Bug#992495: segfault in av1_cyclic_refresh_free()

[Boyuan Yang]

Control: tags -1 +moreinfo +unreproducible

Hi,

I could not reproduce this issue on current Debian 11 Stable, Debian Testing
and Debian Unstable. Could you verify that this is still crashing on your
devices? If yes, please also consider providing the exact .jpg file that would
trigger the crashing.

Thanks,
Boyuan Yang

On Thu, 19 Aug 2021 13:04:23 +0200 Philipp Marek 
wrote:
> Package: libaom0
> Version: 1.0.0.errata1-3
> Severity: normal
> X-Debbugs-Cc: phil...@marek.priv.at
> 
> When using libaom0 (via ImageMagick's "convert" or gimp), it crashes 
> when writing a avif:
> 
> 
> $ gdb ... --args convert 20210812_215114.jpg 20210812_215114.avif
> 
> Thread 1 "convert" received signal SIGSEGV, Segmentation fault.
> 0x74451b64 in av1_cyclic_refresh_free (cr=0x0) at
./av1/encoder/aq_cyclicrefresh.c:83
> 83  ./av1/encoder/aq_cyclicrefresh.c: Datei oder Verzeichnis nicht
gefunden.
> #0  0x74451b64 in av1_cyclic_refresh_free (cr=0x0) at
./av1/encoder/aq_cyclicrefresh.c:83




signature.asc
Description: This is a digitally signed message part

Bug#992495: segfault in av1_cyclic_refresh_free()

[Philipp Marek]

Package: libaom0
Version: 1.0.0.errata1-3
Severity: normal
X-Debbugs-Cc: phil...@marek.priv.at

When using libaom0 (via ImageMagick's "convert" or gimp), it crashes 
when writing a avif:


$ gdb ... --args convert 20210812_215114.jpg 20210812_215114.avif
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffd45b0700 (LWP 676100)]
[New Thread 0x7fffd3daf700 (LWP 676104)]
[New Thread 0x7fffd35ae700 (LWP 676105)]
[New Thread 0x7fffd2dad700 (LWP 676106)]
[New Thread 0x7fffd25ac700 (LWP 676107)]
[New Thread 0x7fffd1dab700 (LWP 676108)]
[New Thread 0x7fffd15aa700 (LWP 676109)]
[Thread 0x7fffd15aa700 (LWP 676109) exited]
[Thread 0x7fffd25ac700 (LWP 676107) exited]
[Thread 0x7fffd35ae700 (LWP 676105) exited]
[Thread 0x7fffd2dad700 (LWP 676106) exited]
[Thread 0x7fffd3daf700 (LWP 676104) exited]
[Thread 0x7fffd1dab700 (LWP 676108) exited]

Thread 1 "convert" received signal SIGSEGV, Segmentation fault.
0x74451b64 in av1_cyclic_refresh_free (cr=0x0) at 
./av1/encoder/aq_cyclicrefresh.c:83
83  ./av1/encoder/aq_cyclicrefresh.c: Datei oder Verzeichnis nicht gefunden.
#0  0x74451b64 in av1_cyclic_refresh_free (cr=0x0) at 
./av1/encoder/aq_cyclicrefresh.c:83
#1  0x7448c00d in dealloc_compressor_data (cpi=0x7fffe8434020) at 
./av1/encoder/encoder.c:487
#2  av1_remove_compressor (cpi=0x7fffe8434020) at ./av1/encoder/encoder.c:2906
#3  0x7448e079 in av1_create_compressor 
(oxcf=oxcf@entry=0x555ef158, pool=0x555f86a0) at 
./av1/encoder/encoder.c:2416
#4  0x7445130b in encoder_init (data=, ctx=) at ./av1/av1_cx_iface.c:1130
#5  encoder_init (ctx=, data=) at 
./av1/av1_cx_iface.c:1094
#6  0x742bede6 in aom_codec_enc_init_ver (ctx=0x7fff9b00, 
iface=, cfg=, flags=, 
ver=) at ./aom/src/aom_encoder.c:58
#7  0x747b4673 in ?? () from /lib/x86_64-linux-gnu/libheif.so.1
#8  0x74799d48 in ?? () from /lib/x86_64-linux-gnu/libheif.so.1
#9  0x7479a70d in ?? () from /lib/x86_64-linux-gnu/libheif.so.1
#10 0x7478c5d9 in heif_context_encode_image () from 
/lib/x86_64-linux-gnu/libheif.so.1
#11 0x77fb9ae3 in ?? () from 
/usr/lib/x86_64-linux-gnu/ImageMagick-6.9.11/modules-Q16/coders/heic.so
#12 0x77d45644 in WriteImage () from 
/lib/x86_64-linux-gnu/libMagickCore-6.Q16.so.6
#13 0x77d46069 in WriteImages () from 
/lib/x86_64-linux-gnu/libMagickCore-6.Q16.so.6
#14 0x77bd7ca4 in ConvertImageCommand () from 
/lib/x86_64-linux-gnu/libMagickWand-6.Q16.so.6
#15 0x77c42f80 in MagickCommandGenesis () from 
/lib/x86_64-linux-gnu/libMagickWand-6.Q16.so.6
#16 0x50fa in ?? ()
#17 0x779fdd0a in __libc_start_main (main=0x50b0, argc=3, 
argv=0x7fffdf38, init=, fini=, 
rtld_fini=, stack_end=0x7fffdf28) at ../csu/libc-start.c:308
#18 0x515a in ?? ()
#0  0x74451b64 in av1_cyclic_refresh_free (cr=0x0) at 
./av1/encoder/aq_cyclicrefresh.c:83
No locals.
#1  0x7448c00d in dealloc_compressor_data (cpi=0x7fffe8434020) at 
./av1/encoder/encoder.c:487
cm = 0x7fffe8782130
num_planes = 3
#2  av1_remove_compressor (cpi=0x7fffe8434020) at ./av1/encoder/encoder.c:2906
cm = 0x7fffe8782130
i = 
t = 
num_planes = 3
#3  0x7448e079 in av1_create_compressor 
(oxcf=oxcf@entry=0x555ef158, pool=0x555f86a0) at 
./av1/encoder/encoder.c:2416
i = 
cpi = 0x7fffe8434020
cm = 0x7fffe8782130
#4  0x7445130b in encoder_init (data=, ctx=) at ./av1/av1_cx_iface.c:1130
priv = 
res = 
#5  encoder_init (ctx=, data=) at 
./av1/av1_cx_iface.c:1094
res = AOM_CODEC_OK
priv = 
#6  0x742bede6 in aom_codec_enc_init_ver (ctx=0x7fff9b00, 
iface=, cfg=, flags=, 
ver=) at ./aom/src/aom_encoder.c:58
res = 
#7  0x747b4673 in ?? () from /lib/x86_64-linux-gnu/libheif.so.1
No symbol table info available.
#8  0x74799d48 in ?? () from /lib/x86_64-linux-gnu/libheif.so.1
No symbol table info available.
#9  0x7479a70d in ?? () from /lib/x86_64-linux-gnu/libheif.so.1
No symbol table info available.
#10 0x7478c5d9 in heif_context_encode_image () from 
/lib/x86_64-linux-gnu/libheif.so.1
No symbol table info available.
#11 0x77fb9ae3 in ?? () from 
/usr/lib/x86_64-linux-gnu/ImageMagick-6.9.11/modules-Q16/coders/heic.so
No symbol table info available.
#12 0x77d45644 in WriteImage () from 
/lib/x86_64-linux-gnu/libMagickCore-6.Q16.so.6
No symbol table info available.
#13 0x77d46069 in WriteImages () from 
/lib/x86_64-linux-gnu/libMagickCore-6.Q16.so.6
No symbol table info available.
#14 0x77bd7ca4 in ConvertImageCommand () from 
/lib/x86_64-linux-gnu/libMagickWand-6.Q16.so.6
No symbol table info available.
#15 0x77c42f80 in MagickCommandGenesis () from 
/lib/x86_64-linux-gnu/libMagickWand-6.Q16.so.6
No symbol table info