Open
Description
I was running guetzli v1.0, and I encountered a runtime error: shift exponent -219 is negative.
The detailed error message is as follows:
guetzli/jpeg_bit_writer.h:42:25: runtime error: shift exponent -219 is negative
#0 0x559261e26aa5 in guetzli::BitWriter::WriteBits(int, unsigned long) guetzli/jpeg_bit_writer.h:42:25
#1 0x559261e1aec6 in guetzli::(anonymous namespace)::EncodeDCTBlockSequential(short const*, guetzli::HuffmanCodeTable const&, guetzli::HuffmanCodeTable const&, short*, guetzli::BitWriter*) /data/apr/llmfixed-fuzzer-test-suite/guetzli-2017-3-30/build/BUILD/guetzli/jpeg_data_writer.cc:493:9
#2 0x559261e1aec6 in guetzli::(anonymous namespace)::EncodeScan(guetzli::JPEGData const&, std::__debug::vector<guetzli::HuffmanCodeTable, std::allocator<guetzli::HuffmanCodeTable> > const&, std::__debug::vector<guetzli::HuffmanCodeTable, std::allocator<guetzli::HuffmanCodeTable> > const&, guetzli::JPEGOutput) /data/apr/llmfixed-fuzzer-test-suite/guetzli-2017-3-30/build/BUILD/guetzli/jpeg_data_writer.cc:521:13
#3 0x559261e1aec6 in guetzli::WriteJpeg(guetzli::JPEGData const&, bool, guetzli::JPEGOutput) /data/apr/llmfixed-fuzzer-test-suite/guetzli-2017-3-30/build/BUILD/guetzli/jpeg_data_writer.cc:550:11
#4 0x559261da1e9d in guetzli::(anonymous namespace)::Processor::OutputJpeg(guetzli::JPEGData const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*) /data/apr/llmfixed-fuzzer-test-suite/guetzli-2017-3-30/build/BUILD/guetzli/processor.cc:119:8
#5 0x559261db8933 in guetzli::(anonymous namespace)::Processor::TryQuantMatrix(guetzli::JPEGData const&, float, int (*) [64], guetzli::OutputImage*) /data/apr/llmfixed-fuzzer-test-suite/guetzli-2017-3-30/build/BUILD/guetzli/processor.cc:297:5
#6 0x559261d9cb99 in guetzli::(anonymous namespace)::Processor::SelectQuantMatrix(guetzli::JPEGData const&, bool, int (*) [64], guetzli::OutputImage*) /data/apr/llmfixed-fuzzer-test-suite/guetzli-2017-3-30/build/BUILD/guetzli/processor.cc:332:22
#7 0x559261d9cb99 in guetzli::(anonymous namespace)::Processor::ProcessJpegData(guetzli::Params const&, guetzli::JPEGData const&, guetzli::Comparator*, guetzli::GuetzliOutput*, guetzli::ProcessStats*) /data/apr/llmfixed-fuzzer-test-suite/guetzli-2017-3-30/build/BUILD/guetzli/processor.cc:840:10
#8 0x559261d9cb99 in guetzli::ProcessJpegData(guetzli::Params const&, guetzli::JPEGData const&, guetzli::Comparator*, guetzli::GuetzliOutput*, guetzli::ProcessStats*) /data/apr/llmfixed-fuzzer-test-suite/guetzli-2017-3-30/build/BUILD/guetzli/processor.cc:866:20
#9 0x559261da07c7 in guetzli::Process(guetzli::Params const&, guetzli::ProcessStats*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*) /data/apr/llmfixed-fuzzer-test-suite/guetzli-2017-3-30/build/BUILD/guetzli/processor.cc:895:13
#10 0x559261d61dfa in LLVMFuzzerTestOneInput /data/apr/llmfixed-fuzzer-test-suite/guetzli-2017-3-30/build/BUILD/fuzz_target.cc:22:9
#11 0x559261c04a50 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /home/build-user/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13
#12 0x559261bf7e54 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /home/build-user/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
#13 0x559261bfd367 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /home/build-user/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:859:9
#14 0x559261c18832 in main /home/build-user/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#15 0x7fade8ce3082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 0702430aef5fa3dda43986563e9ffcc47efbd75e)
#16 0x559261bf4a9d in _start (/data/apr/llmfixed-fuzzer-test-suite/guetzli-2017-3-30/build/guetzli-fuzzer+0xf4a9d)
Here is the crash poc: crash-1.zip
Thank you for your attention to this matter.
Metadata
Metadata
Assignees
Labels
No labels