Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

1.5.28beta01: [informational] pngtest and pngvalid-simple fail with clang and ubsan #144

Closed
jbowler opened this issue Dec 26, 2016 · 1 comment
Closed

1.5.28beta01: [informational] pngtest and pngvalid-simple fail with clang and ubsan #144

jbowler opened this issue Dec 26, 2016 · 1 comment

Comments

@jbowler
Copy link
Contributor

jbowler commented Dec 26, 2016

This is a duplicate report, however I think the other report is on sourceforge - I can't find it on github. This is mainly for information; there isn't actually a bug in libpng because unsigned integer overflow is very well defined in C and is expected here.

pngtest.c fails at line 2186 of png.h (git head); the line which calculates ad+bc. pngvalid --simple fails with the rgb_to_gray transform. That's part of the 'pngvalid --transform' test. pngvalid catches the exception internally but it comes from the same line. Here's pngtest-log.txt:

pngtest-log.txt

This is in a x86_64-linux-clang+ubsan 'regen' build, the relevant clang options being '-fsanitize=undefined,unsigned-integer-overflow -fsanitize-trap=undefined,unsigned-integer-overflow'. I'll append the full make.out at the end.

Issue #139 is a generic unsigned overflow issue list for 1.6. The cHRM check is different and uses png_muldiv which I believe doesn't have any overflow issues. Here's the 1.5 gdb output from pngtest:

jbowler@hippopopus ~/src/libpng/libpng15/build/x86_64-linux-clang+ubsan $ LD_LIBRARY_PATH=$PWD/.libs:$LD_LIBRARY_PATH gdb .libs/pngtest
GNU gdb (Gentoo 7.12 vanilla) 7.12
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
https://bugs.gentoo.org/.
Find the GDB manual and other documentation resources online at:
http://www.gnu.org/software/gdb/documentation/.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from .libs/pngtest...done.
(gdb) run --strict ../../code/pngtest.png
Starting program: /home/jbowler/src/libpng/libpng15/build/x86_64-linux-clang+ubsan/.libs/pngtest --strict ../../code/pngtest.png

Testing libpng version 1.5.28beta01
with zlib version 1.2.8

libpng version 1.5.28beta01 - May 29, 2016
Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson
Copyright (c) 1996-1997 Andreas Dilger
Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.
library (10528): libpng version 1.5.28beta01 - May 29, 2016

pngtest (10528): libpng version 1.5.28beta01 - May 29, 2016

Program received signal SIGILL, Illegal instruction.
0x00007ffff7ae02b7 in png_64bit_product (v1=-34000, v2=-27000,
hi_product=0x7fffffffc6a0, lo_product=0x7fffffffc698)
at /home/jbowler/src/libpng/libpng15/code/png.c:2186
2186 x = a * d + c * b; /* AD + CB */
(gdb) print a
$1 = 65535
(gdb) print d
$2 = 38536
(gdb) print c
$3 = 65535
(gdb) print b
$4 = 3153
(gdb) bt
#0 0x00007ffff7ae02b7 in png_64bit_product (v1=-34000, v2=-27000,
hi_product=0x7fffffffc6a0, lo_product=0x7fffffffc698)
at /home/jbowler/src/libpng/libpng15/code/png.c:2186
#1 0x00007ffff7ae0138 in png_check_cHRM_fixed (png_ptr=0x60b880,
white_x=31270, white_y=32900, red_x=64000, red_y=33000, green_x=30000,
green_y=60000, blue_x=15000, blue_y=6000)
at /home/jbowler/src/libpng/libpng15/code/png.c:836
#2 0x00007ffff7b8323b in png_set_cHRM_fixed (png_ptr=0x60b880,
info_ptr=0x611de0, white_x=31270, white_y=32900, red_x=64000, red_y=33000,
green_x=30000, green_y=60000, blue_x=15000, blue_y=6000)
at /home/jbowler/src/libpng/libpng15/code/pngset.c:105
#3 0x00007ffff7b89117 in png_set_sRGB_gAMA_and_cHRM (png_ptr=0x60b880,
info_ptr=0x611de0, srgb_intent=1)
at /home/jbowler/src/libpng/libpng15/code/pngset.c:662
#4 0x00007ffff7b64fbc in png_handle_sRGB (png_ptr=0x60b880,
info_ptr=0x611de0, length=1)
at /home/jbowler/src/libpng/libpng15/code/pngrutil.c:1256
#5 0x00007ffff7b09e77 in png_read_info (png_ptr=0x60b880, info_ptr=0x611de0)
at /home/jbowler/src/libpng/libpng15/code/pngread.c:295
#6 0x0000000000403903 in test_one_file (
inname=0x7fffffffdba7 "../../code/pngtest.png",
outname=0x408558 "pngout.png")
at /home/jbowler/src/libpng/libpng15/code/pngtest.c:1061
#7 0x00000000004030e6 in main (argc=3, argv=0x7fffffffd708)
at /home/jbowler/src/libpng/libpng15/code/pngtest.c:1969

Here's the full make.out showing all the options and the actual output from the failing test scripts:

make.out.txt
@jbowler jbowler closed this as completed Aug 4, 2023
@jbowler
Copy link
Contributor Author

jbowler commented Aug 4, 2023

Closed, six+ years OOD

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jbowler