SIGSEGV when enroll finger print
libfprint
source code version:
commit 7962d8cdab66cafa39c0fac9e1907889e10077ee
Author: Bastien Nocera <hadess@hadess.net>
Date: Fri Sep 28 15:59:45 2018 +0200
build: Fix build with no drivers using imaging_dep
Closes: #109
Memory overflow catched by valgrind:
$ valgrind --tool=memcheck --leak-check=full fingerprint-gui -d
==20729== Memcheck, a memory error detector
==20729== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==20729== Using Valgrind-3.14.0.RC2 and LibVEX; rerun with -h for copyright info
==20729== Command: fingerprint-gui -d
==20729==
==20729== Thread 7 FingerprintDevic:
==20729== Invalid write of size 4
==20729== at 0x4AC1F1F: minutiae_to_xyt (fpi-img.c:286)
==20729== by 0x4AC2211: fpi_img_to_print_data (fpi-img.c:355)
==20729== by 0x4AC0805: fpi_imgdev_image_captured (fpi-dev-img.c:256)
==20729== by 0x4AD9AA5: submit_image (vfs5011.c:410)
==20729== by 0x4ADA00F: activate_loop_complete (vfs5011.c:741)
==20729== by 0x4AC2C60: fpi_ssm_mark_completed (fpi-ssm.c:215)
==20729== by 0x4AC2DE9: fpi_ssm_next_state (fpi-ssm.c:246)
==20729== by 0x4AC2B2F: __subsm_complete (fpi-ssm.c:181)
==20729== by 0x4AC2C60: fpi_ssm_mark_completed (fpi-ssm.c:215)
==20729== by 0x4AC2DE9: fpi_ssm_next_state (fpi-ssm.c:246)
==20729== by 0x4AD9265: async_recv_cb (vfs5011.c:169)
==20729== by 0x489EA57: ??? (in /usr/lib/libusb-1.0.so.0.1.0)
==20729== Address 0x1225077c is 0 bytes after a block of size 2,412 alloc'd
==20729== at 0x4839BA5: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==20729== by 0x93E12A9: g_malloc0 (in /usr/lib/libglib-2.0.so.0.5800.1)
==20729== by 0x4ABEA7A: fpi_print_data_item_new (fpi-data.c:129)
==20729== by 0x4AC21DD: fpi_img_to_print_data (fpi-img.c:353)
==20729== by 0x4AC0805: fpi_imgdev_image_captured (fpi-dev-img.c:256)
==20729== by 0x4AD9AA5: submit_image (vfs5011.c:410)
==20729== by 0x4ADA00F: activate_loop_complete (vfs5011.c:741)
==20729== by 0x4AC2C60: fpi_ssm_mark_completed (fpi-ssm.c:215)
==20729== by 0x4AC2DE9: fpi_ssm_next_state (fpi-ssm.c:246)
==20729== by 0x4AC2B2F: __subsm_complete (fpi-ssm.c:181)
==20729== by 0x4AC2C60: fpi_ssm_mark_completed (fpi-ssm.c:215)
==20729== by 0x4AC2DE9: fpi_ssm_next_state (fpi-ssm.c:246)
==20729==
--20729-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting
--20729-- si_code=1; Faulting address: 0x5A00000087; sp: 0x100cdf7e00
A possible fix, i have no enough knowledge on libfprint, maybe the following modification not resolve the real problem:
diff --git a/libfprint/fpi-img.c b/libfprint/fpi-img.c
index da5b5b8..22412a6 100644
--- a/libfprint/fpi-img.c
+++ b/libfprint/fpi-img.c
@@ -280,6 +280,8 @@ static void minutiae_to_xyt(struct fp_minutiae *minutiae, int bwidth,
qsort((void *) &c, (size_t) nmin, sizeof(struct minutiae_struct),
sort_x_y);
+ nmin = min(nmin, sizeof(xyt->xcol)/sizeof(xyt->xcol[0]));
+
for (i = 0; i < nmin; i++) {
xyt->xcol[i] = c[i].col[0];
xyt->ycol[i] = c[i].col[1];