First Last Prev Next    No search results available
Bug 2238 - Invalid parameters to memcpy in TIFFFillStrip (tif_read.c:580)
: Invalid parameters to memcpy in TIFFFillStrip (tif_read.c:580)
Status: RESOLVED FIXED
: libtiff
default
: 4.0.0
: PC Linux
: P2 normal
: ---
Assigned To:
: http://alt.swiecki.net/j/t/memcpy1.tif
:
:
:
:
  Show dependency treegraph
 
Reported: 2010-07-06 10:07 by
Modified: 2014-12-24 11:52 (History)

Attachments
A testcase (913.49 KB, image/tiff)
2010-07-06 10:07, Robert Swiecki 		Details
Add an attachment (proposed patch, testcase, etc.)


Note

You need to log in before you can comment on or make changes to this bug.

Description From 2010-07-06 10:07:18 
Created an attachment (id=406) [details]
A testcase

Invalid parameters to memcpy in TIFFFillStrip (tif_read.c:580)

(gdb) r -d memcpy1.tif >/dev/null 2>&1
Program received signal SIGSEGV, Segmentation fault.
memcpy () at ../sysdeps/x86_64/memcpy.S:196
196    ../sysdeps/x86_64/memcpy.S: No such file or directory.
    in ../sysdeps/x86_64/memcpy.S

(gdb) bt
#0  memcpy () at ../sysdeps/x86_64/memcpy.S:196
#1  0x000000000041df03 in _TIFFmemcpy (d=0x7ffff7ef3de0, s=0x7ffff7f0f9d0,
c=133) at tif_unix.c:280
#2  0x000000000041a7eb in TIFFReadRawStrip1 (tif=0x697010, strip=0,
buf=0x7ffff7ef3de0, size=133, module=0x469a94 "TIFFFillStrip") at
tif_read.c:415
#3  0x000000000041acb5 in TIFFFillStrip (tif=0x697010, strip=0) at
tif_read.c:580
#4  0x000000000041a4d1 in TIFFReadEncodedStrip (tif=0x697010, strip=0,
buf=0x697b90, size=484173) at tif_read.c:345
#5  0x0000000000402015 in TIFFReadContigStripData (tif=0x697010) at
tiffinfo.c:230
#6  0x0000000000402623 in TIFFReadData (tif=0x697010) at tiffinfo.c:364
#7  0x0000000000402a5f in tiffinfo (tif=0x697010, order=0, flags=0) at
tiffinfo.c:461
#8  0x0000000000401d20 in main (argc=3, argv=0x7fffffffe658) at tiffinfo.c:151

(gdb) shell cat /proc/15262/maps | grep 7ffff7ef
7ffff7ef2000-7ffff7fd7000 r--s 00000000 08:06 966907                    
/usr/local/fuzz/tif/memcpy1.tif <--- this memory is readable-only (PROT_READ in
mmap), it's a mmaped file (memcpy1.tif).


Tested with Ubuntu's libtiff 3.9.2, 3.9.4 from the project's webpage, and with
libtiff from the cvs.

The same problem ins tiff2rgba

$ gdb ./tiff2rgba
(gdb) r memcpy1.tif a

Program received signal SIGSEGV, Segmentation fault.
memcpy () at ../sysdeps/x86_64/memcpy.S:196
196    ../sysdeps/x86_64/memcpy.S: No such file or directory.
    in ../sysdeps/x86_64/memcpy.S
(gdb) bt
#0  memcpy () at ../sysdeps/x86_64/memcpy.S:196
#1  0x000000000042e457 in _TIFFmemcpy (d=0x7ffff7ef2de0, s=0x7ffff7f0e9d0,
c=133) at tif_unix.c:280
#2  0x000000000042ad3f in TIFFReadRawStrip1 (tif=0x67b8c0, strip=0,
buf=0x7ffff7ef2de0, size=133, module=0x4531a4 "TIFFFillStrip") at
tif_read.c:415
#3  0x000000000042b209 in TIFFFillStrip (tif=0x67b8c0, strip=0) at
tif_read.c:580
#4  0x000000000042aa25 in TIFFReadEncodedStrip (tif=0x67b8c0, strip=0,
buf=0x1545600, size=484380) at tif_read.c:345
#5  0x0000000000420642 in gtStripContig (img=0x7fffffffdf90, raster=0x67c440,
w=1656, h=2339) at tif_getimage.c:862
#6  0x000000000041f4ba in TIFFRGBAImageGet (img=0x7fffffffdf90,
raster=0x67c440, w=1656, h=2339) at tif_getimage.c:472
#7  0x000000000041f5c8 in TIFFReadRGBAImageOriented (tif=0x67b8c0, rwidth=1656,
rheight=2339, raster=0x67c440, orientation=1, stop=0) at tif_getimage.c:491
#8  0x0000000000402844 in cvt_whole_image (in=0x67b8c0, out=0x67b010) at
tiff2rgba.c:383
#9  0x0000000000402d33 in tiffcvt (in=0x67b8c0, out=0x67b010) at
tiff2rgba.c:501
#10 0x0000000000402094 in main (argc=3, argv=0x7fffffffe658) at tiff2rgba.c:124
------- Comment #1 From 2014-12-24 11:52:07 ------- 
No problem seen with libtiff CVS head with Valgrind
First Last Prev Next    No search results available