You need to log in before you can comment on or make changes to this bug.
Created an attachment (id=814) [details] POC file that crashing tiff2ps on tiff-4.0.8, command line is ./tiff2ps -3 -z -y -s -r 90 -m -W 1 $POC and the stacktraces with ASAN ==45012==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x63400002c602 at pc 0x00000040ad87 bp 0x7ffe5f737dd0 sp 0x7ffe5f737dc0 READ of size 1 at 0x63400002c602 thread T0 #0 0x40ad86 in PS_Lvl2page /root/tiff-4.0.8/tools/tiff2ps.c:2270 #1 0x40b579 in PSpage /root/tiff-4.0.8/tools/tiff2ps.c:2345 #2 0x4068b7 in psMaskImage /root/tiff-4.0.8/tools/tiff2ps.c:1237 #3 0x407f3e in TIFF2PS /root/tiff-4.0.8/tools/tiff2ps.c:1560 #4 0x403292 in main /root/tiff-4.0.8/tools/tiff2ps.c:479 #5 0x7fbb500a782f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #6 0x4026b8 in _start (/opt/tiff/bin/tiff2ps+0x4026b8) AddressSanitizer can not describe address in more detail (wild memory access suspected). SUMMARY: AddressSanitizer: heap-buffer-overflow /root/tiff-4.0.8/tools/tiff2ps.c:2270 PS_Lvl2page Shadow bytes around the buggy address: 0x0c687fffd870: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c687fffd880: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c687fffd890: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c687fffd8a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c687fffd8b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x0c687fffd8c0:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c687fffd8d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c687fffd8e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c687fffd8f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c687fffd900: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c687fffd910: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe ==45012==ABORTING
I'm not reproducing on the "master" (commit ae0bed1f) I think it has been fixed with 309bfd7f61761eaa2dc93eddb6588227a81c2ca0
Bugzilla is no longer used for tracking libtiff issues. Remaining open tickets, such as this one, have been migrated to the libtiff GitLab instance at https://gitlab.com/libtiff/libtiff/issues . The migrated tickets have their summary prefixed with [BZ#XXXX] where XXXX is the initial Bugzilla issue number.