Bug 2651 - Potential unitialized-memory access from tif_rawdata
: Potential unitialized-memory access from tif_rawdata
Status: RESOLVED FIXED
: libtiff
default
: unspecified
: PC Linux
: P2 normal
: ---
Assigned To:
:
:
:
:
:
  Show dependency treegraph
 
Reported: 2017-01-04 09:53 by
Modified: 2017-04-10 02:04 (History)


Attachments
Initialize rawdata (507 bytes, patch)
2017-01-11 13:20, dsinclair@chromium.org
Details | Diff


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2017-01-04 09:53:55
It is possible to end up accessing un-intialized memory from tif_rawdata. A
potential fix can be seen at: https://pdfium-review.googlesource.com/c/2150/
------- Comment #1 From 2017-01-11 13:15:55 -------
The link doesn't work for me. Can you attach the patch and a reproducer to this
ticket ?
------- Comment #2 From 2017-01-11 13:20:33 -------
Created an attachment (id=745) [details]
Initialize rawdata

Adding the patch file. I don't think I have permission to attach the crashing
image file.
------- Comment #3 From 2017-01-11 14:04:05 -------
A reproducer would have been appreciated, but your suggested change looks safe.
I've implemented it a bit differently:

Fixed per 

2017-01-11 Even Rouault <even.rouault at spatialys.com>

        * libtiff/tiffio.h, tif_unix.c, tif_win32.c, tif_vms.c: add
_TIFFcalloc()

        * libtiff/tif_read.c: TIFFReadBufferSetup(): use _TIFFcalloc() to zero
        initialize tif_rawdata.
        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2651


/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
new revision: 1.1208; previous revision: 1.1207
/cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v  <--  libtiff/tif_read.c
new revision: 1.53; previous revision: 1.52
/cvs/maptools/cvsroot/libtiff/libtiff/tif_unix.c,v  <--  libtiff/tif_unix.c
new revision: 1.28; previous revision: 1.27
/cvs/maptools/cvsroot/libtiff/libtiff/tif_vms.c,v  <--  libtiff/tif_vms.c
new revision: 1.14; previous revision: 1.13
/cvs/maptools/cvsroot/libtiff/libtiff/tif_win32.c,v  <--  libtiff/tif_win32.c
new revision: 1.42; previous revision: 1.41
/cvs/maptools/cvsroot/libtiff/libtiff/tiffio.h,v  <--  libtiff/tiffio.h
new revision: 1.94; previous revision: 1.93
------- Comment #4 From 2017-04-10 02:04:01 -------
this is CVE-2017-7593