Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Big memory allocation attempt on input TIFF files with big dimensions #989

Open
asarubbo opened this issue Aug 16, 2017 · 2 comments
Open

Big memory allocation attempt on input TIFF files with big dimensions #989

asarubbo opened this issue Aug 16, 2017 · 2 comments

Comments

@asarubbo
Copy link

On master, I still get the failure:

# opj_compress -r 20,10,1 -jpip -EPH -SOP -cinema2K 24 -n 1 -i $FILE -o null.j2k
TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
TIFFReadDirectory: Warning, Unknown field with tag 786 (0x312) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 65535 (0xffff) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 769 (0x301) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 1 (0x1) encountered.
TIFFReadDirectory: Warning, TIFF directory is missing required "StripByteCounts" field, calculating from imagelength.
==106908==ERROR: AddressSanitizer failed to allocate 0x5029532000 (344290697216) bytes of LargeMmapAllocator (error code: 12)
==106908==Process memory map follows:
        0x000000400000-0x0000005a6000   /usr/bin/opj_compress
        0x0000007a5000-0x0000007a6000   /usr/bin/opj_compress
        0x0000007a6000-0x0000007b0000   /usr/bin/opj_compress
        0x0000007b0000-0x000001425000
        0x00007fff7000-0x00008fff7000
        0x00008fff7000-0x02008fff7000
        0x02008fff7000-0x10007fff8000
        0x600000000000-0x602000000000
        0x602000000000-0x602000010000
        0x602000010000-0x602e00000000
        0x602e00000000-0x602e00010000
        0x602e00010000-0x603000000000
        0x603000000000-0x603000010000
        0x603000010000-0x603e00000000
        0x603e00000000-0x603e00010000
        0x603e00010000-0x604000000000
        0x604000000000-0x604000010000
        0x604000010000-0x604e00000000
        0x604e00000000-0x604e00010000
        0x604e00010000-0x606000000000
        0x606000000000-0x606000010000
        0x606000010000-0x606e00000000
        0x606e00000000-0x606e00010000
        0x606e00010000-0x60c000000000
        0x60c000000000-0x60c000010000
        0x60c000010000-0x60ce00000000
        0x60ce00000000-0x60ce00010000
        0x60ce00010000-0x611000000000
        0x611000000000-0x611000010000
        0x611000010000-0x611e00000000
        0x611e00000000-0x611e00010000
        0x611e00010000-0x614000000000
        0x614000000000-0x614000010000
        0x614000010000-0x614e00000000
        0x614e00000000-0x614e00010000
        0x614e00010000-0x619000000000
        0x619000000000-0x619000010000
        0x619000010000-0x619e00000000
        0x619e00000000-0x619e00010000
        0x619e00010000-0x61a000000000
        0x61a000000000-0x61a000010000
        0x61a000010000-0x61ae00000000
        0x61ae00000000-0x61ae00010000
        0x61ae00010000-0x621000000000
        0x621000000000-0x621000010000
        0x621000010000-0x621e00000000
        0x621e00000000-0x621e00010000
        0x621e00010000-0x624000000000
        0x624000000000-0x624000010000
        0x624000010000-0x624e00000000
        0x624e00000000-0x624e00010000
        0x624e00010000-0x640000000000
        0x640000000000-0x640000003000
        0x7f31bd64f000-0x7f31c0b00000
        0x7f31c0c00000-0x7f31c0d00000
        0x7f31c0d9d000-0x7f31c30ef000
        0x7f31c30ef000-0x7f31c3157000   /usr/lib64/libjpeg.so.62.2.0
        0x7f31c3157000-0x7f31c3357000   /usr/lib64/libjpeg.so.62.2.0
        0x7f31c3357000-0x7f31c3358000   /usr/lib64/libjpeg.so.62.2.0
        0x7f31c3358000-0x7f31c3359000   /usr/lib64/libjpeg.so.62.2.0
        0x7f31c3359000-0x7f31c3362000   /usr/lib64/libjbig.so
        0x7f31c3362000-0x7f31c3561000   /usr/lib64/libjbig.so
        0x7f31c3561000-0x7f31c3562000   /usr/lib64/libjbig.so
        0x7f31c3562000-0x7f31c3565000   /usr/lib64/libjbig.so
        0x7f31c3565000-0x7f31c3589000   /lib64/liblzma.so.5.2.3
        0x7f31c3589000-0x7f31c3789000   /lib64/liblzma.so.5.2.3
        0x7f31c3789000-0x7f31c378a000   /lib64/liblzma.so.5.2.3
        0x7f31c378a000-0x7f31c378b000   /lib64/liblzma.so.5.2.3
        0x7f31c378b000-0x7f31c37a1000   /lib64/libz.so.1.2.11
        0x7f31c37a1000-0x7f31c39a0000   /lib64/libz.so.1.2.11
        0x7f31c39a0000-0x7f31c39a1000   /lib64/libz.so.1.2.11
        0x7f31c39a1000-0x7f31c39a2000   /lib64/libz.so.1.2.11
        0x7f31c39a2000-0x7f31c3b31000   /lib64/libc-2.23.so
        0x7f31c3b31000-0x7f31c3d31000   /lib64/libc-2.23.so
        0x7f31c3d31000-0x7f31c3d35000   /lib64/libc-2.23.so
        0x7f31c3d35000-0x7f31c3d37000   /lib64/libc-2.23.so
        0x7f31c3d37000-0x7f31c3d3b000
        0x7f31c3d3b000-0x7f31c3d51000   /usr/lib64/gcc/x86_64-pc-linux-gnu/6.3.0/libgcc_s.so.1
        0x7f31c3d51000-0x7f31c3f50000   /usr/lib64/gcc/x86_64-pc-linux-gnu/6.3.0/libgcc_s.so.1
        0x7f31c3f50000-0x7f31c3f51000   /usr/lib64/gcc/x86_64-pc-linux-gnu/6.3.0/libgcc_s.so.1
        0x7f31c3f51000-0x7f31c3f52000   /usr/lib64/gcc/x86_64-pc-linux-gnu/6.3.0/libgcc_s.so.1
        0x7f31c3f52000-0x7f31c3f54000   /lib64/libdl-2.23.so
        0x7f31c3f54000-0x7f31c4154000   /lib64/libdl-2.23.so
        0x7f31c4154000-0x7f31c4155000   /lib64/libdl-2.23.so
        0x7f31c4155000-0x7f31c4156000   /lib64/libdl-2.23.so
        0x7f31c4156000-0x7f31c416d000   /lib64/libpthread-2.23.so
        0x7f31c416d000-0x7f31c436c000   /lib64/libpthread-2.23.so
        0x7f31c436c000-0x7f31c436d000   /lib64/libpthread-2.23.so
        0x7f31c436d000-0x7f31c436e000   /lib64/libpthread-2.23.so
        0x7f31c436e000-0x7f31c4372000
        0x7f31c4372000-0x7f31c4378000   /lib64/librt-2.23.so
        0x7f31c4378000-0x7f31c4578000   /lib64/librt-2.23.so
        0x7f31c4578000-0x7f31c4579000   /lib64/librt-2.23.so
        0x7f31c4579000-0x7f31c457a000   /lib64/librt-2.23.so
        0x7f31c457a000-0x7f31c467c000   /lib64/libm-2.23.so
        0x7f31c467c000-0x7f31c487b000   /lib64/libm-2.23.so
        0x7f31c487b000-0x7f31c487c000   /lib64/libm-2.23.so
        0x7f31c487c000-0x7f31c487d000   /lib64/libm-2.23.so
        0x7f31c487d000-0x7f31c48d2000   /usr/lib64/liblcms2.so.2.0.8
        0x7f31c48d2000-0x7f31c4ad1000   /usr/lib64/liblcms2.so.2.0.8
        0x7f31c4ad1000-0x7f31c4ad2000   /usr/lib64/liblcms2.so.2.0.8
        0x7f31c4ad2000-0x7f31c4ad7000   /usr/lib64/liblcms2.so.2.0.8
        0x7f31c4ad7000-0x7f31c4b4a000   /usr/lib64/libtiff.so.5.2.6
        0x7f31c4b4a000-0x7f31c4d49000   /usr/lib64/libtiff.so.5.2.6
        0x7f31c4d49000-0x7f31c4d4d000   /usr/lib64/libtiff.so.5.2.6
        0x7f31c4d4d000-0x7f31c4d4e000   /usr/lib64/libtiff.so.5.2.6
        0x7f31c4d4e000-0x7f31c4d80000   /usr/lib64/libpng16.so.16.29.0
        0x7f31c4d80000-0x7f31c4f7f000   /usr/lib64/libpng16.so.16.29.0
        0x7f31c4f7f000-0x7f31c4f80000   /usr/lib64/libpng16.so.16.29.0
        0x7f31c4f80000-0x7f31c4f81000   /usr/lib64/libpng16.so.16.29.0
        0x7f31c4f81000-0x7f31c50e8000   /usr/lib64/libopenjp2.so.2.2.0
        0x7f31c50e8000-0x7f31c52e8000   /usr/lib64/libopenjp2.so.2.2.0
        0x7f31c52e8000-0x7f31c52eb000   /usr/lib64/libopenjp2.so.2.2.0
        0x7f31c52eb000-0x7f31c52f2000   /usr/lib64/libopenjp2.so.2.2.0
        0x7f31c52f2000-0x7f31c5316000   /lib64/ld-2.23.so
        0x7f31c538a000-0x7f31c539e000
        0x7f31c539e000-0x7f31c539f000   /tmp/afl/opj_compress/report/crashes/1273.crashes.tif
        0x7f31c539f000-0x7f31c5507000
        0x7f31c5507000-0x7f31c5515000
        0x7f31c5515000-0x7f31c5516000   /lib64/ld-2.23.so
        0x7f31c5516000-0x7f31c5517000   /lib64/ld-2.23.so
        0x7f31c5517000-0x7f31c5518000
        0x7ffe1e33e000-0x7ffe1e35f000   [stack]
        0x7ffe1e3cd000-0x7ffe1e3cf000   [vdso]
        0x7ffe1e3cf000-0x7ffe1e3d1000   [vvar]
        0xffffffffff600000-0xffffffffff601000   [vsyscall]
==106908==End of process memory map.
==106908==AddressSanitizer CHECK failed: /var/tmp/portage/sys-libs/compiler-rt-sanitizers-4.0.1/work/compiler-rt-4.0.1.src/lib/sanitizer_common/sanitizer_common.cc:120 "((0 && "unable to mmap")) != (0)" (0x0, 0x0)
    #0 0x4db60f in AsanCheckFailed /var/tmp/portage/sys-libs/compiler-rt-sanitizers-4.0.1/work/compiler-rt-4.0.1.src/lib/asan/asan_rtl.cc:69
    #1 0x4f6375 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /var/tmp/portage/sys-libs/compiler-rt-sanitizers-4.0.1/work/compiler-rt-4.0.1.src/lib/sanitizer_common/sanitizer_termination.cc:79
    #2 0x4e59a2 in __sanitizer::ReportMmapFailureAndDie(unsigned long, char const*, char const*, int, bool) /var/tmp/portage/sys-libs/compiler-rt-sanitizers-4.0.1/work/compiler-rt-4.0.1.src/lib/sanitizer_common/sanitizer_common.cc:120
    #3 0x4ef2a5 in __sanitizer::MmapOrDie(unsigned long, char const*, bool) /var/tmp/portage/sys-libs/compiler-rt-sanitizers-4.0.1/work/compiler-rt-4.0.1.src/lib/sanitizer_common/sanitizer_posix.cc:132
    #4 0x426caa in __sanitizer::LargeMmapAllocator<__asan::AsanMapUnmapCallback>::Allocate(__sanitizer::AllocatorStats*, unsigned long, unsigned long) /var/tmp/portage/sys-libs/compiler-rt-sanitizers-4.0.1/work/compiler-rt-4.0.1.src/lib/asan/../sanitizer_common/sanitizer_allocator_secondary.h:41
    #5 0x426caa in __sanitizer::CombinedAllocator<__sanitizer::SizeClassAllocator64<__asan::AP64>, __sanitizer::SizeClassAllocatorLocalCache<__sanitizer::SizeClassAllocator64<__asan::AP64> >, __sanitizer::LargeMmapAllocator<__asan::AsanMapUnmapCallback> >::Allocate(__sanitizer::SizeClassAllocatorLocalCache<__sanitizer::SizeClassAllocator64<__asan::AP64> >*, unsigned long, unsigned long, bool, bool) /var/tmp/portage/sys-libs/compiler-rt-sanitizers-4.0.1/work/compiler-rt-4.0.1.src/lib/asan/../sanitizer_common/sanitizer_allocator_combined.h:70
    #6 0x426caa in __asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool) /var/tmp/portage/sys-libs/compiler-rt-sanitizers-4.0.1/work/compiler-rt-4.0.1.src/lib/asan/asan_allocator.cc:407
    #7 0x42138d in __asan::asan_posix_memalign(void**, unsigned long, unsigned long, __sanitizer::BufferedStackTrace*) /var/tmp/portage/sys-libs/compiler-rt-sanitizers-4.0.1/work/compiler-rt-4.0.1.src/lib/asan/asan_allocator.cc:815
    #8 0x4d206d in __interceptor_posix_memalign /var/tmp/portage/sys-libs/compiler-rt-sanitizers-4.0.1/work/compiler-rt-4.0.1.src/lib/asan/asan_malloc_linux.cc:144
    #9 0x7f31c50d7024 in opj_aligned_alloc_n /var/tmp/portage/media-libs/openjpeg-9999/work/openjpeg-9999/src/lib/openjp2/opj_malloc.c:61:9
    #10 0x7f31c50d7024 in opj_aligned_malloc /var/tmp/portage/media-libs/openjpeg-9999/work/openjpeg-9999/src/lib/openjp2/opj_malloc.c:209
    #11 0x7f31c4fbad89 in opj_image_create /var/tmp/portage/media-libs/openjpeg-9999/work/openjpeg-9999/src/lib/openjp2/image.c:77:39
    #12 0x5583d7 in tiftoimage /var/tmp/portage/media-libs/openjpeg-9999/work/openjpeg-9999/src/bin/jp2/converttif.c:1424:13
    #13 0x50b66f in main /var/tmp/portage/media-libs/openjpeg-9999/work/openjpeg-9999/src/bin/jp2/opj_compress.c:1856:21
    #14 0x7f31c39c2680 in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.23-r4/work/glibc-2.23/csu/../csu/libc-start.c:289
    #15 0x41bc78 in _start (/usr/bin/opj_compress+0x41bc78)

CINEMA 2K profile activated
Other options specified could be overridden

Testcase:
https://github.com/asarubbo/poc/blob/master/00320-openjpeg-memallocfailure-opj_aligned_alloc_n
@rouault rouault changed the title memory allocation failure in opj_aligned_alloc_n (opj_malloc.c) Unfixed #983 Big memory allocation attempt on input TIFF files with big dimensions Aug 16, 2017
@rouault
Copy link
Collaborator

rouault commented Aug 16, 2017

Note: This is different from #983 which was about input BMP. Here it is about input TIFF

This images advertizes itself as rather big, so the memory allocation is rather logical:

$ tiffinfo ../00320-openjpeg-memallocfailure-opj_aligned_alloc_n.tif
TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
TIFFReadDirectory: Warning, Unknown field with tag 786 (0x312) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 65535 (0xffff) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 769 (0x301) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 1 (0x1) encountered.
TIFFReadDirectory: Warning, TIFF directory is missing required "StripByteCounts" field, calculating from imagelength.
TIFF Directory at offset 0xa (10)
  Image Width: 513 Image Length: 167782985
  Bits/Sample: 1
  Compression Scheme: None
  Photometric Interpretation: min-is-black
  FillOrder: msb-to-lsb
  Samples/Pixel: 2
  Planar Configuration: single image plane
  Tag 786: 1

We could potentially check the file size against its expected size as it is a uncompressed TIFF file, but this wouldn't solve the issue in the general case. You could have a very small compressed TIFF file size that would expand to something very large once uncompressed

@asarubbo
Copy link
Author

If you think there is something to fix here, feel free to do it, otherwise there is no problem for me to close.

@rouault rouault mentioned this issue Aug 22, 2017
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rouault @asarubbo