaMemento::loadPTScript(std::istream&, int&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/ubuntu/targets/hugin-2022.0.0_original/src/hugin_base/panodata/image_variables.h:93
#4 0x7f1d389a6618 in HuginBase::Panorama::readData(std::istream&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) /home/ubuntu/targets/hugin-2022.0.0_original/src/hugin_base/panodata/Panorama.cpp:2178
#5 0x56488e0f5975 in main /home/ubuntu/targets/hugin-2022.0.0_original/src/tools/pto_merge.cpp:99
#6 0x7f1d3609a082 in __libc_start_main ../csu/libc-start.c:308
#7 0x56488e0f6c5d in _start (/home/ubuntu/targets/hugin-2022.0.0_original/build/src/tools/pto_merge+0xbc5d)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /usr/include/c++/9/bits/shared_ptr.h:384 in bool std::operator==<std::vector<double, std::allocator<double> >, std::vector<double, std::allocator<double> > >(std::shared_ptr<std::vector<double, std::allocator<double> > > const&, std::shared_ptr<std::vector<double, std::allocator<double> > > const&)
==3844==ABORTING
### Envionment
OS: Ubuntu 20.04.5 LTS x86_64
Release: hugin 2022.0.0
Program: pto_merge
To reproduce the problem, we need to build hugin:
sudo cmake -DCMAKE_C_FLAGS="-g" -DCMAKE_CXX_FLAGS="-g" ..
### How to reproduce
$ pto_merge poc-file *.jpg
(*.jpg any name of jpg file including asterisk(*))
poc-file is attached.
** Affects: hugin
Importance: Undecided
Status: New
** Attachment added: "poc-file.txt"
https://bugs.launchpad.net/bugs/2025036/+attachment/5682014/+files/poc-file.txt
--
You received this bug notification because you are a member of Hugin
Developers, which is subscribed to Hugin.
https://bugs.launchpad.net/bugs/2025036
Title:
NULL pointer defererence error in
HuginBase::ImageVariable<double>::linkWith
Status in Hugin:
New
Bug description:
Hi there
We just want to share that the latest version (2022.0.0) of pto_merge
causes null pointer error.
Here is the output of program with address sanitizer attached.
### Bug Report
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3844==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f1d38983b07 bp 0x7fff493bd1f0 sp 0x7fff493b6920 T0)
==3844==The signal is caused by a READ memory access.
==3844==Hint: address points to the zero page.
#0 0x7f1d38983b06 in bool std::operator==<std::vector<double, std::allocator<double> >, std::vector<double, std::allocator<double> > >(std::shared_ptr<std::vector<double, std::allocator<double> > > const&, std::shared_ptr<std::vector<double, std::allocator<double> > > const&) /usr/include/c++/9/bits/shared_ptr.h:384
#1 0x7f1d38983b06 in HuginBase::ImageVariable<std::vector<double, std::allocator<double> > >::linkWith(HuginBase::ImageVariable<std::vector<double, std::allocator<double> > >*) /home/ubuntu/targets/hugin-2022.0.0_original/src/hugin_base/panodata/ImageVariable.h:184
#2 0x7f1d38983b06 in HuginBase::BaseSrcPanoImage::linkRadialDistortion(HuginBase::BaseSrcPanoImage*) /home/ubuntu/targets/hugin-2022.0.0_original/src/hugin_base/panodata/image_variables.h:93
#3 0x7f1d38983b06 in HuginBase::PanoramaMemento::loadPTScript(std::istream&, int&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/ubuntu/targets/hugin-2022.0.0_original/src/hugin_base/panodata/image_variables.h:93
#4 0x7f1d389a6618 in HuginBase::Panorama::readData(std::istream&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) /home/ubuntu/targets/hugin-2022.0.0_original/src/hugin_base/panodata/Panorama.cpp:2178
#5 0x56488e0f5975 in main /home/ubuntu/targets/hugin-2022.0.0_original/src/tools/pto_merge.cpp:99
#6 0x7f1d3609a082 in __libc_start_main ../csu/libc-start.c:308
#7 0x56488e0f6c5d in _start (/home/ubuntu/targets/hugin-2022.0.0_original/build/src/tools/pto_merge+0xbc5d)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /usr/include/c++/9/bits/shared_ptr.h:384 in bool std::operator==<std::vector<double, std::allocator<double> >, std::vector<double, std::allocator<double> > >(std::shared_ptr<std::vector<double, std::allocator<double> > > const&, std::shared_ptr<std::vector<double, std::allocator<double> > > const&)
==3844==ABORTING
### Envionment
OS: Ubuntu 20.04.5 LTS x86_64
Release: hugin 2022.0.0
Program: pto_merge
To reproduce the problem, we need to build hugin:
sudo cmake -DCMAKE_C_FLAGS="-g" -DCMAKE_CXX_FLAGS="-g" ..
### How to reproduce
$ pto_merge poc-file *.jpg
(*.jpg any name of jpg file including asterisk(*))
poc-file is attached.
To manage notifications about this bug go to:
https://bugs.launchpad.net/hugin/+bug/2025036/+subscriptions
Follow ups