Panic when reading jpeg
frewsxcv opened this issue · comments
extern crate image;
use std::io::Cursor;
use image::ImageDecoder;
fn main() {
let input = b"\xff\xda\x30\x30\x30\x30\x30".to_vec();
let c = Cursor::new(input);
let _ = image::jpeg::JPEGDecoder::new(c).read_image();
}coreyf@frewbook-pro /t/tmp (master)> cargo run
Compiling tmp v0.1.0 (file:///private/tmp/tmp)
Running `target/debug/tmp`
thread '<main>' panicked at 'called `Option::unwrap()` on a `None` value', ../src/libcore/option.rs:365
Process didn't exit successfully: `target/debug/tmp` (exit code: 101)
found using afl.rs
Here's a backtrace:
9: 0x557b484c749a - option::_<impl>::unwrap::unwrap::h15182871008768225708
at ../src/libcore/macros.rs:20
10: 0x557b484c6f13 - jpeg::decoder::_<impl>::read_scan_header::read_scan_header::h6101705012787530129
at src/jpeg/decoder.rs:393
11: 0x557b484b6651 - jpeg::decoder::_<impl>::read_metadata::read_metadata::h10468609051219687808
at src/jpeg/decoder.rs:280
12: 0x557b484b5a38 - jpeg::decoder::_<impl>::read_image::read_image::h9136914022092451839
at src/jpeg/decoder.rs:600
The line doing the unwrapping is:
let c = self.components.get_mut(&(id as usize)).unwrap();
Yes, the JPEG is invalid, still shouldn’t crash of course.