tiffcrop: free invalid pointer in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522
Summary
There is a invalid pointer free() operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522
131:TIFFCleanup(tif);
Version
root@peng:~/libtiff-v4.4.0rc1# tools/.libs/tiffcrop -v
Library Release: LIBTIFF, Version 4.4.0
Copyright (c) 1988-1996 Sam Leffler
Copyright (c) 1991-1996 Silicon Graphics, Inc.
Tiffcrop version: 2.5, last updated: 02-09-2022Steps to reproduce
./autogen.sh
./configure
make -j
root@peng:~/libtiff-v4.4.0rc1# gdb --args tools/.libs/tiffcrop -Z 1:4,3:3 -R 90 -H 300 -S 2:2 -i poc1 /tmp/foo
TIFFFetchDirectory: Can not read TIFF directory count.
TIFFReadDirectory: Failed to read directory at offset 4279506196.
free(): invalid pointer
Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00007ffff77a17f1 in __GI_abort () at abort.c:79
#2 0x00007ffff77ea837 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff7917a7b "%s\n") at ../sysdeps/posix/libc_fatal.c:181
#3 0x00007ffff77f18ba in malloc_printerr (str=str@entry=0x7ffff7915c76 "free(): invalid pointer") at malloc.c:5342
#4 0x00007ffff77f8dec in _int_free (have_lock=0, p=0x55555576f730, av=0x7ffff7b4cc40 <main_arena>) at malloc.c:4167
#5 __GI___libc_free (mem=0x55555576f740) at malloc.c:3134
#6 0x00007ffff7b5c9c9 in TIFFClose (tif=<optimized out>) at tif_close.c:131
#7 0x0000555555559487 in main (argc=<optimized out>, argv=0x7fffffffe348) at tiffcrop.c:2522Platform
uname -a Linux peng 5.4.0-42-generic 18.04.1-Ubuntu SMP Fri Jul 10 07:21:24 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux