CVE-2022-43594,CVE-2022-43595
Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabilities.
The versions below were either tested or verified to be vulnerable by Talos or confirmed to be vulnerable by the vendor.
OpenImageIO Project OpenImageIO v2.4.4.2
OpenImageIO - https://github.com/OpenImageIO/oiio
5.9 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
OpenImageIO is an image processing library with easy to use interfaces and a sizable amount of supported image formats. Useful for conversion and processing and even image comparison, this library is utilized by 3d-processing software from AliceVision (including Meshroom) and is also used by Blender for reading Photoshop .psd files.
Along with parsing files of various formats, libOpenImageIO is also capable of creating new files in these formats. For instance, if we look briefly at the OpenImageIO iconvert utility as an example, there are two functions capable of doing this image creation:
static bool
convert_file(const std::string& in_filename, const std::string& out_filename)
{
// [...]
// Find an ImageIO plugin that can open the input file, and open it.
auto in = ImageInput::open(in_filename); // [1]
// [...]
ImageSpec inspec = in->spec(); // [2]
// Find an ImageIO plugin that can open the output file, and open it
auto out = ImageOutput::create(tempname); // [3]
// [...]
if (!nocopy) {
ok = out->copy_image(in.get()); // [4]
if (!ok)
std::cerr << "iconvert ERROR copying \"" << in_filename
<< "\" to \"" << out_filename << "\" :\n\t"
<< out->geterror() << "\n";
} else {
// Need to do it by hand for some reason. Future expansion in which
// only a subset of channels are copied, or some such.
std::vector<char> pixels((size_t)outspec.image_bytes(true));
ok = in->read_image(subimage, miplevel, 0, outspec.nchannels, // [5]
outspec.format, &pixels[0]);
if (!ok) {
std::cerr << "iconvert ERROR reading \"" << in_filename
<< "\" : " << in->geterror() << "\n";
} else {
ok = out->write_image(outspec.format, &pixels[0]); // [6]
if (!ok)
std::cerr << "iconvert ERROR writing \"" << out_filename
<< "\" : " << out->geterror() << "\n";
}
}
++miplevel;
} while (ok && in->seek_subimage(subimage, miplevel, inspec));
}
out->close(); // [7]
in->close();
The most important pieces are that we have an ImageInput object [1], an input specification [2] and an output image (whose type is determined by the filename extension) [3]. An output specification can be copied from the input specification and modified in case of incompatibilities with the output format. Subsequently we can either call ImageOutput::copy_image(in.get()) [4] or read the input into a buffer at [5] and then write the buffer to our ImageOutput at [6]. Now, it’s worth noting we cannot really know how libOpenImageIO will get its input images and specifications, and so the ImageOutput vulnerabilities are all applicable only in situations where an attacker can control the input file or specification that is then used to generate an ImageOutput object (like above).
If we end up hitting the functions to output a .bmp file, a curious code flow can occur upon hitting the necessary out->close() at [7]:
bool
BmpOutput::close(void)
{
if (!ioproxy_opened()) { // already closed
init();
return true;
}
bool ok = true;
if (m_spec.tile_width) {
// Handle tile emulation -- output the buffered pixels
OIIO_DASSERT(m_tilebuffer.size());
ok &= write_scanlines(m_spec.y, m_spec.y + m_spec.height, 0, // here
m_spec.format, &m_tilebuffer[0]);
std::vector<unsigned char>().swap(m_tilebuffer);
}
init();
return ok;
}
Assuming that our output specification has a .tile_width, we end up hitting the ImageOutput::write_scanlines function at [8] such that our buffered pixels can actually be written to our output file:
bool
ImageOutput::write_scanlines(int ybegin, int yend, int z, TypeDesc format,
const void* data, stride_t xstride,
stride_t ystride)
{
// Default implementation: write each scanline individually
stride_t native_pixel_bytes = (stride_t)m_spec.pixel_bytes(true);
if (format == TypeDesc::UNKNOWN && xstride == AutoStride)
xstride = native_pixel_bytes;
stride_t zstride = AutoStride;
m_spec.auto_stride(xstride, ystride, zstride, format, m_spec.nchannels,
m_spec.width, yend - ybegin);
bool ok = true;
for (int y = ybegin; ok && y < yend; ++y) {
ok &= write_scanline(y, z, format, data, xstride); // [9]
data = (char*)data + ystride;
}
return ok;
}
Since the ImageOutput class is generic, it must call into the more specific BmpOutput::write_scanline function [9] to actually know how to write each scanline:
bool
BmpOutput::write_scanline(int y, int z, TypeDesc format, const void* data,
stride_t xstride)
{
if (y > m_spec.height) {
errorfmt("Attempt to write too many scanlines to {}", m_filename);
close();
return false;
}
And so if we get to BmpOutput::write_scanline with our m_spec.y value greater than our m_spec.height value [10], we end up hitting the BmpOutput::close() function again, which got us here in the first place. As such, infinite recursion is possible. This will usually result in our function stack trying to write into unmapped memory after a large number of recursions, followed by a denial of service. It’s important also to note that the BmpOutput::close() function does not need to be explicitly called, as the BmpOutput::~BmpOutput() destructor will also call it.
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /oiio/oiio-2.3.19.0/src/libOpenImageIO/exif.cpp:1445:5 in
AddressSanitizer:DEADLYSIGNAL
=================================================================
==705437==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc1f94df78 (pc 0x5627093b10a6 bp 0x7ffc1f94e7b0 sp 0x7ffc1f94df80 T0)
#0 0x5627093b10a6 in __asan_memcpy (/oiio/fuzzing/fancy_fuzz_oiio.bin+0xe70a6) (BuildId: 5bade06b90ea2ffdbd6743009ceb7e37dbce0d46)
#1 0x7f3949b0b6f8 in fmt::v7::appender fmt::v7::detail::write<char, fmt::v7::appender>(fmt::v7::appender, fmt::v7::basic_string_view<char>, fmt::v7::basic_format_specs<char> const&)::'lambda'(fmt::v7::appender)::operator()(fmt::v7::appender) const /oiio/oiio-2.3.19.0/build/include/OpenImageIO/detail/fmt/format.h:1562:66
#2 0x7f3949b064f6 in fmt::v7::appender fmt::v7::detail::write_padded<(fmt::v7::align::type)1, fmt::v7::appender, char, fmt::v7::appender fmt::v7::detail::write<char, fmt::v7::appender>(fmt::v7::appender, fmt::v7::basic_string_view<char>, fmt::v7::basic_format_specs<char> const&)::'lambda'(fmt::v7::appender)>(fmt::v7::appender, fmt::v7::basic_format_specs<char> const&, unsigned long, unsigned long, fmt::v7::appender fmt::v7::detail::write<char, fmt::v7::appender>(fmt::v7::appender, fmt::v7::basic_string_view<char>, fmt::v7::basic_format_specs<char> const&)::'lambda'(fmt::v7::appender)&&) /oiio/oiio-2.3.19.0/build/include/OpenImageIO/detail/fmt/format.h:1289:8
#3 0x7f3949b053d6 in fmt::v7::appender fmt::v7::detail::write<char, fmt::v7::appender>(fmt::v7::appender, fmt::v7::basic_string_view<char>, fmt::v7::basic_format_specs<char> const&) /oiio/oiio-2.3.19.0/build/include/OpenImageIO/detail/fmt/format.h:1560:10
#4 0x7f3949b04217 in fmt::v7::appender fmt::v7::detail::write<char, fmt::v7::appender>(fmt::v7::appender, fmt::v7::basic_string_view<fmt::v7::type_identity<char>::type>, fmt::v7::basic_format_specs<char> const&, fmt::v7::detail::locale_ref) /oiio/oiio-2.3.19.0/build/include/OpenImageIO/detail/fmt/format.h:1570:10
#5 0x7f3949a2a912 in fmt::v7::appender fmt::v7::detail::arg_formatter<char>::operator()<fmt::v7::basic_string_view<char> >(fmt::v7::basic_string_view<char>) /oiio/oiio-2.3.19.0/build/include/OpenImageIO/detail/fmt/format.h:1986:12
#6 0x7f3949a2a912 in fmt::v7::detail::printf_arg_formatter<fmt::v7::appender, char>::operator()(fmt::v7::basic_string_view<char>) /oiio/oiio-2.3.19.0/build/include/OpenImageIO/detail/fmt/printf.h:284:18
#7 0x7f39499bfcc6 in decltype(fp(0)) fmt::v7::visit_format_arg<fmt::v7::detail::printf_arg_formatter<fmt::v7::appender, char>, fmt::v7::basic_printf_context<fmt::v7::appender, char> >(fmt::v7::detail::printf_arg_formatter<fmt::v7::appender, char>&&, fmt::v7::basic_format_arg<fmt::v7::basic_printf_context<fmt::v7::appender, char> > const&) /oiio/oiio-2.3.19.0/build/include/OpenImageIO/detail/fmt/core.h:1489:12
#8 0x7f39499bfcc6 in void fmt::v7::detail::vprintf<char, fmt::v7::basic_printf_context<fmt::v7::appender, char> >(fmt::v7::detail::buffer<char>&, fmt::v7::basic_string_view<char>, fmt::v7::basic_format_args<fmt::v7::basic_printf_context<fmt::v7::appender, char> >) /oiio/oiio-2.3.19.0/build/include/OpenImageIO/detail/fmt/printf.h:512:11
#9 0x7f39499acfd6 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > fmt::v7::vsprintf<fmt::v7::basic_string_view<char>, char>(fmt::v7::basic_string_view<char> const&, fmt::v7::basic_format_args<fmt::v7::basic_printf_context<std::conditional<std::is_same<fmt::v7::type_identity<char>::type, char>::value, fmt::v7::appender, std::back_insert_iterator<fmt::v7::detail::buffer<fmt::v7::type_identity<char>::type> > >::type, fmt::v7::type_identity<char>::type> >) /oiio/oiio-2.3.19.0/build/include/OpenImageIO/detail/fmt/printf.h:559:3
#10 0x7f394ecc0843 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > fmt::v7::sprintf<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, char>(char const* const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /oiio/oiio-2.3.19.0/build/include/OpenImageIO/detail/fmt/printf.h:576:10
#11 0x7f394ecb6da8 in void OpenImageIO_v2_3::ImageOutput::errorf<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >(char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) const /oiio/oiio-2.3.19.0/src/include/OpenImageIO/imageio.h:2382:22
#12 0x7f394f4c2297 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:140:9
#13 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#14 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#15 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#16 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#17 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#18 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#19 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#20 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#21 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#22 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#23 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#24 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#25 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#26 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#27 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#28 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#29 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#30 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#31 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#32 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#33 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#34 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#35 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#36 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#37 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#38 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#39 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#40 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#41 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#42 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#43 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#44 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#45 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#46 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#47 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#48 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#49 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#50 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#51 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#52 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#53 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#54 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#55 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#56 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#57 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#58 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#59 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#60 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#61 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#62 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#63 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#64 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#65 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#66 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#67 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#68 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#69 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#70 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#71 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#72 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#73 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#74 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#75 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#76 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#77 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#78 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#79 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#80 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#81 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#82 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#83 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#84 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#85 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#86 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#87 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#88 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#89 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#90 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#91 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#92 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#93 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#94 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#95 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#96 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#97 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#98 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#99 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#100 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#101 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#102 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#103 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#104 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#105 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#106 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#107 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#108 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#109 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#110 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#111 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#112 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#113 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#114 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#115 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#116 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#117 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#118 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#119 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#120 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#121 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#122 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#123 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#124 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#125 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#126 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#127 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#128 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#129 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#130 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#131 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#132 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#133 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#134 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#135 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#136 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#137 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#138 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#139 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#140 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#141 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#142 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#143 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#144 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#145 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#146 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#147 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#148 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#149 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#150 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#151 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#152 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#153 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#154 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#155 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#156 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#157 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#158 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#159 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#160 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#161 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#162 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#163 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#164 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#165 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#166 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#167 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#168 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#169 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#170 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#171 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#172 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#173 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#174 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#175 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#176 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#177 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#178 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#179 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#180 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#181 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#182 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#183 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#184 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#185 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#186 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#187 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#188 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#189 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#190 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#191 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#192 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#193 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#194 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#195 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#196 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#197 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#198 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#199 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#200 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#201 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#202 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#203 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#204 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#205 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#206 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#207 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#208 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#209 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#210 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#211 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#212 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#213 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#214 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#215 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#216 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#217 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#218 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#219 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#220 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#221 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#222 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#223 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#224 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#225 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#226 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#227 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#228 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#229 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#230 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#231 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#232 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#233 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#234 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#235 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#236 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#237 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#238 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#239 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#240 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#241 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#242 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#243 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#244 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#245 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
#246 0x7f394f4c2375 in OpenImageIO_v2_3::BmpOutput::write_scanline(int, int, OpenImageIO_v2_3::TypeDesc, void const*, long) /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:141:9
#247 0x7f394ec9b8d5 in OpenImageIO_v2_3::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_3::TypeDesc, void const*, long, long) /oiio/oiio-2.3.19.0/src/libOpenImageIO/imageoutput.cpp:107:15
#248 0x7f394f4c5cb6 in OpenImageIO_v2_3::BmpOutput::close() /oiio/oiio-2.3.19.0/src/bmp.imageio/bmpoutput.cpp:191:15
SUMMARY: AddressSanitizer: stack-overflow (/oiio/fuzzing/fancy_fuzz_oiio.bin+0xe70a6) (BuildId: 5bade06b90ea2ffdbd6743009ceb7e37dbce0d46) in __asan_memcpy
==705437==ABORTING
If we end up hitting the functions to output a .fits file, a curious code flow can occur upon hitting the necessary out->close() at [7]:
bool
FitsOutput::close(void)
{
if (!m_fd) { // already closed
init();
return true;
}
bool ok = true;
if (m_spec.tile_width) {
// Handle tile emulation -- output the buffered pixels
OIIO_ASSERT(m_tilebuffer.size());
ok &= write_scanlines(m_spec.y, m_spec.y + m_spec.height, 0, // [8]
m_spec.format, &m_tilebuffer[0]);
std::vector<unsigned char>().swap(m_tilebuffer);
}
fclose(m_fd);
init();
return ok;
}
Assuming that our output specification has a .tile_width, we end up hitting the ImageOutput::write_scanlines function at [8] such that our buffered pixels can actually be written to our output file:
bool
ImageOutput::write_scanlines(int ybegin, int yend, int z, TypeDesc format,
const void* data, stride_t xstride,
stride_t ystride)
{
// Default implementation: write each scanline individually
stride_t native_pixel_bytes = (stride_t)m_spec.pixel_bytes(true);
if (format == TypeDesc::UNKNOWN && xstride == AutoStride)
xstride = native_pixel_bytes;
stride_t zstride = AutoStride;
m_spec.auto_stride(xstride, ystride, zstride, format, m_spec.nchannels,
m_spec.width, yend - ybegin);
bool ok = true;
for (int y = ybegin; ok && y < yend; ++y) {
ok &= write_scanline(y, z, format, data, xstride); // [9]
data = (char*)data + ystride;
}
return ok;
}
Since the ImageOutput class is generic, it must call into the more specific FitsOutput::write_scanline function [9] to actually know how to write each scanline:
bool
FitsOutput::write_scanline(int y, int /*z*/, TypeDesc format, const void* data,
stride_t xstride)
{
if (m_spec.width == 0 && m_spec.height == 0)
return true;
if (y > m_spec.height) {
errorf("Attempt to write too many scanlines to %s", m_filename);
close();
return false;
}
And so if we get to FitsOutput::write_scanline with our m_spec.y value greater than our m_spec.height value [10], we end up hitting the FitsOutput::close() function again, which got us here in the first place. As such, infinite recursion is possible. This will usually result in our function stack trying to write into unmapped memory after a large number of recursions, followed by a denial of service. It’s important also to note that the FitsOutput::close() function does not need to be explicitly called, as the FitsOutput::~FitsOutput() destructor will also call it.
==579101==ERROR: AddressSanitizer: stack-overflow on address 0x7fffff7fefd8 (pc 0x55555563b0b6 bp 0x7fffff7ff810 sp 0x7fffff7fefe0 T0)
[Detaching after fork from child process 579691]
#0 0x55555563b0b6 in __asan_memcpy (/oiio/fuzzing_release/fancy_fuzz_release.bin+0xe70b6) (BuildId: ce5542eefc0212375076a8627e2fda6c824d2578)
#1 0x7ffff01a3da3 in fmt::v7::appender fmt::v7::detail::copy_str<char, char const*>(char const*, char const*, fmt::v7::appender) /oiio/oiio-2.4.4.2/build/include/OpenImageIO/detail/fmt/core.h:1502:17
#2 0x7ffff02c2d03 in fmt::v7::appender fmt::v7::detail::write<char, fmt::v7::appender>(fmt::v7::appender, fmt::v7::basic_string_view<char>, fmt::v7::basic_format_specs<char> const&)::'lambda'(fmt::v7::appender)::operator()(fmt::v7::appender) const /home/thiefy/boop/a
ssorted_fuzzing/oiio/oiio-2.4.4.2/build/include/OpenImageIO/detail/fmt/format.h:1562:32
#3 0x7ffff02bdac6 in fmt::v7::appender fmt::v7::detail::write_padded<(fmt::v7::align::type)1, fmt::v7::appender, char, fmt::v7::appender fmt::v7::detail::write<char, fmt::v7::appender>(fmt::v7::appender, fmt::v7::basic_string_view<char>, fmt::v7::basic_format_specs<c
har> const&)::'lambda'(fmt::v7::appender)>(fmt::v7::appender, fmt::v7::basic_format_specs<char> const&, unsigned long, unsigned long, fmt::v7::appender fmt::v7::detail::write<char, fmt::v7::appender>(fmt::v7::appender, fmt::v7::basic_string_view<char>, fmt::v7::basic_fo$
mat_specs<char> const&)::'lambda'(fmt::v7::appender)&&) /oiio/oiio-2.4.4.2/build/include/OpenImageIO/detail/fmt/format.h:1289:8
#4 0x7ffff02bc9a6 in fmt::v7::appender fmt::v7::detail::write<char, fmt::v7::appender>(fmt::v7::appender, fmt::v7::basic_string_view<char>, fmt::v7::basic_format_specs<char> const&) /oiio/oiio-2.4.4.2/build/include/OpenImageIO/detail
/fmt/format.h:1560:10
#5 0x7ffff02bb7e7 in fmt::v7::appender fmt::v7::detail::write<char, fmt::v7::appender>(fmt::v7::appender, fmt::v7::basic_string_view<fmt::v7::type_identity<char>::type>, fmt::v7::basic_format_specs<char> const&, fmt::v7::detail::locale_ref) /home/thiefy/boop/assorted
_fuzzing/oiio/oiio-2.4.4.2/build/include/OpenImageIO/detail/fmt/format.h:1570:10
#6 0x7ffff01e1ee2 in fmt::v7::appender fmt::v7::detail::arg_formatter<char>::operator()<fmt::v7::basic_string_view<char> >(fmt::v7::basic_string_view<char>) /oiio/oiio-2.4.4.2/build/include/OpenImageIO/detail/fmt/format.h:1986:12
#7 0x7ffff01e1ee2 in fmt::v7::detail::printf_arg_formatter<fmt::v7::appender, char>::operator()(fmt::v7::basic_string_view<char>) /oiio/oiio-2.4.4.2/build/include/OpenImageIO/detail/fmt/printf.h:284:18
#8 0x7ffff0177296 in decltype(fp(0)) fmt::v7::visit_format_arg<fmt::v7::detail::printf_arg_formatter<fmt::v7::appender, char>, fmt::v7::basic_printf_context<fmt::v7::appender, char> >(fmt::v7::detail::printf_arg_formatter<fmt::v7::appender, char>&&, fmt::v7::basic_fo
rmat_arg<fmt::v7::basic_printf_context<fmt::v7::appender, char> > const&) /oiio/oiio-2.4.4.2/build/include/OpenImageIO/detail/fmt/core.h:1489:12
#9 0x7ffff0177296 in void fmt::v7::detail::vprintf<char, fmt::v7::basic_printf_context<fmt::v7::appender, char> >(fmt::v7::detail::buffer<char>&, fmt::v7::basic_string_view<char>, fmt::v7::basic_format_args<fmt::v7::basic_printf_context<fmt::v7::appender, char> >) /h
ome/thiefy/boop/assorted_fuzzing/oiio/oiio-2.4.4.2/build/include/OpenImageIO/detail/fmt/printf.h:512:11
#10 0x7ffff01645a6 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > fmt::v7::vsprintf<fmt::v7::basic_string_view<char>, char>(fmt::v7::basic_string_view<char> const&, fmt::v7::basic_format_args<fmt::v7::basic_printf_context<std::cond
itional<std::is_same<fmt::v7::type_identity<char>::type, char>::value, fmt::v7::appender, std::back_insert_iterator<fmt::v7::detail::buffer<fmt::v7::type_identity<char>::type> > >::type, fmt::v7::type_identity<char>::type> >) /oiio/oiio-
2.4.4.2/build/include/OpenImageIO/detail/fmt/printf.h:559:3
#11 0x7ffff2ed6043 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > fmt::v7::sprintf<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, char>(char const* const&, std::__cxx11::basic_string<c
har, std::char_traits<char>, std::allocator<char> > const&) /oiio/oiio-2.4.4.2/build/include/OpenImageIO/detail/fmt/printf.h:576:10
#12 0x7ffff2ec5fe8 in void OpenImageIO_v2_4::ImageOutput::errorf<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >(char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) const /home/thiefy/
boop/assorted_fuzzing/oiio/oiio-2.4.4.2/src/include/OpenImageIO/imageio.h:2436:22
#13 0x7ffff3962ef7 in OpenImageIO_v2_4::FitsOutput::write_scanline(int, int, OpenImageIO_v2_4::TypeDesc, void const*, long) /oiio/oiio-2.4.4.2/src/fits.imageio/fitsoutput.cpp:95:9
#14 0x7ffff2eaab15 in OpenImageIO_v2_4::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_4::TypeDesc, void const*, long, long) /oiio/oiio-2.4.4.2/src/libOpenImageIO/imageoutput.cpp:113:15
#15 0x7ffff3965f85 in OpenImageIO_v2_4::FitsOutput::close() /oiio/oiio-2.4.4.2/src/fits.imageio/fitsoutput.cpp:158:15
#16 0x7ffff3962fd5 in OpenImageIO_v2_4::FitsOutput::write_scanline(int, int, OpenImageIO_v2_4::TypeDesc, void const*, long) /oiio/oiio-2.4.4.2/src/fits.imageio/fitsoutput.cpp:96:9
#17 0x7ffff2eaab15 in OpenImageIO_v2_4::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_4::TypeDesc, void const*, long, long) /oiio/oiio-2.4.4.2/src/libOpenImageIO/imageoutput.cpp:113:15
#18 0x7ffff3965f85 in OpenImageIO_v2_4::FitsOutput::close() /oiio/oiio-2.4.4.2/src/fits.imageio/fitsoutput.cpp:158:15
#19 0x7ffff3962fd5 in OpenImageIO_v2_4::FitsOutput::write_scanline(int, int, OpenImageIO_v2_4::TypeDesc, void const*, long) /oiio/oiio-2.4.4.2/src/fits.imageio/fitsoutput.cpp:96:9
#20 0x7ffff2eaab15 in OpenImageIO_v2_4::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_4::TypeDesc, void const*, long, long) /oiio/oiio-2.4.4.2/src/libOpenImageIO/imageoutput.cpp:113:15
#21 0x7ffff3965f85 in OpenImageIO_v2_4::FitsOutput::close() /oiio/oiio-2.4.4.2/src/fits.imageio/fitsoutput.cpp:158:15
#22 0x7ffff3962fd5 in OpenImageIO_v2_4::FitsOutput::write_scanline(int, int, OpenImageIO_v2_4::TypeDesc, void const*, long) /oiio/oiio-2.4.4.2/src/fits.imageio/fitsoutput.cpp:96:9
#23 0x7ffff2eaab15 in OpenImageIO_v2_4::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_4::TypeDesc, void const*, long, long) /oiio/oiio-2.4.4.2/src/libOpenImageIO/imageoutput.cpp:113:15
#24 0x7ffff3965f85 in OpenImageIO_v2_4::FitsOutput::close() /oiio/oiio-2.4.4.2/src/fits.imageio/fitsoutput.cpp:158:15
#25 0x7ffff3962fd5 in OpenImageIO_v2_4::FitsOutput::write_scanline(int, int, OpenImageIO_v2_4::TypeDesc, void const*, long) /oiio/oiio-2.4.4.2/src/fits.imageio/fitsoutput.cpp:96:9
#26 0x7ffff2eaab15 in OpenImageIO_v2_4::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_4::TypeDesc, void const*, long, long) /oiio/oiio-2.4.4.2/src/libOpenImageIO/imageoutput.cpp:113:15
#27 0x7ffff3965f85 in OpenImageIO_v2_4::FitsOutput::close() /oiio/oiio-2.4.4.2/src/fits.imageio/fitsoutput.cpp:158:15
#28 0x7ffff3962fd5 in OpenImageIO_v2_4::FitsOutput::write_scanline(int, int, OpenImageIO_v2_4::TypeDesc, void const*, long) /oiio/oiio-2.4.4.2/src/fits.imageio/fitsoutput.cpp:96:9
#29 0x7ffff2eaab15 in OpenImageIO_v2_4::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_4::TypeDesc, void const*, long, long) /oiio/oiio-2.4.4.2/src/libOpenImageIO/imageoutput.cpp:113:15
#30 0x7ffff3965f85 in OpenImageIO_v2_4::FitsOutput::close() /oiio/oiio-2.4.4.2/src/fits.imageio/fitsoutput.cpp:158:15
#31 0x7ffff3962fd5 in OpenImageIO_v2_4::FitsOutput::write_scanline(int, int, OpenImageIO_v2_4::TypeDesc, void const*, long) /oiio/oiio-2.4.4.2/src/fits.imageio/fitsoutput.cpp:96:9
#32 0x7ffff2eaab15 in OpenImageIO_v2_4::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_4::TypeDesc, void const*, long, long) /oiio/oiio-2.4.4.2/src/libOpenImageIO/imageoutput.cpp:113:15
#33 0x7ffff3965f85 in OpenImageIO_v2_4::FitsOutput::close() /oiio/oiio-2.4.4.2/src/fits.imageio/fitsoutput.cpp:158:15
#34 0x7ffff3962fd5 in OpenImageIO_v2_4::FitsOutput::write_scanline(int, int, OpenImageIO_v2_4::TypeDesc, void const*, long) /oiio/oiio-2.4.4.2/src/fits.imageio/fitsoutput.cpp:96:9
#35 0x7ffff2eaab15 in OpenImageIO_v2_4::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_4::TypeDesc, void const*, long, long) /oiio/oiio-2.4.4.2/src/libOpenImageIO/imageoutput.cpp:113:15
#36 0x7ffff3965f85 in OpenImageIO_v2_4::FitsOutput::close() /oiio/oiio-2.4.4.2/src/fits.imageio/fitsoutput.cpp:158:15
#37 0x7ffff3962fd5 in OpenImageIO_v2_4::FitsOutput::write_scanline(int, int, OpenImageIO_v2_4::TypeDesc, void const*, long) /oiio/oiio-2.4.4.2/src/fits.imageio/fitsoutput.cpp:96:9
#38 0x7ffff2eaab15 in OpenImageIO_v2_4::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_4::TypeDesc, void const*, long, long) /oiio/oiio-2.4.4.2/src/libOpenImageIO/imageoutput.cpp:113:15
#39 0x7ffff3965f85 in OpenImageIO_v2_4::FitsOutput::close() /oiio/oiio-2.4.4.2/src/fits.imageio/fitsoutput.cpp:158:15
#40 0x7ffff3962fd5 in OpenImageIO_v2_4::FitsOutput::write_scanline(int, int, OpenImageIO_v2_4::TypeDesc, void const*, long) /oiio/oiio-2.4.4.2/src/fits.imageio/fitsoutput.cpp:96:9
#41 0x7ffff2eaab15 in OpenImageIO_v2_4::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_4::TypeDesc, void const*, long, long) /oiio/oiio-2.4.4.2/src/libOpenImageIO/imageoutput.cpp:113:15
#42 0x7ffff3965f85 in OpenImageIO_v2_4::FitsOutput::close() /oiio/oiio-2.4.4.2/src/fits.imageio/fitsoutput.cpp:158:15
#43 0x7ffff3962fd5 in OpenImageIO_v2_4::FitsOutput::write_scanline(int, int, OpenImageIO_v2_4::TypeDesc, void const*, long) /oiio/oiio-2.4.4.2/src/fits.imageio/fitsoutput.cpp:96:9
#44 0x7ffff2eaab15 in OpenImageIO_v2_4::ImageOutput::write_scanlines(int, int, int, OpenImageIO_v2_4::TypeDesc, void const*, long, long) /oiio/oiio-2.4.4.2/src/libOpenImageIO/imageoutput.cpp:113:15
#45 0x7ffff3965f85 in OpenImageIO_v2_4::FitsOutput::close() /oiio/oiio-2.4.4.2/src/fits.imageio/fitsoutput.cpp:158:15
#46 0x7ffff3962fd5 in OpenImageIO_v2_4::FitsOutput::write_scanline(int, int, OpenImageIO_v2_4::TypeDesc, void const*, long) /oiio/oiio-2.4.4.2/src/fits.imageio/fitsoutput.cpp:96:9
#7260 0x00007ffff3965f86 in OpenImageIO_v2_4::FitsOutput::close (this=0x613000004f00) at /oiio/oiio-2.4.4.2/src/fits.imageio/fitsoutput.cpp:158
#7261 0x00007ffff3962fd6 in OpenImageIO_v2_4::FitsOutput::write_scanline (this=0x613000004f00, y=524288, format=..., data=0x7fffe8ccf800, xstride=3) at /oiio/oiio-2.4.4.2/src/fits.imageio/fitsoutput.cpp:96
#7262 0x00007ffff2eaab16 in OpenImageIO_v2_4::ImageOutput::write_scanlines (this=0x613000004f00, ybegin=524288, yend=524800, z=0, format=..., data=0x7fffe8ccf800, xstride=3, ystride=384) at /oiio/oiio-2.4.4.2/src/libOpenImageIO/imageoutput.cpp:113
#7263 0x00007ffff2ec064b in OpenImageIO_v2_4::ImageOutput::write_image (this=0x613000004f00, format=..., data=0x7fffe8ccf800, xstride=3, ystride=384, zstride=196608, progress_callback=0x0, progress_callback_data=0x0) at /oiio/oiio-2.4.4.2/src/libOpenImageIO/imageoutput.cpp:526
#7264 0x000055555567c3aa in LLVMFuzzerTestOneInput (Data=0x61b000000780 "II*", Size=1410) at ./fancy_oiio.cpp:308
#7265 0x000055555559f734 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) ()
#7266 0x00005555555894b0 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) ()
#7267 0x000055555558f207 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) ()
#7268 0x00005555555b9023 in main ()
SUMMARY: AddressSanitizer: stack-overflow (/oiio/fuzzing_release/fancy_fuzz_release.bin+0xe70b6) (BuildId: ce5542eefc0212375076a8627e2fda6c824d2578) in __asan_memcpy
==579101==ABORTING
2022-11-14 - Vendor Disclosure
2022-12-03 - Vendor Patch Release
2022-12-22 - Public Release
Discovered by Lilith >_> of Cisco Talos.