fix runtime error: applying zero offset to null pointer (!479) · Merge requests · libtiff / libtiff

xiaoxiaoafeifei requested to merge xiaoxiaoafeifei/libtiff:mymaster1 into master Apr 20, 2023

Hi:

I found a runtime error in file libtiff/tif_dir.c

USAN:

root@iZ2vcadn43p7fjzbhl6zqwZ:~/gitlab/tiffcp/poc# /usr/local/bin/tiffcp -i -s -p separate poc /tmp/foo
TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
tif_dir.c:195:24: runtime error: applying zero offset to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior tif_dir.c:195:24 in 
TIFFSetField: poc: Invalid InkNames value; no NUL at given buffer end location 0, after 0 ink.
poc: Error, can only handle BitsPerSample=8 in cpContig2SeparateByRow.
TIFFWriteDirectoryTagCheckedRational: Negative value is illegal.

Steps to reproduce:

CC=afl-clang-fast CXX=afl-clang-fast++ CFLAGS="-gdwarf-2 -g3 -O0 -fsanitize=address,undefined,leak -fno-omit-frame-pointer" CXXFLAGS="-gdwarf-2 -g3 -O0 -fsanitize=address,undefined,leak -fno-omit-frame-pointer" ./configure --disable-shared
make & make install
/usr/local/bin/tiffcp -i -s -p separate poc /tmp/foo

poc: poc

This modification fixes the problem

Edited Apr 20, 2023 by xiaoxiaoafeifei

fix runtime error: applying zero offset to null pointer

Merge request reports