Package: libcharls1 Version: 1.0-6 Severity: important Dear Maintainer,
I can reliably reproduce an assertion failure in LibCharLS version 1.0-6. My investigation into this is still pending, but nonetheless I wanted to raise this early so that we could discuss potential fixes. The assertion happens in EncoderStrategy with very specific inputs, that occur for me in production. From my early investigation, I can see that the AppendToBitStream function is called while bitpos is 0, with a length of 31, causing bitpos to become -31. The Flush() function is then called to raise bitpos back to >= 0, but after 4 iterations bitpos is still at -1, causing an assertion failure. I'm not sure yet about the semantic meaning of this, or where the true bug is. This bug has been known upstream for a while[0], and is said to be fixed in master, but there has been no CharLS release for years and I haven't figured out where it is fixed exactly just yet. I can reproduce this bug by saving a lossless JPEG image through the DICOM Toolkit. It appears I'm not the only one, as somebody reported this already in 2012[1] and a colleague of mine in 2014[2]. I will attempt to produce a fully self-sufficient test case without DCMTK if needed. [0] http://charls.codeplex.com/workitem/10742 [1] http://forum.dcmtk.org/viewtopic.php?f=1&t=3412 [2] https://bugs.launchpad.net/ubuntu/+source/charls/+bug/1329695 -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.3.0-1-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libcharls1 depends on: ii libc6 2.21-9 ii libgcc1 1:5.3.1-8 ii libstdc++6 5.3.1-8 ii multiarch-support 2.21-9 libcharls1 recommends no packages. libcharls1 suggests no packages. -- no debconf information
