You need to log in before you can comment on or make changes to this bug.
Created an attachment (id=844) [details] bug1004519.tiff https://bugzilla.suse.com/show_bug.cgi?id=1004519 found by afl on tiffcrop ../output/crashes/id:000058,sig:11,src:001636,op:havoc,rep:8 [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order. TIFFReadDirectory: Warning, Unknown field with tag 7034 (0x1b7a) encountered. TIFFReadDirectory: Warning, Unknown field with tag 5327 (0x14cf) encountered. TIFFFetchNormalTag: Warning, IO error during reading of "XResolution"; tag ignored. TIFFFetchNormalTag: Warning, IO error during reading of "YResolution"; tag ignored. TIFFFetchNormalTag: Warning, incorrect count for field "PageNumber", expected 2, got 100. TIFFReadDirectory: Warning, Ignoring ColorMap since BitsPerSample tag not found. TIFFAdvanceDirectory: Error fetching directory count. loadImage: Image lacks Photometric interpreation tag. Fax3Decode1D: Warning, Premature EOL at line 0 of strip 0 (got 15012, expected 32768). Fax3Decode1D: Warning, Premature EOL at line 1 of strip 0 (got 0, expected 32768). Program received signal SIGSEGV, Segmentation fault. __memset_sse2 () at ../sysdeps/x86_64/memset.S:78 78 movdqu %xmm8, (%rdi) #0 __memset_sse2 () at ../sysdeps/x86_64/memset.S:78 #1 0x00007ffff7aca18f in _TIFFFax3fillruns (buf=0x7ffffdf7d010 <error: Cannot access memory at address 0x7ffffdf7d010>, runs=0x7ffff7f72010, erun=<optimized out>, lastx=32768) at tif_fax3. c:403 #2 0x00007ffff7ae9cf9 in Fax3Decode1D (tif=0x662010, buf=0x7ffffdf7d010 <error: Cannot access memory at address 0x7ffffdf7d010>, occ=<optimized out>, s=<optimized out>) at tif_fax3.c:257 #3 0x00007ffff7b957f3 in TIFFReadEncodedStrip (tif=tif@entry=0x662010, strip=strip@entry=0, buf=buf@entry=0x7ffff5f1f010, size=size@entry=-1) at tif_read.c:377 #4 0x0000000000444d5e in readContigStripsIntoBuffer (buf=0x7ffff5f1f010 "", in=0x662010) at tiffcrop.c:3622 #5 loadImage (in=in@entry=0x662010, image=image@entry=0x7fffffff6de0, dump=dump@entry=0x7fffffffb6f0, read_ptr=read_ptr@entry=0x7fffffff6da0) at tiffcrop.c:6052 #6 0x0000000000403409 in main (argc=<optimized out>, argv=<optimized out>) at tiffcrop.c:2278 => 0x7ffff6d81c74 <__memset_sse2+84>: movdqu %xmm8,(%rdi)
I do not reproduce with 4.0.10 : TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order. TIFFReadDirectory: Warning, Unknown field with tag 7034 (0x1b7a) encountered. TIFFReadDirectory: Warning, Unknown field with tag 5327 (0x14cf) encountered. TIFFFetchNormalTag: Warning, IO error during reading of "XResolution"; tag ignored. TIFFFetchNormalTag: Warning, IO error during reading of "YResolution"; tag ignored. TIFFFetchNormalTag: Warning, incorrect count for field "PageNumber", expected 2, got 100. TIFFReadDirectory: Warning, Ignoring ColorMap since BitsPerSample tag not found. TIFFReadDirectory: Warning, Sum of Photometric type-related color channels and ExtraSamples doesn't match SamplesPerPixel. Defining non-color channels as ExtraSamples.. TIFFAdvanceDirectory: Error fetching directory count. loadImage: Image lacks Photometric interpreation tag. loadImage: Integer overflow detected..
Bugzilla is no longer used for tracking libtiff issues. Remaining open tickets, such as this one, have been migrated to the libtiff GitLab instance at https://gitlab.com/libtiff/libtiff/issues . The migrated tickets have their summary prefixed with [BZ#XXXX] where XXXX is the initial Bugzilla issue number.
