Bug 2732 – heap-buffer-overflow in tiffcp.c

Bug 2732 - heap-buffer-overflow in tiffcp.c

Summary:

heap-buffer-overflow in tiffcp.c

Status:	RESOLVED LATER

Product:	libtiff
Component:	default
Version:	unspecified
Platform:	PC Linux

Importance:	P2 enhancement
Target Milestone:	---
Assigned To:	Frank Warmerdam

URL:
Whiteboard:
Keywords:	migrated_to_gitlab

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2017-08-31 03:17 by fuhao
Modified:	2019-10-01 14:20 (History)

Attachments
the tiffcp poc (408 bytes, application/octet-stream) 2017-08-31 03:17, fuhao	Details
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description From fuhao 2017-08-31 03:17:01

Created an attachment (id=812) [details]
the tiffcp poc

Hello ,I use afl to test tiffcp (version 4.0.8) and I found a
heap-buffer-overflow in tiffcp.c(in function cpStripToTile)
i use the command line:tiffcp -i poc_name out
and the saw the asan message:
AddressSanitizer: heap-buffer-overflow
/home/share/libtiff/tiff-4.0.8/tools/tiffcp.c:1190 cpStripToTile
my poc: https://github.com/lifuhao123/feijidepoc/blob/master/tiffcp-poc

------- Comment #1 From Thomas Bernard 2019-02-11 18:00:21 -------

I'm not reproducing with the "master".

I think it has been fixed.

------- Comment #2 From Even Rouault 2019-10-01 14:20:47 -------

Bugzilla is no longer used for tracking libtiff issues. Remaining open tickets,
such as this one, have been migrated to the libtiff GitLab instance at
https://gitlab.com/libtiff/libtiff/issues .

The migrated tickets have their summary prefixed with [BZ#XXXX] where XXXX is
the initial Bugzilla issue number.