Summary SUMMARY: AddressSanitizer: SEGV /home/lin/libtiff/tools/tiffcrop.c:3539 in extractContigSamplesShifted32bits Version ``` ➜ tiffcrop_test git:(master) ✗ ./tiffcrop -v Library Release: LIBTIFF, Version 4.3.0 Copyright (c) 1988-1996 Sam Leffler Copyright (c) 1991-1996 Silicon Graphics, Inc. Tiffcrop version: 2.4, last updated: 12-13-2010 Tiffcp code: Copyright (c) 1988-1997 Sam Leffler : Copyright (c) 1991-1997 Silicon Graphics, Inc Tiffcrop additions: Copyright (c) 2007-2010 Richard Nolde ``` At branch 27f399af (libtiff version) Steps to reproduce ``` git clone git@gitlab.com:libtiff/libtiff.git cd libtiff/ ./autogen.sh ./configure CC=gcc CXX=g++ CFLAGS="-g -fsanitize=address" --disable-shared & make ./tools/tiffcrop -i -E b -Z 0:0,1:1 ./poc ./out2 ``` (How one can reproduce the issue - this is very important) Platform ``` ➜ libtiff git:(master) ✗ gcc --version gcc (Ubuntu 7.5.0-3ubuntu1~18.04) 7.5.0 Copyright (C) 2017 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. ➜ libtiff git:(master) ✗ uname -r 5.4.0-91-generic ➜ libtiff git:(master) ✗ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 18.04.5 LTS Release: 18.04 Codename: bionic ``` (Operating system, architecture, compiler details) - ASAN ``` TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order. TIFFReadDirectory: Warning, Unknown field with tag 0 (0x0) encountered. TIFFReadDirectory: Warning, Unknown field with tag 3 (0x3) encountered. /home/lin/id:000539,sig:06,src:003571,op:arg1,rep:4: Warning, Nonstandard tile width 769, convert file. _TIFFVSetField: /home/lin/id:000539,sig:06,src:003571,op:arg1,rep:4: Null count for "Tag 3" (type 1, writecount -3, passcount 1). TIFFFetchNormalTag: Warning, Incorrect count for "YResolution"; tag ignored. TIFFFetchStripThing: Warning, Incorrect count for "StripOffsets"; tag ignored. TIFFFetchStripThing: Warning, Incorrect count for "StripByteCounts"; tag ignored. TIFFAdvanceDirectory: Error fetching directory link. /home/lin/id:000539,sig:06,src:003571,op:arg1,rep:4: Compression scheme 64 tile decoding is not implemented. TIFFFillTile: 0: Invalid tile byte count, tile 4. TIFFFillTile: 0: Invalid tile byte count, tile 8. TIFFFillTile: 0: Invalid tile byte count, tile 1. TIFFFillTile: 0: Invalid tile byte count, tile 5. TIFFFillTile: 0: Invalid tile byte count, tile 9. TIFFFillTile: 0: Invalid tile byte count, tile 2. TIFFFillTile: 0: Invalid tile byte count, tile 6. TIFFFillTile: 0: Invalid tile byte count, tile 10. TIFFFillTile: 0: Invalid tile byte count, tile 3. TIFFFillTile: 0: Invalid tile byte count, tile 7. TIFFFillTile: 0: Invalid tile byte count, tile 11. ASAN:DEADLYSIGNAL ================================================================= ==25527==ERROR: AddressSanitizer: SEGV on unknown address 0x6160ffffdc74 (pc 0x55b9f6a45d42 bp 0x7fff6fd97940 sp 0x7fff6fd978b0 T0) ==25527==The signal is caused by a WRITE memory access. #0 0x55b9f6a45d41 in extractContigSamplesShifted32bits /home/lin/libtiff/tools/tiffcrop.c:3539 #1 0x55b9f6a59405 in extractCompositeRegions /home/lin/libtiff/tools/tiffcrop.c:6455 #2 0x55b9f6a5d368 in processCropSelections /home/lin/libtiff/tools/tiffcrop.c:7458 #3 0x55b9f6a41681 in main /home/lin/libtiff/tools/tiffcrop.c:2396 #4 0x7ff2911fabf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6) #5 0x55b9f6a38629 in _start (/home/lin/libtiff/tools/tiffcrop+0x28629) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/lin/libtiff/tools/tiffcrop.c:3539 in extractContigSamplesShifted32bits ==25527==ABORTING ``` poc: [poc.zip](/uploads/42d11d5b4ec70413e5c8c5674add8bca/poc.zip) Thanks !!