Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tile memory leaks after image decoding failure #168

Closed
thoger opened this issue Dec 7, 2017 · 4 comments
Closed

Tile memory leaks after image decoding failure #168

thoger opened this issue Dec 7, 2017 · 4 comments

Comments

@thoger
Copy link
Contributor

thoger commented Dec 7, 2017

One more issue reported by @owl337 in Red Hat Bugzilla, but apparently never reported upstream, hence re-reporting upstream.

--8<--

CVE-2017-13748
https://bugzilla.redhat.com/show_bug.cgi?id=1485287

Description of problem:

There are lots of memory leaks in JasPer which is trigged in function jas_strdup().

Version-Release number of selected component (if applicable):

<= latest version

How reproducible:

./imginfo -f POC9

Steps to Reproduce:

Description:

The gdb debugging information is listed below:

(gdb) set args POC9
(gdb) r 
warning: ignoring unknown marker segment (0xff76)
type = 0xff76 (UNKNOWN); len = 20;10 40 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 RCT requires all components have the same domain
error: cannot decode code stream
cannot load image

=================================================================
==104593==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 16512 byte(s) in 86 object(s) allocated from:
    #0 0x4b9278  (/home/icy/secreal/jasper/install_asan/bin/imginfo+0x4b9278)
    #1 0x7f40793576db  (/home/icy/secreal/jasper/install_asan/lib/libjasper.so.4+0x7e6db)

Direct leak of 184 byte(s) in 1 object(s) allocated from:
    #0 0x4b9278  (/home/icy/secreal/jasper/install_asan/bin/imginfo+0x4b9278)
    #1 0x7f4079357353  (/home/icy/secreal/jasper/install_asan/lib/libjasper.so.4+0x7e353)
    #2 0x7f40793bd4d2  (/home/icy/secreal/jasper/install_asan/lib/libjasper.so.4+0xe44d2)

Direct leak of 48 byte(s) in 1 object(s) allocated from:
    #0 0x4b9278  (/home/icy/secreal/jasper/install_asan/bin/imginfo+0x4b9278)
    #1 0x7f4079357353  (/home/icy/secreal/jasper/install_asan/lib/libjasper.so.4+0x7e353)

Indirect leak of 10922744 byte(s) in 15458 object(s) allocated from:
    #0 0x4b9278  (/home/icy/secreal/jasper/install_asan/bin/imginfo+0x4b9278)
    #1 0x7f40793576db  (/home/icy/secreal/jasper/install_asan/lib/libjasper.so.4+0x7e6db)

Indirect leak of 905976 byte(s) in 10296 object(s) allocated from:
    #0 0x4b9278  (/home/icy/secreal/jasper/install_asan/bin/imginfo+0x4b9278)
    #1 0x7f4079357353  (/home/icy/secreal/jasper/install_asan/lib/libjasper.so.4+0x7e353)

Indirect leak of 417584 byte(s) in 73 object(s) allocated from:
    #0 0x4b9278  (/home/icy/secreal/jasper/install_asan/bin/imginfo+0x4b9278)
    #1 0x7f40793576db  (/home/icy/secreal/jasper/install_asan/lib/libjasper.so.4+0x7e6db)
    #2 0x7f40793bd4d2  (/home/icy/secreal/jasper/install_asan/lib/libjasper.so.4+0xe44d2)

Indirect leak of 246144 byte(s) in 34 object(s) allocated from:
    #0 0x4b9278  (/home/icy/secreal/jasper/install_asan/bin/imginfo+0x4b9278)
    #1 0x7f40793576db  (/home/icy/secreal/jasper/install_asan/lib/libjasper.so.4+0x7e6db)
    #2 0x7f40793b005f  (/home/icy/secreal/jasper/install_asan/lib/libjasper.so.4+0xd705f)
    #3 0x7f40793bd4d2  (/home/icy/secreal/jasper/install_asan/lib/libjasper.so.4+0xe44d2)

Indirect leak of 246144 byte(s) in 34 object(s) allocated from:
    #0 0x4b9278  (/home/icy/secreal/jasper/install_asan/bin/imginfo+0x4b9278)
    #1 0x7f40793576db  (/home/icy/secreal/jasper/install_asan/lib/libjasper.so.4+0x7e6db)
    #2 0x7f40793afff5  (/home/icy/secreal/jasper/install_asan/lib/libjasper.so.4+0xd6ff5)
    #3 0x7f40793bd4d2  (/home/icy/secreal/jasper/install_asan/lib/libjasper.so.4+0xe44d2)

Indirect leak of 816 byte(s) in 34 object(s) allocated from:
    #0 0x4b9278  (/home/icy/secreal/jasper/install_asan/bin/imginfo+0x4b9278)
    #1 0x7f4079357353  (/home/icy/secreal/jasper/install_asan/lib/libjasper.so.4+0x7e353)
    #2 0x7f40793afff5  (/home/icy/secreal/jasper/install_asan/lib/libjasper.so.4+0xd6ff5)
    #3 0x7f40793bd4d2  (/home/icy/secreal/jasper/install_asan/lib/libjasper.so.4+0xe44d2)

Indirect leak of 816 byte(s) in 34 object(s) allocated from:
    #0 0x4b9278  (/home/icy/secreal/jasper/install_asan/bin/imginfo+0x4b9278)
    #1 0x7f4079357353  (/home/icy/secreal/jasper/install_asan/lib/libjasper.so.4+0x7e353)
    #2 0x7f40793b005f  (/home/icy/secreal/jasper/install_asan/lib/libjasper.so.4+0xd705f)
    #3 0x7f40793bd4d2  (/home/icy/secreal/jasper/install_asan/lib/libjasper.so.4+0xe44d2)

Indirect leak of 48 byte(s) in 3 object(s) allocated from:
    #0 0x4b9278  (/home/icy/secreal/jasper/install_asan/bin/imginfo+0x4b9278)
    #1 0x7f4079464228  (/home/icy/secreal/jasper/install_asan/lib/libjasper.so.4+0x18b228)
    #2 0x7f40793bd4d2  (/home/icy/secreal/jasper/install_asan/lib/libjasper.so.4+0xe44d2)

Indirect leak of 16 byte(s) in 1 object(s) allocated from:
    #0 0x4b9278  (/home/icy/secreal/jasper/install_asan/bin/imginfo+0x4b9278)
    #1 0x7f4079357353  (/home/icy/secreal/jasper/install_asan/lib/libjasper.so.4+0x7e353)
    #2 0x7f40793bd4d2  (/home/icy/secreal/jasper/install_asan/lib/libjasper.so.4+0xe44d2)

SUMMARY: AddressSanitizer: 12757032 byte(s) leaked in 26055 allocation(s).

Trigged in:

jas_strdup (s=0x7ffff7ba0600 <.str.1> "My Image Format (MIF)")
    at /home/icy/secreal/jasper/src/libjasper/base/jas_string.c:91
91		if (!(p = jas_malloc(n))) {
The programmer has applied for the memory but has not been released.

Actual results:

crash

Expected results:

crash

Additional info:

Credits:

Credits:

This vulnerability is detected by team OWL337, with our custom fuzzer collAFL. Please contact ganshuitao@gmail.com and chaoz@tsinghua.edu.cn if you need more info about the team, the tool or the vulnerability.

Reproducer: POC9.zip

--8<--

The report puts a blame on jas_strdup(). However, there does not seem to be any problem in that function - it's a function that allocates memory for its callers and is not responsible for freeing memory.
@thoger
Copy link
Contributor Author

thoger commented Dec 7, 2017

The above ASAN output is not very useful, so this is what I see with 2.0.14 built with ASAN:

warning: ignoring unknown marker segment (0xff76)
type = 0xff76 (UNKNOWN); len = 20;10 40 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 RCT requires all components have the same domain
error: cannot decode code stream
cannot load image

=================================================================
==4031==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 16512 byte(s) in 86 object(s) allocated from:
    #0 0x7faddc83c850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7faddc469469 in jas_malloc /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:241
    #2 0x7faddc46963c in jas_alloc2 /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:274
    #3 0x7faddc49df81 in jpc_dec_process_siz /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:1330
    #4 0x7faddc4959a6 in jpc_dec_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:424
    #5 0x7faddc494fbc in jpc_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:261
    #6 0x7faddc483577 in jp2_decode /tmp/jasper-2.0.14/src/libjasper/jp2/jp2_dec.c:218
    #7 0x7faddc45f416 in jas_image_decode /tmp/jasper-2.0.14/src/libjasper/base/jas_image.c:442
    #8 0x4017f6 in main /tmp/jasper-2.0.14/src/appl/imginfo.c:238
    #9 0x7faddbaf2889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Direct leak of 184 byte(s) in 1 object(s) allocated from:
    #0 0x7faddc83c850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7faddc469469 in jas_malloc /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:241
    #2 0x7faddc4fad34 in jpc_pi_create0 /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_t2cod.c:559
    #3 0x7faddc4fe208 in jpc_dec_pi_create /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_t2dec.c:477
    #4 0x7faddc49a58e in jpc_dec_tileinit /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:944
    #5 0x7faddc496853 in jpc_dec_process_sod /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:593
    #6 0x7faddc4959a6 in jpc_dec_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:424
    #7 0x7faddc494fbc in jpc_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:261
    #8 0x7faddc483577 in jp2_decode /tmp/jasper-2.0.14/src/libjasper/jp2/jp2_dec.c:218
    #9 0x7faddc45f416 in jas_image_decode /tmp/jasper-2.0.14/src/libjasper/base/jas_image.c:442
    #10 0x4017f6 in main /tmp/jasper-2.0.14/src/appl/imginfo.c:238
    #11 0x7faddbaf2889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Direct leak of 48 byte(s) in 1 object(s) allocated from:
    #0 0x7faddc83c850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7faddc469469 in jas_malloc /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:241
    #2 0x7faddc49f5af in jpc_dec_cp_create /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:1584
    #3 0x7faddc49fb08 in jpc_dec_cp_copy /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:1626
    #4 0x7faddc49659e in jpc_dec_process_sot /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:554
    #5 0x7faddc4959a6 in jpc_dec_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:424
    #6 0x7faddc494fbc in jpc_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:261
    #7 0x7faddc483577 in jp2_decode /tmp/jasper-2.0.14/src/libjasper/jp2/jp2_dec.c:218
    #8 0x7faddc45f416 in jas_image_decode /tmp/jasper-2.0.14/src/libjasper/base/jas_image.c:442
    #9 0x4017f6 in main /tmp/jasper-2.0.14/src/appl/imginfo.c:238
    #10 0x7faddbaf2889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 8127552 byte(s) in 5137 object(s) allocated from:
    #0 0x7faddc83c850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7faddc469469 in jas_malloc /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:241
    #2 0x7faddc46963c in jas_alloc2 /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:274
    #3 0x7faddc46a15f in jas_matrix_create /tmp/jasper-2.0.14/src/libjasper/base/jas_seq.c:138
    #4 0x7faddc4d369f in jpc_dec_decodecblk /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_t1dec.c:208
    #5 0x7faddc4d3502 in jpc_dec_decodecblks /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_t1dec.c:177
    #6 0x7faddc49b0c4 in jpc_dec_tiledecode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:1084
    #7 0x7faddc49711a in jpc_dec_process_sod /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:657
    #8 0x7faddc4959a6 in jpc_dec_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:424
    #9 0x7faddc494fbc in jpc_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:261
    #10 0x7faddc483577 in jp2_decode /tmp/jasper-2.0.14/src/libjasper/jp2/jp2_dec.c:218
    #11 0x7faddc45f416 in jas_image_decode /tmp/jasper-2.0.14/src/libjasper/base/jas_image.c:442
    #12 0x4017f6 in main /tmp/jasper-2.0.14/src/appl/imginfo.c:238
    #13 0x7faddbaf2889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 2626992 byte(s) in 3 object(s) allocated from:
    #0 0x7faddc83c850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7faddc469469 in jas_malloc /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:241
    #2 0x7faddc46963c in jas_alloc2 /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:274
    #3 0x7faddc46a15f in jas_matrix_create /tmp/jasper-2.0.14/src/libjasper/base/jas_seq.c:138
    #4 0x7faddc469caa in jas_seq2d_create /tmp/jasper-2.0.14/src/libjasper/base/jas_seq.c:91
    #5 0x7faddc4977a1 in jpc_dec_tileinit /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:736
    #6 0x7faddc496853 in jpc_dec_process_sod /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:593
    #7 0x7faddc4959a6 in jpc_dec_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:424
    #8 0x7faddc494fbc in jpc_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:261
    #9 0x7faddc483577 in jp2_decode /tmp/jasper-2.0.14/src/libjasper/jp2/jp2_dec.c:218
    #10 0x7faddc45f416 in jas_image_decode /tmp/jasper-2.0.14/src/libjasper/base/jas_image.c:442
    #11 0x4017f6 in main /tmp/jasper-2.0.14/src/appl/imginfo.c:238
    #12 0x7faddbaf2889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 452056 byte(s) in 5137 object(s) allocated from:
    #0 0x7faddc83c850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7faddc469469 in jas_malloc /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:241
    #2 0x7faddc469e4b in jas_matrix_create /tmp/jasper-2.0.14/src/libjasper/base/jas_seq.c:113
    #3 0x7faddc4d369f in jpc_dec_decodecblk /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_t1dec.c:208
    #4 0x7faddc4d3502 in jpc_dec_decodecblks /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_t1dec.c:177
    #5 0x7faddc49b0c4 in jpc_dec_tiledecode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:1084
    #6 0x7faddc49711a in jpc_dec_process_sod /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:657
    #7 0x7faddc4959a6 in jpc_dec_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:424
    #8 0x7faddc494fbc in jpc_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:261
    #9 0x7faddc483577 in jp2_decode /tmp/jasper-2.0.14/src/libjasper/jp2/jp2_dec.c:218
    #10 0x7faddc45f416 in jas_image_decode /tmp/jasper-2.0.14/src/libjasper/base/jas_image.c:442
    #11 0x4017f6 in main /tmp/jasper-2.0.14/src/appl/imginfo.c:238
    #12 0x7faddbaf2889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 452056 byte(s) in 5137 object(s) allocated from:
    #0 0x7faddc83c850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7faddc469469 in jas_malloc /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:241
    #2 0x7faddc469e4b in jas_matrix_create /tmp/jasper-2.0.14/src/libjasper/base/jas_seq.c:113
    #3 0x7faddc469caa in jas_seq2d_create /tmp/jasper-2.0.14/src/libjasper/base/jas_seq.c:91
    #4 0x7faddc49a126 in jpc_dec_tileinit /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:911
    #5 0x7faddc496853 in jpc_dec_process_sod /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:593
    #6 0x7faddc4959a6 in jpc_dec_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:424
    #7 0x7faddc494fbc in jpc_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:261
    #8 0x7faddc483577 in jp2_decode /tmp/jasper-2.0.14/src/libjasper/jp2/jp2_dec.c:218
    #9 0x7faddc45f416 in jas_image_decode /tmp/jasper-2.0.14/src/libjasper/base/jas_image.c:442
    #10 0x4017f6 in main /tmp/jasper-2.0.14/src/appl/imginfo.c:238
    #11 0x7faddbaf2889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 410960 byte(s) in 34 object(s) allocated from:
    #0 0x7faddc83c850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7faddc469469 in jas_malloc /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:241
    #2 0x7faddc46963c in jas_alloc2 /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:274
    #3 0x7faddc499bc5 in jpc_dec_tileinit /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:884
    #4 0x7faddc496853 in jpc_dec_process_sod /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:593
    #5 0x7faddc4959a6 in jpc_dec_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:424
    #6 0x7faddc494fbc in jpc_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:261
    #7 0x7faddc483577 in jp2_decode /tmp/jasper-2.0.14/src/libjasper/jp2/jp2_dec.c:218
    #8 0x7faddc45f416 in jas_image_decode /tmp/jasper-2.0.14/src/libjasper/base/jas_image.c:442
    #9 0x4017f6 in main /tmp/jasper-2.0.14/src/appl/imginfo.c:238
    #10 0x7faddbaf2889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 246144 byte(s) in 34 object(s) allocated from:
    #0 0x7faddc83c850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7faddc469469 in jas_malloc /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:241
    #2 0x7faddc46963c in jas_alloc2 /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:274
    #3 0x7faddc505fa8 in jpc_tagtree_create /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_tagtree.c:128
    #4 0x7faddc499b26 in jpc_dec_tileinit /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:880
    #5 0x7faddc496853 in jpc_dec_process_sod /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:593
    #6 0x7faddc4959a6 in jpc_dec_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:424
    #7 0x7faddc494fbc in jpc_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:261
    #8 0x7faddc483577 in jp2_decode /tmp/jasper-2.0.14/src/libjasper/jp2/jp2_dec.c:218
    #9 0x7faddc45f416 in jas_image_decode /tmp/jasper-2.0.14/src/libjasper/base/jas_image.c:442
    #10 0x4017f6 in main /tmp/jasper-2.0.14/src/appl/imginfo.c:238
    #11 0x7faddbaf2889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 246144 byte(s) in 34 object(s) allocated from:
    #0 0x7faddc83c850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7faddc469469 in jas_malloc /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:241
    #2 0x7faddc46963c in jas_alloc2 /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:274
    #3 0x7faddc505fa8 in jpc_tagtree_create /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_tagtree.c:128
    #4 0x7faddc499a44 in jpc_dec_tileinit /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:876
    #5 0x7faddc496853 in jpc_dec_process_sod /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:593
    #6 0x7faddc4959a6 in jpc_dec_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:424
    #7 0x7faddc494fbc in jpc_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:261
    #8 0x7faddc483577 in jp2_decode /tmp/jasper-2.0.14/src/libjasper/jp2/jp2_dec.c:218
    #9 0x7faddc45f416 in jas_image_decode /tmp/jasper-2.0.14/src/libjasper/base/jas_image.c:442
    #10 0x4017f6 in main /tmp/jasper-2.0.14/src/appl/imginfo.c:238
    #11 0x7faddbaf2889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 123288 byte(s) in 5137 object(s) allocated from:
    #0 0x7faddc83c850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7faddc469469 in jas_malloc /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:241
    #2 0x7faddc46963c in jas_alloc2 /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:274
    #3 0x7faddc46a0c5 in jas_matrix_create /tmp/jasper-2.0.14/src/libjasper/base/jas_seq.c:131
    #4 0x7faddc4d369f in jpc_dec_decodecblk /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_t1dec.c:208
    #5 0x7faddc4d3502 in jpc_dec_decodecblks /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_t1dec.c:177
    #6 0x7faddc49b0c4 in jpc_dec_tiledecode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:1084
    #7 0x7faddc49711a in jpc_dec_process_sod /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:657
    #8 0x7faddc4959a6 in jpc_dec_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:424
    #9 0x7faddc494fbc in jpc_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:261
    #10 0x7faddc483577 in jp2_decode /tmp/jasper-2.0.14/src/libjasper/jp2/jp2_dec.c:218
    #11 0x7faddc45f416 in jas_image_decode /tmp/jasper-2.0.14/src/libjasper/base/jas_image.c:442
    #12 0x4017f6 in main /tmp/jasper-2.0.14/src/appl/imginfo.c:238
    #13 0x7faddbaf2889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 41096 byte(s) in 5137 object(s) allocated from:
    #0 0x7faddc83c850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7faddc469469 in jas_malloc /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:241
    #2 0x7faddc46963c in jas_alloc2 /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:274
    #3 0x7faddc46aec3 in jas_matrix_bindsub /tmp/jasper-2.0.14/src/libjasper/base/jas_seq.c:241
    #4 0x7faddc46ac4d in jas_seq2d_bindsub /tmp/jasper-2.0.14/src/libjasper/base/jas_seq.c:217
    #5 0x7faddc49a202 in jpc_dec_tileinit /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:915
    #6 0x7faddc496853 in jpc_dec_process_sod /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:593
    #7 0x7faddc4959a6 in jpc_dec_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:424
    #8 0x7faddc494fbc in jpc_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:261
    #9 0x7faddc483577 in jp2_decode /tmp/jasper-2.0.14/src/libjasper/jp2/jp2_dec.c:218
    #10 0x7faddc45f416 in jas_image_decode /tmp/jasper-2.0.14/src/libjasper/base/jas_image.c:442
    #11 0x4017f6 in main /tmp/jasper-2.0.14/src/appl/imginfo.c:238
    #12 0x7faddbaf2889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 2688 byte(s) in 1 object(s) allocated from:
    #0 0x7faddc83c850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7faddc469469 in jas_malloc /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:241
    #2 0x7faddc46963c in jas_alloc2 /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:274
    #3 0x7faddc49f742 in jpc_dec_cp_create /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:1593
    #4 0x7faddc49fb08 in jpc_dec_cp_copy /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:1626
    #5 0x7faddc49659e in jpc_dec_process_sot /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:554
    #6 0x7faddc4959a6 in jpc_dec_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:424
    #7 0x7faddc494fbc in jpc_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:261
    #8 0x7faddc483577 in jp2_decode /tmp/jasper-2.0.14/src/libjasper/jp2/jp2_dec.c:218
    #9 0x7faddc45f416 in jas_image_decode /tmp/jasper-2.0.14/src/libjasper/base/jas_image.c:442
    #10 0x4017f6 in main /tmp/jasper-2.0.14/src/appl/imginfo.c:238
    #11 0x7faddbaf2889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 2592 byte(s) in 18 object(s) allocated from:
    #0 0x7faddc83c850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7faddc469469 in jas_malloc /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:241
    #2 0x7faddc46963c in jas_alloc2 /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:274
    #3 0x7faddc49930d in jpc_dec_tileinit /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:840
    #4 0x7faddc496853 in jpc_dec_process_sod /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:593
    #5 0x7faddc4959a6 in jpc_dec_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:424
    #6 0x7faddc494fbc in jpc_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:261
    #7 0x7faddc483577 in jp2_decode /tmp/jasper-2.0.14/src/libjasper/jp2/jp2_dec.c:218
    #8 0x7faddc45f416 in jas_image_decode /tmp/jasper-2.0.14/src/libjasper/base/jas_image.c:442
    #9 0x4017f6 in main /tmp/jasper-2.0.14/src/appl/imginfo.c:238
    #10 0x7faddbaf2889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 2304 byte(s) in 18 object(s) allocated from:
    #0 0x7faddc83c850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7faddc469469 in jas_malloc /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:241
    #2 0x7faddc46963c in jas_alloc2 /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:274
    #3 0x7faddc4986f9 in jpc_dec_tileinit /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:806
    #4 0x7faddc496853 in jpc_dec_process_sod /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:593
    #5 0x7faddc4959a6 in jpc_dec_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:424
    #6 0x7faddc494fbc in jpc_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:261
    #7 0x7faddc483577 in jp2_decode /tmp/jasper-2.0.14/src/libjasper/jp2/jp2_dec.c:218
    #8 0x7faddc45f416 in jas_image_decode /tmp/jasper-2.0.14/src/libjasper/base/jas_image.c:442
    #9 0x4017f6 in main /tmp/jasper-2.0.14/src/appl/imginfo.c:238
    #10 0x7faddbaf2889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 1728 byte(s) in 3 object(s) allocated from:
    #0 0x7faddc83c850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7faddc469469 in jas_malloc /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:241
    #2 0x7faddc46963c in jas_alloc2 /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:274
    #3 0x7faddc497586 in jpc_dec_tileinit /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:732
    #4 0x7faddc496853 in jpc_dec_process_sod /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:593
    #5 0x7faddc4959a6 in jpc_dec_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:424
    #6 0x7faddc494fbc in jpc_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:261
    #7 0x7faddc483577 in jp2_decode /tmp/jasper-2.0.14/src/libjasper/jp2/jp2_dec.c:218
    #8 0x7faddc45f416 in jas_image_decode /tmp/jasper-2.0.14/src/libjasper/base/jas_image.c:442
    #9 0x4017f6 in main /tmp/jasper-2.0.14/src/appl/imginfo.c:238
    #10 0x7faddbaf2889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 1584 byte(s) in 18 object(s) allocated from:
    #0 0x7faddc83c850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7faddc469469 in jas_malloc /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:241
    #2 0x7faddc469e4b in jas_matrix_create /tmp/jasper-2.0.14/src/libjasper/base/jas_seq.c:113
    #3 0x7faddc469caa in jas_seq2d_create /tmp/jasper-2.0.14/src/libjasper/base/jas_seq.c:91
    #4 0x7faddc498e40 in jpc_dec_tileinit /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:831
    #5 0x7faddc496853 in jpc_dec_process_sod /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:593
    #6 0x7faddc4959a6 in jpc_dec_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:424
    #7 0x7faddc494fbc in jpc_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:261
    #8 0x7faddc483577 in jp2_decode /tmp/jasper-2.0.14/src/libjasper/jp2/jp2_dec.c:218
    #9 0x7faddc45f416 in jas_image_decode /tmp/jasper-2.0.14/src/libjasper/base/jas_image.c:442
    #10 0x4017f6 in main /tmp/jasper-2.0.14/src/appl/imginfo.c:238
    #11 0x7faddbaf2889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 816 byte(s) in 34 object(s) allocated from:
    #0 0x7faddc83c850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7faddc469469 in jas_malloc /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:241
    #2 0x7faddc50651d in jpc_tagtree_alloc /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_tagtree.c:182
    #3 0x7faddc505c4f in jpc_tagtree_create /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_tagtree.c:111
    #4 0x7faddc499b26 in jpc_dec_tileinit /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:880
    #5 0x7faddc496853 in jpc_dec_process_sod /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:593
    #6 0x7faddc4959a6 in jpc_dec_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:424
    #7 0x7faddc494fbc in jpc_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:261
    #8 0x7faddc483577 in jp2_decode /tmp/jasper-2.0.14/src/libjasper/jp2/jp2_dec.c:218
    #9 0x7faddc45f416 in jas_image_decode /tmp/jasper-2.0.14/src/libjasper/base/jas_image.c:442
    #10 0x4017f6 in main /tmp/jasper-2.0.14/src/appl/imginfo.c:238
    #11 0x7faddbaf2889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 816 byte(s) in 34 object(s) allocated from:
    #0 0x7faddc83c850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7faddc469469 in jas_malloc /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:241
    #2 0x7faddc50651d in jpc_tagtree_alloc /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_tagtree.c:182
    #3 0x7faddc505c4f in jpc_tagtree_create /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_tagtree.c:111
    #4 0x7faddc499a44 in jpc_dec_tileinit /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:876
    #5 0x7faddc496853 in jpc_dec_process_sod /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:593
    #6 0x7faddc4959a6 in jpc_dec_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:424
    #7 0x7faddc494fbc in jpc_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:261
    #8 0x7faddc483577 in jp2_decode /tmp/jasper-2.0.14/src/libjasper/jp2/jp2_dec.c:218
    #9 0x7faddc45f416 in jas_image_decode /tmp/jasper-2.0.14/src/libjasper/base/jas_image.c:442
    #10 0x4017f6 in main /tmp/jasper-2.0.14/src/appl/imginfo.c:238
    #11 0x7faddbaf2889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 576 byte(s) in 3 object(s) allocated from:
    #0 0x7faddc83c850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7faddc469469 in jas_malloc /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:241
    #2 0x7faddc46963c in jas_alloc2 /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:274
    #3 0x7faddc4fe4a1 in jpc_dec_pi_create /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_t2dec.c:493
    #4 0x7faddc49a58e in jpc_dec_tileinit /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:944
    #5 0x7faddc496853 in jpc_dec_process_sod /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:593
    #6 0x7faddc4959a6 in jpc_dec_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:424
    #7 0x7faddc494fbc in jpc_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:261
    #8 0x7faddc483577 in jp2_decode /tmp/jasper-2.0.14/src/libjasper/jp2/jp2_dec.c:218
    #9 0x7faddc45f416 in jas_image_decode /tmp/jasper-2.0.14/src/libjasper/base/jas_image.c:442
    #10 0x4017f6 in main /tmp/jasper-2.0.14/src/appl/imginfo.c:238
    #11 0x7faddbaf2889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 288 byte(s) in 18 object(s) allocated from:
    #0 0x7faddc83c850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7faddc469469 in jas_malloc /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:241
    #2 0x7faddc46963c in jas_alloc2 /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:274
    #3 0x7faddc4fe695 in jpc_dec_pi_create /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_t2dec.c:506
    #4 0x7faddc49a58e in jpc_dec_tileinit /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:944
    #5 0x7faddc496853 in jpc_dec_process_sod /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:593
    #6 0x7faddc4959a6 in jpc_dec_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:424
    #7 0x7faddc494fbc in jpc_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:261
    #8 0x7faddc483577 in jp2_decode /tmp/jasper-2.0.14/src/libjasper/jp2/jp2_dec.c:218
    #9 0x7faddc45f416 in jas_image_decode /tmp/jasper-2.0.14/src/libjasper/base/jas_image.c:442
    #10 0x4017f6 in main /tmp/jasper-2.0.14/src/appl/imginfo.c:238
    #11 0x7faddbaf2889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 264 byte(s) in 3 object(s) allocated from:
    #0 0x7faddc83c850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7faddc469469 in jas_malloc /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:241
    #2 0x7faddc469e4b in jas_matrix_create /tmp/jasper-2.0.14/src/libjasper/base/jas_seq.c:113
    #3 0x7faddc469caa in jas_seq2d_create /tmp/jasper-2.0.14/src/libjasper/base/jas_seq.c:91
    #4 0x7faddc4977a1 in jpc_dec_tileinit /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:736
    #5 0x7faddc496853 in jpc_dec_process_sod /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:593
    #6 0x7faddc4959a6 in jpc_dec_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:424
    #7 0x7faddc494fbc in jpc_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:261
    #8 0x7faddc483577 in jp2_decode /tmp/jasper-2.0.14/src/libjasper/jp2/jp2_dec.c:218
    #9 0x7faddc45f416 in jas_image_decode /tmp/jasper-2.0.14/src/libjasper/base/jas_image.c:442
    #10 0x4017f6 in main /tmp/jasper-2.0.14/src/appl/imginfo.c:238
    #11 0x7faddbaf2889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 144 byte(s) in 18 object(s) allocated from:
    #0 0x7faddc83c850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7faddc469469 in jas_malloc /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:241
    #2 0x7faddc46963c in jas_alloc2 /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:274
    #3 0x7faddc46aec3 in jas_matrix_bindsub /tmp/jasper-2.0.14/src/libjasper/base/jas_seq.c:241
    #4 0x7faddc46ac4d in jas_seq2d_bindsub /tmp/jasper-2.0.14/src/libjasper/base/jas_seq.c:217
    #5 0x7faddc49901d in jpc_dec_tileinit /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:834
    #6 0x7faddc496853 in jpc_dec_process_sod /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:593
    #7 0x7faddc4959a6 in jpc_dec_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:424
    #8 0x7faddc494fbc in jpc_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:261
    #9 0x7faddc483577 in jp2_decode /tmp/jasper-2.0.14/src/libjasper/jp2/jp2_dec.c:218
    #10 0x7faddc45f416 in jas_image_decode /tmp/jasper-2.0.14/src/libjasper/base/jas_image.c:442
    #11 0x4017f6 in main /tmp/jasper-2.0.14/src/appl/imginfo.c:238
    #12 0x7faddbaf2889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 96 byte(s) in 1 object(s) allocated from:
    #0 0x7faddc83c850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7faddc469469 in jas_malloc /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:241
    #2 0x7faddc46963c in jas_alloc2 /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:274
    #3 0x7faddc4fe2a8 in jpc_dec_pi_create /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_t2dec.c:481
    #4 0x7faddc49a58e in jpc_dec_tileinit /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:944
    #5 0x7faddc496853 in jpc_dec_process_sod /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:593
    #6 0x7faddc4959a6 in jpc_dec_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:424
    #7 0x7faddc494fbc in jpc_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:261
    #8 0x7faddc483577 in jp2_decode /tmp/jasper-2.0.14/src/libjasper/jp2/jp2_dec.c:218
    #9 0x7faddc45f416 in jas_image_decode /tmp/jasper-2.0.14/src/libjasper/base/jas_image.c:442
    #10 0x4017f6 in main /tmp/jasper-2.0.14/src/appl/imginfo.c:238
    #11 0x7faddbaf2889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 48 byte(s) in 3 object(s) allocated from:
    #0 0x7faddc83c850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7faddc5085c1 in jpc_cod_gettsfb /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_tsfb.c:98
    #2 0x7faddc497882 in jpc_dec_tileinit /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:742
    #3 0x7faddc496853 in jpc_dec_process_sod /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:593
    #4 0x7faddc4959a6 in jpc_dec_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:424
    #5 0x7faddc494fbc in jpc_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:261
    #6 0x7faddc483577 in jp2_decode /tmp/jasper-2.0.14/src/libjasper/jp2/jp2_dec.c:218
    #7 0x7faddc45f416 in jas_image_decode /tmp/jasper-2.0.14/src/libjasper/base/jas_image.c:442
    #8 0x4017f6 in main /tmp/jasper-2.0.14/src/appl/imginfo.c:238
    #9 0x7faddbaf2889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 24 byte(s) in 3 object(s) allocated from:
    #0 0x7faddc83c850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7faddc469469 in jas_malloc /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:241
    #2 0x7faddc46963c in jas_alloc2 /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:274
    #3 0x7faddc46a0c5 in jas_matrix_create /tmp/jasper-2.0.14/src/libjasper/base/jas_seq.c:131
    #4 0x7faddc469caa in jas_seq2d_create /tmp/jasper-2.0.14/src/libjasper/base/jas_seq.c:91
    #5 0x7faddc4977a1 in jpc_dec_tileinit /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:736
    #6 0x7faddc496853 in jpc_dec_process_sod /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:593
    #7 0x7faddc4959a6 in jpc_dec_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:424
    #8 0x7faddc494fbc in jpc_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:261
    #9 0x7faddc483577 in jp2_decode /tmp/jasper-2.0.14/src/libjasper/jp2/jp2_dec.c:218
    #10 0x7faddc45f416 in jas_image_decode /tmp/jasper-2.0.14/src/libjasper/base/jas_image.c:442
    #11 0x4017f6 in main /tmp/jasper-2.0.14/src/appl/imginfo.c:238
    #12 0x7faddbaf2889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 16 byte(s) in 1 object(s) allocated from:
    #0 0x7faddc83c850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7faddc469469 in jas_malloc /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:241
    #2 0x7faddc4fae83 in jpc_pchglist_create /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_t2cod.c:579
    #3 0x7faddc4fadc2 in jpc_pi_create0 /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_t2cod.c:564
    #4 0x7faddc4fe208 in jpc_dec_pi_create /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_t2dec.c:477
    #5 0x7faddc49a58e in jpc_dec_tileinit /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:944
    #6 0x7faddc496853 in jpc_dec_process_sod /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:593
    #7 0x7faddc4959a6 in jpc_dec_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:424
    #8 0x7faddc494fbc in jpc_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:261
    #9 0x7faddc483577 in jp2_decode /tmp/jasper-2.0.14/src/libjasper/jp2/jp2_dec.c:218
    #10 0x7faddc45f416 in jas_image_decode /tmp/jasper-2.0.14/src/libjasper/base/jas_image.c:442
    #11 0x4017f6 in main /tmp/jasper-2.0.14/src/appl/imginfo.c:238
    #12 0x7faddbaf2889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 16 byte(s) in 1 object(s) allocated from:
    #0 0x7faddc83c850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7faddc469469 in jas_malloc /tmp/jasper-2.0.14/src/libjasper/base/jas_malloc.c:241
    #2 0x7faddc4fae83 in jpc_pchglist_create /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_t2cod.c:579
    #3 0x7faddc4fb586 in jpc_pchglist_copy /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_t2cod.c:641
    #4 0x7faddc49fde9 in jpc_dec_cp_copy /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:1636
    #5 0x7faddc49659e in jpc_dec_process_sot /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:554
    #6 0x7faddc4959a6 in jpc_dec_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:424
    #7 0x7faddc494fbc in jpc_decode /tmp/jasper-2.0.14/src/libjasper/jpc/jpc_dec.c:261
    #8 0x7faddc483577 in jp2_decode /tmp/jasper-2.0.14/src/libjasper/jp2/jp2_dec.c:218
    #9 0x7faddc45f416 in jas_image_decode /tmp/jasper-2.0.14/src/libjasper/base/jas_image.c:442
    #10 0x4017f6 in main /tmp/jasper-2.0.14/src/appl/imginfo.c:238
    #11 0x7faddbaf2889 in __libc_start_main (/lib64/libc.so.6+0x20889)

SUMMARY: AddressSanitizer: 12757032 byte(s) leaked in 26055 allocation(s).

@thoger
Copy link
Contributor Author

thoger commented Dec 7, 2017

Note that none of the indicated leaks is related to jas_strdup(), so it's unclear how reporter determined that function as the root cause. However, there does seem to be a leak related to jas_strdup(). The call to the function indicated in the report:

jas_strdup (s=0x7ffff7ba0600 <.str.1> "My Image Format (MIF)")

Apparently comes from jas_init(), which calls jas_image_addfmt(), which calls jas_strdup() as indicated. However, when image parsing fails, imginfo tool exits without calling jas_image_clearfmts() or jas_image_destroy(image). This leads to leaks of memory allocated via jas_strdup().

That is a bug in imginfo and not libjasper, and it's a very minor concern as it happens on the program exit.

@thoger
Copy link
Contributor Author

thoger commented Dec 7, 2017

Looking at the reported leaks, they all seem to be related to tile processing. I noticed that the jpc_decode() function calls jpc_dec_destroy(dec) on both success and error code paths. The jpc_dec_destroy() calls jas_free(dec->tiles) (if needed). However, tiles can and do point to other allocated memory, and it seems calling jpc_dec_tilefini() is needed to properly release all the tile data. Is is intentional that jpc_dec_destroy() does not attempt to properly release all tile memory?

@thoger
Copy link
Contributor Author

thoger commented Dec 7, 2017

Oh, there already is a pull request #159 from @MaxKellermann that addresses the problem described in my previous comment. After applying the proposed change, no more leaks are reported.

@thoger thoger changed the title Memory leaks related to jas_strdup() Tile memory leaks after image decoding failure Dec 7, 2017
@thoger thoger mentioned this issue May 6, 2020
Closed
@jubalh jubalh mentioned this issue Jun 23, 2020
Merged
@jubalh jubalh closed this as completed in c4d3456 Jul 28, 2020
jubalh added a commit to jubalh/buildroot that referenced this issue Jul 28, 2020
@jubalh
Update Jasper to 2.0.19
3c4f2bc 
Changes:
* Fix CVE-2018-9154
  jasper-software/jasper#215
  jasper-software/jasper#166
  jasper-software/jasper#175
  jasper-maint/jasper#8

* Fix CVE-2018-19541
  jasper-software/jasper#199
  jasper-maint/jasper#6

* Fix CVE-2016-9399, CVE-2017-13751
  jasper-maint/jasper#1

* Fix CVE-2018-19540
  jasper-software/jasper#182
  jasper-maint/jasper#22

* Fix CVE-2018-9055
  jasper-maint/jasper#9

* Fix CVE-2017-13748
  jasper-software/jasper#168

* Fix CVE-2017-5503, CVE-2017-5504, CVE-2017-5505
  jasper-maint/jasper#3
  jasper-maint/jasper#4
  jasper-maint/jasper#5
  jasper-software/jasper#88
  jasper-software/jasper#89
  jasper-software/jasper#90

* Fix CVE-2018-9252
  jasper-maint/jasper#16

* Fix CVE-2018-19139
  jasper-maint/jasper#14

* Fix CVE-2018-19543, CVE-2017-9782
  jasper-maint/jasper#13
  jasper-maint/jasper#18
  jasper-software/jasper#140
  jasper-software/jasper#182

* Fix CVE-2018-20570
  jasper-maint/jasper#11
  jasper-software/jasper#191

* Fix CVE-2018-20622
  jasper-maint/jasper#12
  jasper-software/jasper#193

* Fix CVE-2016-9398
  jasper-maint/jasper#10

* Fix CVE-2017-14132
  jasper-maint/jasper#17

* Fix CVE-2017-5499
  jasper-maint/jasper#2
  jasper-software/jasper#63

* Fix CVE-2018-18873
  jasper-maint/jasper#15
  jasper-software/jasper#184

* Fix jasper-software/jasper#207

* Fix jasper-software/jasper#194 part 1

* Fix CVE-2017-13750
  jasper-software/jasper#165
  jasper-software/jasper#174

* New option -DJAS_ENABLE_HIDDEN=true to not export internal symbols in the public symbol table

* Fix various memory leaks

* Plenty of code cleanups, and performance improvements
buildroot-auto-update pushed a commit to buildroot/buildroot that referenced this issue Aug 3, 2020
@jubalh @jacmet
package/jasper: security bump to version 2.0.19
d0f7b24 
Fixes the following security issues:
* Fix CVE-2018-9154
  jasper-software/jasper#215
  jasper-software/jasper#166
  jasper-software/jasper#175
  jasper-maint/jasper#8

* Fix CVE-2018-19541
  jasper-software/jasper#199
  jasper-maint/jasper#6

* Fix CVE-2016-9399, CVE-2017-13751
  jasper-maint/jasper#1

* Fix CVE-2018-19540
  jasper-software/jasper#182
  jasper-maint/jasper#22

* Fix CVE-2018-9055
  jasper-maint/jasper#9

* Fix CVE-2017-13748
  jasper-software/jasper#168

* Fix CVE-2017-5503, CVE-2017-5504, CVE-2017-5505
  jasper-maint/jasper#3
  jasper-maint/jasper#4
  jasper-maint/jasper#5
  jasper-software/jasper#88
  jasper-software/jasper#89
  jasper-software/jasper#90

* Fix CVE-2018-9252
  jasper-maint/jasper#16

* Fix CVE-2018-19139
  jasper-maint/jasper#14

* Fix CVE-2018-19543, CVE-2017-9782
  jasper-maint/jasper#13
  jasper-maint/jasper#18
  jasper-software/jasper#140
  jasper-software/jasper#182

* Fix CVE-2018-20570
  jasper-maint/jasper#11
  jasper-software/jasper#191

* Fix CVE-2018-20622
  jasper-maint/jasper#12
  jasper-software/jasper#193

* Fix CVE-2016-9398
  jasper-maint/jasper#10

* Fix CVE-2017-14132
  jasper-maint/jasper#17

* Fix CVE-2017-5499
  jasper-maint/jasper#2
  jasper-software/jasper#63

* Fix CVE-2018-18873
  jasper-maint/jasper#15
  jasper-software/jasper#184

* Fix CVE-2017-13750
  jasper-software/jasper#165
  jasper-software/jasper#174

Furthermore, drop now upstreamed patches and change to the new
jasper-software upstream location.

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
[Peter: reword for security bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
woodsts pushed a commit to woodsts/buildroot that referenced this issue Aug 18, 2020
@jubalh @jacmet
package/jasper: security bump to version 2.0.19
5a9d409 
Fixes the following security issues:
* Fix CVE-2018-9154
  jasper-software/jasper#215
  jasper-software/jasper#166
  jasper-software/jasper#175
  jasper-maint/jasper#8

* Fix CVE-2018-19541
  jasper-software/jasper#199
  jasper-maint/jasper#6

* Fix CVE-2016-9399, CVE-2017-13751
  jasper-maint/jasper#1

* Fix CVE-2018-19540
  jasper-software/jasper#182
  jasper-maint/jasper#22

* Fix CVE-2018-9055
  jasper-maint/jasper#9

* Fix CVE-2017-13748
  jasper-software/jasper#168

* Fix CVE-2017-5503, CVE-2017-5504, CVE-2017-5505
  jasper-maint/jasper#3
  jasper-maint/jasper#4
  jasper-maint/jasper#5
  jasper-software/jasper#88
  jasper-software/jasper#89
  jasper-software/jasper#90

* Fix CVE-2018-9252
  jasper-maint/jasper#16

* Fix CVE-2018-19139
  jasper-maint/jasper#14

* Fix CVE-2018-19543, CVE-2017-9782
  jasper-maint/jasper#13
  jasper-maint/jasper#18
  jasper-software/jasper#140
  jasper-software/jasper#182

* Fix CVE-2018-20570
  jasper-maint/jasper#11
  jasper-software/jasper#191

* Fix CVE-2018-20622
  jasper-maint/jasper#12
  jasper-software/jasper#193

* Fix CVE-2016-9398
  jasper-maint/jasper#10

* Fix CVE-2017-14132
  jasper-maint/jasper#17

* Fix CVE-2017-5499
  jasper-maint/jasper#2
  jasper-software/jasper#63

* Fix CVE-2018-18873
  jasper-maint/jasper#15
  jasper-software/jasper#184

* Fix CVE-2017-13750
  jasper-software/jasper#165
  jasper-software/jasper#174

Furthermore, drop now upstreamed patches and change to the new
jasper-software upstream location.

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
[Peter: reword for security bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d0f7b24)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
woodsts pushed a commit to woodsts/buildroot that referenced this issue Aug 18, 2020
@jubalh @jacmet
package/jasper: security bump to version 2.0.19
dc10b2e 
Fixes the following security issues:
* Fix CVE-2018-9154
  jasper-software/jasper#215
  jasper-software/jasper#166
  jasper-software/jasper#175
  jasper-maint/jasper#8

* Fix CVE-2018-19541
  jasper-software/jasper#199
  jasper-maint/jasper#6

* Fix CVE-2016-9399, CVE-2017-13751
  jasper-maint/jasper#1

* Fix CVE-2018-19540
  jasper-software/jasper#182
  jasper-maint/jasper#22

* Fix CVE-2018-9055
  jasper-maint/jasper#9

* Fix CVE-2017-13748
  jasper-software/jasper#168

* Fix CVE-2017-5503, CVE-2017-5504, CVE-2017-5505
  jasper-maint/jasper#3
  jasper-maint/jasper#4
  jasper-maint/jasper#5
  jasper-software/jasper#88
  jasper-software/jasper#89
  jasper-software/jasper#90

* Fix CVE-2018-9252
  jasper-maint/jasper#16

* Fix CVE-2018-19139
  jasper-maint/jasper#14

* Fix CVE-2018-19543, CVE-2017-9782
  jasper-maint/jasper#13
  jasper-maint/jasper#18
  jasper-software/jasper#140
  jasper-software/jasper#182

* Fix CVE-2018-20570
  jasper-maint/jasper#11
  jasper-software/jasper#191

* Fix CVE-2018-20622
  jasper-maint/jasper#12
  jasper-software/jasper#193

* Fix CVE-2016-9398
  jasper-maint/jasper#10

* Fix CVE-2017-14132
  jasper-maint/jasper#17

* Fix CVE-2017-5499
  jasper-maint/jasper#2
  jasper-software/jasper#63

* Fix CVE-2018-18873
  jasper-maint/jasper#15
  jasper-software/jasper#184

* Fix CVE-2017-13750
  jasper-software/jasper#165
  jasper-software/jasper#174

Furthermore, drop now upstreamed patches and change to the new
jasper-software upstream location.

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
[Peter: reword for security bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d0f7b24)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@thoger