Program received signal SIGILL, Illegal instruction. at category_decode in jfif.c:133

[ambrosecm]

Desctiption

When I used the category_decode function to handle a specific input, Program received signal SIGILL, Illegal instruction. at category_decode in jfif.c:133

ffjpeg/src/jfif.c

Lines 131 to 134 in caade60

	static int category_decode(int code, int size)
	{
	return code >= (1 << (size - 1)) ? code : code - (1 << size) + 1;
	}

Test Environment

Ubuntu 22.04.1, 64bit
ffjpeg(master caade60)
program source file

How to trigger

Download the poc file , program and run the following cmd:

 $ ./category_decode ./poc

Detail

GDB report

(gdb) r
Starting program: /home/ambrose/vsproject/HIMFuzz/harness/output/ffjpeg_deepseek24/crashes/jfif.c/jfif_decode/category_decode/category_decode output/default/crashes/id:000000,sig:04,src:000000,time:774,execs:335,op:havoc,rep:3
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGILL, Illegal instruction.
0x0000555555685eaf in category_decode (code=77, size=0) at /home/ambrose/vsproject/TestLib/ffjpeg/src/jfif.c:133
133         return code >= (1 << (size - 1)) ? code : code - (1 << size) + 1;
(gdb) bt
#0  0x0000555555685eaf in category_decode (code=77, size=0) at /home/ambrose/vsproject/TestLib/ffjpeg/src/jfif.c:133
#1  0x00005555556961e3 in main (argc=2, argv=0x7fffffffdad8)
    at output/ffjpeg_deepseek24/harness/code/jfif.c/jfif_decode/category_decode.c:37
(gdb) p code
$1 = 77
(gdb) p size
$2 = 0