Menu

#16 libmatio causes segfault when opening some files

1.5.2
closed-fixed
cch
None
5
2016-07-07
2013-07-03
W. Michael Petullo
No

I have found that libmatio's Mat_Open causes a segmentation violation on some input files. This is a problem because trying Mat_Open seems to be the only way to assess whether a file is matio-compatible. For example, the following program crashes when I try to open a particular JPEG:

#include <sys/stat.h>
#include <sys/types.h>
#include <fcntl.h>
#include <matio.h>

int main (int argc, char *argv[])
{
    Mat_Open ("cam_hat.jpg", O_RDONLY);
}

The backtrace is:

(gdb) run
Starting program: /tmp/test/a.out 

Program received signal SIGSEGV, Segmentation fault.
__mempcpy_sse2 () at ../sysdeps/x86_64/memcpy.S:167
167     movb    %al, (%rdi)
(gdb) ba
#0  __mempcpy_sse2 () at ../sysdeps/x86_64/memcpy.S:167
#1  0x00007ffff705a1fe in __GI__IO_file_xsgetn (fp=0x602010, data=<optimized out>, n=18446744073105506304) at fileops.c:1391
#2  0x00007ffff704f8d8 in __GI__IO_fread (buf=<optimized out>, size=size@entry=1, count=18446744073105506304, fp=0x602010) at iofread.c:42
#3  0x00007ffff7bcc150 in fread (__stream=<optimized out>, __n=<optimized out>, __size=1, __ptr=<optimized out>) at /usr/include/bits/stdio2.h:295
#4  Mat_VarReadNextInfo4 (mat=mat@entry=0x602250) at mat4.c:314
#5  0x00007ffff7bccf78 in Mat_Open (matname=0x400760 "cam_hat.jpg", mode=0) at mat.c:245
#6  0x00000000004006ce in main ()

Discussion

  • Benjamin Gilbert

    Benjamin Gilbert - 2013-07-03

    The attached patch causes Mat_VarReadNextInfo4 to fail if any header values appear to be invalid. It tightens up V4 format detection generally and should also fix this specific crash.

     
    0001-Work-harder-to-reject-invalid-V4-files.patch

  • cch

    cch - 2013-07-05

    Thanks for the patch. Will commit and push soon.

     

  • cch

    cch - 2013-07-11

    This should be fixed by b146b4 in master. This is for the most part the patch you sent. Let me know if it is still broken.

     

  • cch

    cch - 2013-07-11
    • status: open --> closed-fixed
     

  • tbeu

    tbeu - 2016-07-07
    • Description has changed:

    Diff:

    --- old
+++ new
@@ -1,5 +1,5 @@
 I have found that libmatio's Mat_Open causes a segmentation violation on some input files. This is a problem because trying Mat_Open seems to be the only way to assess whether a file is matio-compatible. For example, the following program crashes when I try to open a particular JPEG:
-
+```
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <fcntl.h>
@@ -9,9 +9,9 @@
 {
    Mat_Open ("cam_hat.jpg", O_RDONLY);
 }
-
+```
 The backtrace is:
-
+```
 (gdb) run
 Starting program: /tmp/test/a.out 

@@ -26,3 +26,4 @@
 #4  Mat_VarReadNextInfo4 (mat=mat@entry=0x602250) at mat4.c:314
 #5  0x00007ffff7bccf78 in Mat_Open (matname=0x400760 "cam_hat.jpg", mode=0) at mat.c:245
 #6  0x00000000004006ce in main ()
+```
    • assigned_to: cch
    • Group: 1.5.0 --> 1.5.2
     

Log in to post a comment.

MongoDB Logo MongoDB