You need to log in before you can comment on or make changes to this bug.
Created an attachment (id=831) [details] PoC Hello. I found a NULL pointer dereference bug in libtiff(tiffcp) Please confirm. Thanks. OS: Ubuntu 16.04 32bit PoC download : PoC Command line : ../tiffcp -i $PoC /tmp/null ``` ASAN:DEADLYSIGNAL ================================================================= ==22464==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f5d1e4e9630 bp 0x000000000001 sp 0x7ffc1fa8b788 T0) ==22464==The signal is caused by a READ memory access. ==22464==Hint: address points to the zero page. #0 0x7f5d1e4e962f in __memcpy_ssse3_back (/lib64/libc.so.6+0x14d62f) #1 0x7f5d1f948ca3 (/lib64/libtiff.so.5+0x18ca3) #2 0x516043 in main /home/karas/libtiff/tools/tiffcp.c:301:29 #3 0x7f5d1e3bdc04 in __libc_start_main (/lib64/libc.so.6+0x21c04) #4 0x41b58b in _start (/home/karas/libtiff/tools/.libs/tiffcp+0x41b58b) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/lib64/libc.so.6+0x14d62f) in __memcpy_ssse3_back ==22464==ABORTING ```
I do not reproduce with latest master I think the bug has been fixed since
Bugzilla is no longer used for tracking libtiff issues. Remaining open tickets, such as this one, have been migrated to the libtiff GitLab instance at https://gitlab.com/libtiff/libtiff/issues . The migrated tickets have their summary prefixed with [BZ#XXXX] where XXXX is the initial Bugzilla issue number.