You need to log in before you can comment on or make changes to this bug.
Created an attachment (id=858) [details] POC to trigger bug Triggered by "./tiff2ps $POC" Tested on Ubuntu 16.04 (x86) SEGV occurred when processing malformed TIFF file. ASAN output: ==21335==ERROR: AddressSanitizer: SEGV on unknown address 0x26960690 (pc 0xb75c8c4b bp 0xb5301fe4 sp 0xbfd9c7b0 T0) #0 0xb75c8c4a in Fax3PreDecode /home/min/fuzzing/src/tiff-4.0.9/libtiff/tif_fax3.c:166:18 #1 0xb76f12d7 in TIFFStartStrip /home/min/fuzzing/src/tiff-4.0.9/libtiff/tif_read.c:1457:10 #2 0xb76f12d7 in TIFFFillStrip /home/min/fuzzing/src/tiff-4.0.9/libtiff/tif_read.c:950 #3 0xb76eb393 in TIFFSeek /home/min/fuzzing/src/tiff-4.0.9/libtiff/tif_read.c:379:30 #4 0xb76eb393 in TIFFReadScanline /home/min/fuzzing/src/tiff-4.0.9/libtiff/tif_read.c:446 #5 0x8148012 in PSDataColorSeparate /home/min/fuzzing/src/tiff-4.0.9/tools/tiff2ps.c:2526:8 #6 0x813cd5b in PSpage /home/min/fuzzing/src/tiff-4.0.9/tools/tiff2ps.c:2356:4 #7 0x8136f5b in TIFF2PS /home/min/fuzzing/src/tiff-4.0.9/tools/tiff2ps.c:1612:10 #8 0x8134673 in main /home/min/fuzzing/src/tiff-4.0.9/tools/tiff2ps.c:479:9 #9 0xb7210636 in __libc_start_main /build/glibc-mUak1Y/glibc-2.23/csu/../csu/libc-start.c:291 #10 0x805f687 in _start (/home/min/fuzzing/program/libtiff-4.0.9-aflclang-asan/bin/tiff2ps+0x805f687) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/min/fuzzing/src/tiff-4.0.9/libtiff/tif_fax3.c:166:18 in Fax3PreDecode ==21335==ABORTING Credits: Mingi Cho and Taekyoung Kwon of the Information Security Lab, Yonsei University.
I have test with master ae0bed1fe530a82faf2e9ea1775109dbf301a971 I don't reproduce the problem
Bugzilla is no longer used for tracking libtiff issues. Remaining open tickets, such as this one, have been migrated to the libtiff GitLab instance at https://gitlab.com/libtiff/libtiff/issues . The migrated tickets have their summary prefixed with [BZ#XXXX] where XXXX is the initial Bugzilla issue number.
