| commit ccc277247ac1a7aef0a90353edcdec35fbc5903c |
| Author: Nano <nanoapezlk@gmail.com> |
| Date: Wed Apr 26 15:09:52 2023 +0800 |
| |
| fix(wechat_qrcode): Init nBytes after the count value is determined (#3480) |
| |
| * fix(wechat_qrcode): Initialize nBytes after the count value is determined |
| |
| * fix(wechat_qrcode): Incorrect count data repair |
| |
| * chore: format expr |
| |
| * fix(wechat_qrcode): Avoid null pointer exception |
| |
| * fix(wechat_qrcode): return when bytes_ is empty |
| |
| * test(wechat_qrcode): add test case |
| |
| --------- |
| |
| Co-authored-by: GZTime <Time.GZ@outlook.com> |
| |
| CVE: CVE-2023-2617 |
| |
| Upstream-Status: Backport [https://github.com/opencv/opencv_contrib/commit/ccc277247ac1a7aef0a90353edcdec35fbc5903c] |
| |
| Signed-off-by: Soumya <soumya.sambu@windriver.com> |
| --- |
| |
| diff --git a/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp b/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp |
| index 05de793c..b3a0a69c 100644 |
| --- a/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp |
| +++ b/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp |
| @@ -65,7 +65,8 @@ void DecodedBitStreamParser::append(std::string& result, string const& in, |
| |
| void DecodedBitStreamParser::append(std::string& result, const char* bufIn, size_t nIn, |
| ErrorHandler& err_handler) { |
| - if (err_handler.ErrCode()) return; |
| + // avoid null pointer exception |
| + if (err_handler.ErrCode() || bufIn == nullptr) return; |
| #ifndef NO_ICONV_INSIDE |
| if (nIn == 0) { |
| return; |
| @@ -190,16 +191,20 @@ void DecodedBitStreamParser::decodeByteSegment(Ref<BitSource> bits_, string& res |
| CharacterSetECI* currentCharacterSetECI, |
| ArrayRef<ArrayRef<char> >& byteSegments, |
| ErrorHandler& err_handler) { |
| - int nBytes = count; |
| BitSource& bits(*bits_); |
| // Don't crash trying to read more bits than we have available. |
| int available = bits.available(); |
| // try to repair count data if count data is invalid |
| if (count * 8 > available) { |
| - count = (available + 7 / 8); |
| + count = (available + 7) / 8; |
| } |
| + size_t nBytes = count; |
| + |
| + ArrayRef<char> bytes_(nBytes); |
| + // issue https://github.com/opencv/opencv_contrib/issues/3478 |
| + if (bytes_->empty()) |
| + return; |
| |
| - ArrayRef<char> bytes_(count); |
| char* readBytes = &(*bytes_)[0]; |
| for (int i = 0; i < count; i++) { |
| // readBytes[i] = (char) bits.readBits(8); |
| diff --git a/modules/wechat_qrcode/test/test_qrcode.cpp b/modules/wechat_qrcode/test/test_qrcode.cpp |
| index d59932b8..ec2559b0 100644 |
| --- a/modules/wechat_qrcode/test/test_qrcode.cpp |
| +++ b/modules/wechat_qrcode/test/test_qrcode.cpp |
| @@ -455,5 +455,16 @@ TEST_P(Objdetect_QRCode_Easy_Multi, regression) { |
| std::string qrcode_model_path[] = {"", "dnn/wechat_2021-01"}; |
| INSTANTIATE_TEST_CASE_P(/**/, Objdetect_QRCode_Easy_Multi, testing::ValuesIn(qrcode_model_path)); |
| |
| +TEST(Objdetect_QRCode_bug, issue_3478) { |
| + auto detector = wechat_qrcode::WeChatQRCode(); |
| + std::string image_path = findDataFile("qrcode/issue_3478.png"); |
| + Mat src = imread(image_path, IMREAD_GRAYSCALE); |
| + ASSERT_FALSE(src.empty()) << "Can't read image: " << image_path; |
| + std::vector<std::string> outs = detector.detectAndDecode(src); |
| + ASSERT_EQ(1, (int) outs.size()); |
| + ASSERT_EQ(16, (int) outs[0].size()); |
| + ASSERT_EQ("KFCVW50 ", outs[0]); |
| +} |
| + |
| } // namespace |
| } // namespace opencv_test |