heap-buffer-overflow in tiffinfo at tiffinfo.c:430
Hello,
We are currently working on fuzz testing feature, and we found a heap-buffer-overflow on tiffinfo
.
The stack traces are as follow:
==29290==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60c000000178 at pc 0x55e6c95e6a48 bp 0x7ffc87add490 sp 0x7ffc87add480
READ of size 8 at 0x60c000000178 thread T0
#0 0x55e6c95e6a47 in TIFFReadRawDataStriped .../libtiff-git/tools/tiffinfo.c:430
#1 0x55e6c95e7452 in TIFFReadRawData .../libtiff-git/tools/tiffinfo.c:520
#2 0x55e6c95e75f1 in tiffinfo .../libtiff-git/tools/tiffinfo.c:537
#3 0x55e6c95e4b49 in main .../libtiff-git/tools/tiffinfo.c:159
Here is the full stack trace : full_stacktrace_poc_5.zip
Step to reproduce
We configured tiffinfo
using CFLAGS="-g -O0 -fsanitize=address" CXXFLAGS="-g -O0 -fsanitize=address" ./configure --prefix=$(pwd)/
and build it using make -j10
, and run it with:
./tiffinfo -D -i -c -d -r -s -w <attached file>
Attachment: input_tiffinfo_poc_5.zip
Environment
- OS: Ubuntu 18.04.5 LTS
- GCC version: gcc 7.5.0
- libtiff version: latest commit (07b73cfd) of the master branch in gitlab link
Thank you.