Bug 2444 – find0span and find1span in tif_fax3.c are Valgrind- and MemorySanitizer-unfriendly

Bug 2444 - find0span and find1span in tif_fax3.c are Valgrind- and MemorySanitizer-unfriendly

Summary:

find0span and find1span in tif_fax3.c are Valgrind- and MemorySanitizer-unfri...

Status:	RESOLVED LATER

Product:	libtiff
Component:	default
Version:	4.0.1
Platform:	PC Linux

Importance:	P2 enhancement
Target Milestone:	---
Assigned To:	Frank Warmerdam

URL:
Whiteboard:
Keywords:	migrated_to_gitlab

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2013-06-26 06:19 by Evgeniy Stepanov
Modified:	2019-10-01 14:20 (History)

Attachments
proposed fix (1.77 KB, patch) 2013-06-26 06:19, Evgeniy Stepanov	Details \| Diff
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description From Evgeniy Stepanov 2013-06-26 06:19:28

Created an attachment (id=509) [details]
proposed fix

Handling of incomplete first and last bytes of the bit string does memory
accesses at the address that depends on uninitialized values (i.e. index into
zeroruns[] and oneruns[] depends on the data from outside the bit string).

The code looks correct anyway, but this prevents it from being tested with
those tools.

I've rewritten the code to be both simpler (IMHO), and memory testing tools
friendly by masking out all uninitialized bits before table lookup. Find the
patch in the attachment.

tiff-4.0.3 (buganizer lacks a version tag for that)

------- Comment #1 From Even Rouault 2019-10-01 14:20:00 -------

Bugzilla is no longer used for tracking libtiff issues. Remaining open tickets,
such as this one, have been migrated to the libtiff GitLab instance at
https://gitlab.com/libtiff/libtiff/issues .

The migrated tickets have their summary prefixed with [BZ#XXXX] where XXXX is
the initial Bugzilla issue number.