Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/image/webp: infinite loop #56932

Closed
catenacyber opened this issue Nov 24, 2022 · 2 comments
Closed

x/image/webp: infinite loop #56932

catenacyber opened this issue Nov 24, 2022 · 2 comments
Labels
FrozenDueToAge
Milestone
Unreleased

Comments

@catenacyber
Copy link
Contributor

What version of Go are you using (go version)?

$ go version
go version go1.19 linux/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/root/.cache/go-build"
GOENV="/root/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/root/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/root/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/root/.go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/root/.go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.19"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD="/src/ngolo-fuzzing/go.mod"
GOWORK=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build2481516251=/tmp/go-build -gno-record-gcc-switches"

What did you do?

Run https://go.dev/play/p/cJlF9HwR2xU?v=gotip

What did you expect to see?

The program finishing and printing Hello

What did you see instead?

Just


Program exited.

It is taking more than 10 seconds locally and not finishing...

Found by https://github.com/catenacyber/ngolo-fuzzing with oss-fuzz :
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53720
@seankhliao seankhliao changed the title golang.org/x/image/webp: infinite loop x/image/webp: infinite loop Nov 24, 2022
@gopherbot gopherbot added this to the Unreleased milestone Nov 24, 2022
@kkettinger
Copy link

In your example you have the following byte stream:
0x52, 0x49, 0x46, 0x46, 0x49, 0x49, 0x49, 0x49, 0x57, 0x45, 0x42, 0x50, 0x56, 0x50, 0x38, 0x4c, 0x58, 0x30, 0x58, 0x2f, 0x2f, 0xa, 0x6f, 0x0, 0x4, 0xc8, 0xc8, 0xc8

The riff/webp vp8l decoder finds a width and height of 12043 x 4098, and it actually creates the image in this size.
Here an complete example:

package main

import (
	"bytes"
	"fmt"
	"golang.org/x/image/webp"
	"time"
)

func main() {
	start := time.Now()

	data := []byte{0x52, 0x49, 0x46, 0x46, 0x49, 0x49, 0x49, 0x49, 0x57, 0x45, 0x42, 0x50, 0x56, 0x50, 0x38, 0x4c, 0x58, 0x30, 0x58, 0x2f, 0x2f, 0xa, 0x6f, 0x0, 0x4, 0xc8, 0xc8, 0xc8}
	image, err := webp.Decode(bytes.NewReader(data))
	if err != nil {
		panic(err)
	}
	fmt.Println(image.Bounds().Dx(), image.Bounds().Dy())

	elapsed := time.Since(start)
	fmt.Printf("Time elapsed: %s", elapsed)
}

It will output:

12043 4098
Time elapsed: 2.5472331s

The playground has time execution, cpu and memory restrictions, which you are hitting with the large image you are creating.

@catenacyber
Copy link
Contributor Author

Right, Thanks Kevin, I guess I was not patient enough...

@golang golang locked and limited conversation to collaborators Nov 25, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
3 participants
@gopherbot @catenacyber @kkettinger