AddressSanitizer: SEGV /build/glibc-eX1tMB/glibc-2.31/string/../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:383
Summary
AddressSanitizer: SEGV /build/glibc-eX1tMB/glibc-2.31/string/../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:383
(Summarize the bug encountered concisely)
Version
➜ tiffcrop_test git:(master) ✗ ./tiffcrop -v
Library Release: LIBTIFF, Version 4.3.0
Copyright (c) 1988-1996 Sam Leffler
Copyright (c) 1991-1996 Silicon Graphics, Inc.
Tiffcrop version: 2.4, last updated: 12-13-2010
Tiffcp code: Copyright (c) 1988-1997 Sam Leffler
: Copyright (c) 1991-1997 Silicon Graphics, Inc
Tiffcrop additions: Copyright (c) 2007-2010 Richard Nolde
At branch 27f399af (libtiff version)
Steps to reproduce
git clone git@gitlab.com:libtiff/libtiff.git
cd libtiff/
./autogen.sh
./configure CC=gcc CXX=g++ CFLAGS="-g -fsanitize=address" --disable-shared & make
./tools/tiffcrop -i -E b -Z 0:0,1:1 -e m -F vert ./poc ./out2
(How one can reproduce the issue - this is very important)
Platform
➜ libtiff git:(master) ✗ gcc --version
gcc (Ubuntu 7.5.0-3ubuntu1~18.04) 7.5.0
Copyright (C) 2017 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
➜ libtiff git:(master) ✗ uname -r
5.4.0-91-generic
➜ libtiff git:(master) ✗ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.5 LTS
Release: 18.04
Codename: bionic
(Operating system, architecture, compiler details)
- ASAN
TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
/home/lin/libtiff/tools/tiffcrop_test/out/master/crashes/id:000572,sig:06,src:002641,op:arg1,rep:2: Warning, Nonstandard tile width 1, convert file.
TIFFReadDirectory: Warning, Unknown field with tag 0 (0x0) encountered.
TIFFFetchNormalTag: Warning, IO error during reading of "DocumentName"; tag ignored.
TIFFFetchNormalTag: Warning, Incorrect count for "Orientation"; tag ignored.
TIFFFetchNormalTag: Warning, Incorrect count for "YResolution"; tag ignored.
TIFFFetchNormalTag: Warning, incorrect count for field "PageNumber", expected 2, got 19464194.
TIFFFetchStripThing: Warning, Incorrect count for "StripOffsets"; tag ignored.
TIFFFetchStripThing: Warning, Incorrect count for "StripByteCounts"; tag ignored.
readContigTilesIntoBuffer: Unsupported bit depth 50201.
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3688782==ERROR: AddressSanitizer: SEGV on unknown address 0x6290fffcf180 (pc 0x7fe41d470e42 bp 0x7ffd8f5869e0 sp 0x7ffd8f586198 T0)
==3688782==The signal is caused by a READ memory access.
#0 0x7fe41d470e42 /build/glibc-eX1tMB/glibc-2.31/string/../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:383
#1 0x4941b7 in __asan_memcpy (/home/lin/libtiff/tools/tiffcrop_test/out/master/queue_info/crashes/tiffcrop+0x4941b7)
#2 0x58fdba in _TIFFmemcpy /home/lin/libtiff/libtiff/tif_unix.c:346:2
#3 0x4f0a6c in mirrorImage /home/lin/libtiff/tools/tiffcrop.c:9095:8
#4 0x4d11a5 in processCropSelections /home/lin/libtiff/tools/tiffcrop.c:7607:13
#5 0x4d11a5 in main /home/lin/libtiff/tools/tiffcrop.c:2396:13
#6 0x7fe41d3d90b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
#7 0x41c53d in _start (/home/lin/libtiff/tools/tiffcrop_test/out/master/queue_info/crashes/tiffcrop+0x41c53d)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /build/glibc-eX1tMB/glibc-2.31/string/../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:383
==3688782==ABORTING
- GDB
─────────────────────────────────────────────── Registers ───────────────────────────────────────────────
RAX: 0x629000000200 --> 0x0
RBX: 0x1884
RCX: 0x0
RDX: 0x1884
RSI: 0x6290fffcf180 --> 0x0
RDI: 0x629000000200 --> 0x0
RBP: 0x7fffffff78a0 --> 0x7fffffff7a50 --> 0x7fffffffe080 --> 0x0
RSP: 0x7fffffff7058 --> 0x4941b8 (<__asan_memcpy+680>: add rsp,0x820)
RIP: 0x7ffff7cc1e42 (<__memmove_sse2_unaligned_erms+290>: movups xmm4,XMMWORD PTR [rsi])
R8 : 0x62 ('b')
R9 : 0x310
R10: 0xc527fff8350 --> 0x0
R11: 0x60 ('`')
R12: 0x1884
R13: 0x6290fffcf180 --> 0x0
R14: 0x6290fffcf180 --> 0x0
R15: 0x629000000200 --> 0x0
EFLAGS: 0x10283 (CARRY parity adjust zero SIGN trap INTERRUPT direction overflow)
────────────────────────────────────────────────── Code ─────────────────────────────────────────────────
0x7ffff7cc1e33 <__memmove_sse2_unaligned_erms+275>: cmp rdi,rsi
0x7ffff7cc1e36 <__memmove_sse2_unaligned_erms+278>:
ja 0x7ffff7cc1ec8 <__memmove_sse2_unaligned_erms+424>
0x7ffff7cc1e3c <__memmove_sse2_unaligned_erms+284>:
je 0x7ffff7cc1d6a <__memmove_sse2_unaligned_erms+74>
=> 0x7ffff7cc1e42 <__memmove_sse2_unaligned_erms+290>: movups xmm4,XMMWORD PTR [rsi]
0x7ffff7cc1e45 <__memmove_sse2_unaligned_erms+293>: movups xmm5,XMMWORD PTR [rsi+rdx*1-0x10]
0x7ffff7cc1e4a <__memmove_sse2_unaligned_erms+298>: movups xmm6,XMMWORD PTR [rsi+rdx*1-0x20]
0x7ffff7cc1e4f <__memmove_sse2_unaligned_erms+303>: movups xmm7,XMMWORD PTR [rsi+rdx*1-0x30]
0x7ffff7cc1e54 <__memmove_sse2_unaligned_erms+308>: movups xmm8,XMMWORD PTR [rsi+rdx*1-0x40]
[rsi] : 0x6290fffcf180 --> 0x0
───────────────────────────────────────────────── Stack ─────────────────────────────────────────────────
0000| 0x7fffffff7058 --> 0x4941b8 (<__asan_memcpy+680>: add rsp,0x820)
0008| 0x7fffffff7060 --> 0x494c7e (<malloc+158>: mov r15,rax)
0016| 0x7fffffff7068 --> 0x58fc15 (<_TIFFmalloc+85>: jmp 0x58fc27 <_TIFFmalloc+103>)
0024| 0x7fffffff7070 --> 0x4d11a6 (<main+28358>: test eax,eax)
0032| 0x7fffffff7078 --> 0x7ffff7c2a0b3 (<__libc_start_main+243>: mov edi,eax)
0040| 0x7fffffff7080 --> 0x29 (')')
0048| 0x7fffffff7088 --> 0x640000001f18 --> 0x0
0056| 0x7fffffff7090 --> 0x1ec0
─────────────────────────────────────────────────────────────────────────────────────────────────────────
Legend: code, data, rodata, heap, value
Stopped reason: SIGSEGV
__memmove_sse2_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:383
383 ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S: No such file or directory.
poc:[poc.zip]poc.zip
Thanks !!
Edited by p870613