fail to allocate in tiff2ps at tiff2ps.c:2213

Hello,

We are currently working on fuzz testing feature, and we found a failed to allocate error on tiff2ps.

The stack traces are as follow:

==29593==WARNING: AddressSanitizer failed to allocate 0xffffffffffffffff bytes
==29593==AddressSanitizer CHECK failed: ../../../../src/libsanitizer/sanitizer_common/sanitizer_allocator.cc:218 "((0)) != (0)" (0x0, 0x0)
    #0 0x7fc673d71bf2  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe9bf2)
    #1 0x7fc673d90575 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x108575)
    #2 0x7fc673d77332  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xef332)
    #3 0x7fc673cafe46  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x27e46)
    #4 0x7fc673d66b0a in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb0a)
    #5 0x7fc674de96eb in _TIFFmalloc .../libtiff-git/libtiff/tif_unix.c:314
    #6 0x55b42c435617 in limitMalloc .../libtiff-git/tools/tiff2ps.c:255
    #7 0x55b42c43ed6d in PS_Lvl2page .../libtiff-git/tools/tiff2ps.c:2213
    #8 0x55b42c43f8c4 in PSpage .../libtiff-git/tools/tiff2ps.c:2366
    #9 0x55b42c43bd77 in TIFF2PS .../libtiff-git/tools/tiff2ps.c:1634
    #10 0x55b42c4361ec in main .../libtiff-git/tools/tiff2ps.c:501

Here is the full stack trace : full_stacktrace_poc_1.zip

Step to reproduce

We configured tiff2ps using CFLAGS="-g -O0 -fsanitize=address" CXXFLAGS="-g -O0 -fsanitize=address" ./configure --prefix=$(pwd)/ and build it using make -j10, and run it with:

./tiff2ps -L.5 -2 -a -W -b -c -l -3 -r -z <attached file>

Attachment: input_tiff2ps_poc_1.zip

Environment

  • OS: Ubuntu 18.04.5 LTS
  • GCC version: gcc 7.5.0
  • libtiff version: latest commit (07b73cfd) of the master branch in gitlab link

Thank you.