[Debian-med-packaging] Bug#816607: libcharls1: void EncoderStrategy::AppendToBitStream(LONG, LONG): Assertion `bitpos >=0' failed

Sjors Gielen debian at sjorsgielen.nl
Thu Mar 3 12:51:50 UTC 2016 

Package: libcharls1
Version: 1.0-6
Severity: important

Dear Maintainer,

I can reliably reproduce an assertion failure in LibCharLS version 1.0-6. My
investigation into this is still pending, but nonetheless I wanted to raise
this early so that we could discuss potential fixes.

The assertion happens in EncoderStrategy with very specific inputs, that occur
for me in production. From my early investigation, I can see that the
AppendToBitStream function is called while bitpos is 0, with a length of 31,
causing bitpos to become -31. The Flush() function is then called to raise
bitpos back to >= 0, but after 4 iterations bitpos is still at -1, causing an
assertion failure. I'm not sure yet about the semantic meaning of this, or
where the true bug is.

This bug has been known upstream for a while[0], and is said to be fixed in
master, but there has been no CharLS release for years and I haven't figured
out where it is fixed exactly just yet.

I can reproduce this bug by saving a lossless JPEG image through the DICOM
Toolkit. It appears I'm not the only one, as somebody reported this already in
2012[1] and a colleague of mine in 2014[2]. I will attempt to produce a fully
self-sufficient test case without DCMTK if needed.

[0] http://charls.codeplex.com/workitem/10742
[1] http://forum.dcmtk.org/viewtopic.php?f=1&t=3412
[2] https://bugs.launchpad.net/ubuntu/+source/charls/+bug/1329695

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.3.0-1-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libcharls1 depends on:
ii  libc6              2.21-9
ii  libgcc1            1:5.3.1-8
ii  libstdc++6         5.3.1-8
ii  multiarch-support  2.21-9

libcharls1 recommends no packages.

libcharls1 suggests no packages.

-- no debconf information

More information about the Debian-med-packaging mailing list