[Bug 259761] graphics/exiftran: -g broken. May involve graphics/jpeg-turbo

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259761

Alexey Dokuchaev <danfe@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|New                         |Open
                 CC|                            |danfe@FreeBSD.org
                URL|                            |https://github.com/libjpeg-
                   |                            |turbo/libjpeg-turbo/issues/
                   |                            |615

--- Comment #5 from Alexey Dokuchaev <danfe@FreeBSD.org> ---
(In reply to dgilbert from comment #0)
> identified the function as jsimd_rgb_ycc_convert_avx2.columnloop(),
> but I'm not sure I trust that.
jsimd_rgb_ycc_convert_avx2[columnloop] to be precise, but it can be overridden
by passing specific JSIMD_FORCE{MMX,SSE,SSE2,etc.} environment variable.  Let's
disable SIMD altogether and see how it goes:

$ env JSIMD_FORCENONE=1 gdb %wrkdir%/fbida-2.14/build/exiftran/exiftran
$ r -g -o foo1.jpg foo.jpg
Program received signal SIGBUS, Bus error.
Object-specific hardware error.
0x00000008010d24b7 in rgb_ycc_convert_internal (cinfo=0x7fffffffe148,
input_buf=0x801ac18c8, output_buf=0x801a5b750, output_row=1, num_rows=0) at
%wrkdir%/libjpeg-turbo-2.1.4/jccolext.c:51
51            r = inptr[RGB_RED];
(gdb) p inptr
$1 = (JSAMPROW) 0x3b3b3939392b2b2b <error: Cannot access memory at address
0x3b3b3939392b2b2b>
(gdb)

Note that similar bug report had been filed at their GitHub (linked) and
immediately closed as libjpeg's API is admittedly not very user-friendly or
user-proof, and specially crafted image can crash it.  I'm not sure if/how
should we pursue this from the FreeBSD side.

-- 
You are receiving this mail because:
You are the assignee for the bug.