fixed crash in cornersubpix.cpp/samplers.cpp (Bugfix #3402)
| Status: | Done | Start date: | 2013-11-26 |
|---|---|---|---|
| Priority: | High | Due date: | |
| Assignee: |  Vadim Pisarevsky |
% Done: | 100% |
| Category: | imgproc, video | ||
| Target version: | 2.4.8 | Estimated time: | 0.00 hour |
| Affected version: | 2.4.7 (latest release) | Operating System: | Linux |
| Difficulty: | Easy | HW Platform: | x64 |
| Pull request: | https://github.com/Itseez/opencv/pull/1870 |
Description
cvFindCornerSubpix is able to generate corner position updates far away from the image (if the determinant of the corner patch is very small).
This leads to large positive numbers which lead to integer wrap arounds (negative values) when win_size is added. This results in access errors in samplers.cpp (i.e. invalid memory accesses and thus crashes).
E.g. modules/imgproc/src/samplers.cpp:167
if( 0 <= ip.x && ip.x + win_size.width < src_size.width && \
Let's say ip.x is INT_MAX-5 (read: HUGE), and win_size.width is 6.
--> first check passes (ip.x is positive)
--> second check passes, as INT_MAX-5+6 = INT_MIN
gcc 4.7.1, 64bit Alces HPC Linux
Associated revisions
Merge pull request #3402 from vpisarev:fixed_python_tests
History
Updated by Victor Kocheganov over 11 years ago
Hello Eric,
and thank you for submitting this issue, and moreover for fixing it by yourself (!). This is always appreciated by the OpenCV community.
Updated by Daniil Osokin over 11 years ago
Hi Eric, thank you for PR!
Updated by Nikita Manovich about 11 years ago
The pull request was merged. Thus I have closed the bug.
- Status changed from New to Open
Updated by Nikita Manovich about 11 years ago
- Status changed from Open to Done