1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
commit ccc277247ac1a7aef0a90353edcdec35fbc5903c
Author: Nano <nanoapezlk@gmail.com>
Date: Wed Apr 26 15:09:52 2023 +0800
fix(wechat_qrcode): Init nBytes after the count value is determined (#3480)
* fix(wechat_qrcode): Initialize nBytes after the count value is determined
* fix(wechat_qrcode): Incorrect count data repair
* chore: format expr
* fix(wechat_qrcode): Avoid null pointer exception
* fix(wechat_qrcode): return when bytes_ is empty
* test(wechat_qrcode): add test case
---------
Co-authored-by: GZTime <Time.GZ@outlook.com>
CVE: CVE-2023-2617
Upstream-Status: Backport [https://github.com/opencv/opencv_contrib/commit/ccc277247ac1a7aef0a90353edcdec35fbc5903c]
Signed-off-by: Soumya <soumya.sambu@windriver.com>
---
diff --git a/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp b/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp
index 05de793c..b3a0a69c 100644
--- a/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp
+++ b/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp
@@ -65,7 +65,8 @@ void DecodedBitStreamParser::append(std::string& result, string const& in,
void DecodedBitStreamParser::append(std::string& result, const char* bufIn, size_t nIn,
ErrorHandler& err_handler) {
- if (err_handler.ErrCode()) return;
+ // avoid null pointer exception
+ if (err_handler.ErrCode() || bufIn == nullptr) return;
#ifndef NO_ICONV_INSIDE
if (nIn == 0) {
return;
@@ -190,16 +191,20 @@ void DecodedBitStreamParser::decodeByteSegment(Ref<BitSource> bits_, string& res
CharacterSetECI* currentCharacterSetECI,
ArrayRef<ArrayRef<char> >& byteSegments,
ErrorHandler& err_handler) {
- int nBytes = count;
BitSource& bits(*bits_);
// Don't crash trying to read more bits than we have available.
int available = bits.available();
// try to repair count data if count data is invalid
if (count * 8 > available) {
- count = (available + 7 / 8);
+ count = (available + 7) / 8;
}
+ size_t nBytes = count;
+
+ ArrayRef<char> bytes_(nBytes);
+ // issue https://github.com/opencv/opencv_contrib/issues/3478
+ if (bytes_->empty())
+ return;
- ArrayRef<char> bytes_(count);
char* readBytes = &(*bytes_)[0];
for (int i = 0; i < count; i++) {
// readBytes[i] = (char) bits.readBits(8);
diff --git a/modules/wechat_qrcode/test/test_qrcode.cpp b/modules/wechat_qrcode/test/test_qrcode.cpp
index d59932b8..ec2559b0 100644
--- a/modules/wechat_qrcode/test/test_qrcode.cpp
+++ b/modules/wechat_qrcode/test/test_qrcode.cpp
@@ -289,5 +289,16 @@ TEST_P(Objdetect_QRCode_Multi, regression) {
INSTANTIATE_TEST_CASE_P(/**/, Objdetect_QRCode_Curved, testing::ValuesIn(qrcode_images_curved));
// INSTANTIATE_TEST_CASE_P(/**/, Objdetect_QRCode_Multi, testing::ValuesIn(qrcode_images_multiple));
+TEST(Objdetect_QRCode_bug, issue_3478) {
+ auto detector = wechat_qrcode::WeChatQRCode();
+ std::string image_path = findDataFile("qrcode/issue_3478.png");
+ Mat src = imread(image_path, IMREAD_GRAYSCALE);
+ ASSERT_FALSE(src.empty()) << "Can't read image: " << image_path;
+ std::vector<std::string> outs = detector.detectAndDecode(src);
+ ASSERT_EQ(1, (int) outs.size());
+ ASSERT_EQ(16, (int) outs[0].size());
+ ASSERT_EQ("KFCVW50 ", outs[0]);
+}
+
} // namespace
} // namespace opencv_test
|
