Bug 2622 - libtiff: heap-based buffer overflow in _TIFFmemcpy (tif_unix.c)
: libtiff: heap-based buffer overflow in _TIFFmemcpy (tif_unix.c)
Status: RESOLVED DUPLICATE of bug 2620
: libtiff
default
: unspecified
: PC Linux
: P1 critical
: ---
Assigned To:
:
:
:
:
:
  Show dependency treegraph
 
Reported: 2016-12-03 05:15 by
Modified: 2016-12-03 06:39 (History)


Attachments
stacktrace (3.81 KB, text/plain)
2016-12-03 05:15, Agostino Sarubbo
Details


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2016-12-03 05:15:36
Created an attachment (id=714) [details]
stacktrace

On 4.0.7:

# tiffcrop -i $FILE /tmp/foo

AddressSanitizer: heap-buffer-overflow
/tmp/portage/sys-devel/llvm-3.9.0-r1/work/llvm-3.9.0.src/projects/compiler-rt/lib/asan/asan_interceptors.cc:413
in __asan_memcpy

which refers to:

_TIFFmemcpy
/tmp/portage/media-libs/tiff-4.0.7/work/tiff-4.0.7/libtiff/tif_unix.c:340:2

Testcase:
https://github.com/asarubbo/poc/blob/master/00102-libtiff-heapoverflow-_TIFFmemcpy
------- Comment #1 From 2016-12-03 06:39:37 -------
I've verified that the fix of http://bugzilla.maptools.org/show_bug.cgi?id=2620
fixes that one too

*** This bug has been marked as a duplicate of bug 2620 ***