commit ccc277247ac1a7aef0a90353edcdec35fbc5903c
Author: Nano <nanoapezlk@gmail.com>
Date:   Wed Apr 26 15:09:52 2023 +0800

    fix(wechat_qrcode): Init nBytes after the count value is determined (#3480)

    * fix(wechat_qrcode): Initialize nBytes after the count value is determined

    * fix(wechat_qrcode): Incorrect count data repair

    * chore: format expr

    * fix(wechat_qrcode): Avoid null pointer exception

    * fix(wechat_qrcode): return when bytes_ is empty

    * test(wechat_qrcode): add test case

    ---------

    Co-authored-by: GZTime <Time.GZ@outlook.com>

CVE: CVE-2023-2617

Upstream-Status: Backport [https://github.com/opencv/opencv_contrib/commit/ccc277247ac1a7aef0a90353edcdec35fbc5903c]

Signed-off-by: Soumya <soumya.sambu@windriver.com>
---

diff --git a/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp b/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp
index 05de793c..b3a0a69c 100644
--- a/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp
+++ b/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp
@@ -65,7 +65,8 @@ void DecodedBitStreamParser::append(std::string& result, string const& in,

 void DecodedBitStreamParser::append(std::string& result, const char* bufIn, size_t nIn,
                                     ErrorHandler& err_handler) {
-    if (err_handler.ErrCode()) return;
+    // avoid null pointer exception
+    if (err_handler.ErrCode() || bufIn == nullptr) return;
 #ifndef NO_ICONV_INSIDE
     if (nIn == 0) {
         return;
@@ -190,16 +191,20 @@ void DecodedBitStreamParser::decodeByteSegment(Ref<BitSource> bits_, string& res
                                                CharacterSetECI* currentCharacterSetECI,
                                                ArrayRef<ArrayRef<char> >& byteSegments,
                                                ErrorHandler& err_handler) {
-    int nBytes = count;
     BitSource& bits(*bits_);
     // Don't crash trying to read more bits than we have available.
     int available = bits.available();
     // try to repair count data if count data is invalid
     if (count * 8 > available) {
-        count = (available + 7 / 8);
+        count = (available + 7) / 8;
     }
+    size_t nBytes = count;
+
+    ArrayRef<char> bytes_(nBytes);
+    // issue https://github.com/opencv/opencv_contrib/issues/3478
+    if (bytes_->empty())
+        return;

-    ArrayRef<char> bytes_(count);
     char* readBytes = &(*bytes_)[0];
     for (int i = 0; i < count; i++) {
         //    readBytes[i] = (char) bits.readBits(8);
diff --git a/modules/wechat_qrcode/test/test_qrcode.cpp b/modules/wechat_qrcode/test/test_qrcode.cpp
index d59932b8..ec2559b0 100644
--- a/modules/wechat_qrcode/test/test_qrcode.cpp
+++ b/modules/wechat_qrcode/test/test_qrcode.cpp
@@ -455,5 +455,16 @@ TEST_P(Objdetect_QRCode_Easy_Multi, regression) {
 std::string qrcode_model_path[] = {"", "dnn/wechat_2021-01"};
 INSTANTIATE_TEST_CASE_P(/**/, Objdetect_QRCode_Easy_Multi, testing::ValuesIn(qrcode_model_path));

+TEST(Objdetect_QRCode_bug, issue_3478) {
+    auto detector = wechat_qrcode::WeChatQRCode();
+    std::string image_path = findDataFile("qrcode/issue_3478.png");
+    Mat src = imread(image_path, IMREAD_GRAYSCALE);
+    ASSERT_FALSE(src.empty()) << "Can't read image: " << image_path;
+    std::vector<std::string> outs = detector.detectAndDecode(src);
+    ASSERT_EQ(1, (int) outs.size());
+    ASSERT_EQ(16, (int) outs[0].size());
+    ASSERT_EQ("KFCVW50         ", outs[0]);
+}
+
 }  // namespace
 }  // namespace opencv_test