fail to allocate in tiffinfo at tiffinfo.c:339

Hello,

We are currently working on fuzz testing feature, and we found a failed to allocate error on tiffinfo.

The stack traces are as follow:

==29276==ERROR: AddressSanitizer failed to allocate 0xf627ba000 (66076778496) bytes of LargeMmapAllocator (error code: 12)
==29276==AddressSanitizer CHECK failed: ../../../../src/libsanitizer/sanitizer_common/sanitizer_common.cc:118 "((0 && "unable to mmap")) != (0)" (0x0, 0x0)
    #0 0x7fdb2348dbf2  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe9bf2)
    #1 0x7fdb234ac575 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x108575)
    #2 0x7fdb23497482  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xf3482)
    #3 0x7fdb234a3895  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xff895)
    #4 0x7fdb233cc7fd  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x287fd)
    #5 0x7fdb23482b0a in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb0a)
    #6 0x7fdb245056eb in _TIFFmalloc .../libtiff-git/libtiff/tif_unix.c:314
    #7 0x5634f143ff66 in TIFFReadSeparateTileData .../libtiff-git/tools/tiffinfo.c:339
    #8 0x5634f1440634 in TIFFReadData .../libtiff-git/tools/tiffinfo.c:381
    #9 0x5634f144162c in tiffinfo .../libtiff-git/tools/tiffinfo.c:541
    #10 0x5634f143eb49 in main .../libtiff-git/tools/tiffinfo.c:159

Here is the full stack trace : full_stacktrace_poc_4.zip

Step to reproduce

We configured tiffinfo using CFLAGS="-g -O0 -fsanitize=address" CXXFLAGS="-g -O0 -fsanitize=address" ./configure --prefix=$(pwd)/ and build it using make -j10, and run it with:

./tiffinfo -D libtiff -i tiffinfo -s <attached file> -d -j

Attachment: input_tiffinfo_poc_4.zip

Environment

  • OS: Ubuntu 18.04.5 LTS
  • GCC version: gcc 7.5.0
  • libtiff version: latest commit (07b73cfd) of the master branch in gitlab link

Thank you.