You need to log in before you can comment on or make changes to this bug.
Triggered by tiffcp -i poc /tmp/foo Version: master (commit: 779e54ca3) The output information of ASAN is as follows: $ tiffcp -i poc /tmp/foo ================================================================= ==61990==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7ffff68979e3 bp 0x7fffffffe650 sp 0x7fffffffddd8 T0) #0 0x7ffff68979e2 (/lib/x86_64-linux-gnu/libc.so.6+0x16f9e2) #1 0x7ffff6ee174e in memcmp (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x7774e) #2 0x7ffff6c0be0f in _TIFFmemcmp /home/fuzz/experiment/libtiff/libtiff/tif_unix.c:352 #3 0x7ffff6b61c31 in TIFFWriteDirectoryTagTransferfunction /home/fuzz/experiment/libtiff/libtiff/tif_dirwrite.c:1896 #4 0x7ffff6b5cb35 in TIFFWriteDirectorySec /home/fuzz/experiment/libtiff/libtiff/tif_dirwrite.c:628 #5 0x7ffff6b596d9 in TIFFWriteDirectory /home/fuzz/experiment/libtiff/libtiff/tif_dirwrite.c:182 #6 0x402de5 in main /home/fuzz/experiment/libtiff/tools/tiffcp.c:301 #7 0x7ffff674882f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #8 0x401b88 in _start (/home/fuzz/experiment/libtiff/install/bin/tiffcp+0x401b88) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV ??:0 ?? ==61990==ABORTING Actual results: crash Expected results: crash Additional info: The crash can be reproduced by the attached file.
Created an attachment (id=877) [details] testcase
Created an attachment (id=878) [details] testcase ================================================================= ==12521== ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f6bbeecf654 sp 0x7ffd143bd310 bp 0x7ffd143bd350 T0) AddressSanitizer can not provide additional info. #0 0x7f6bbeecf653 (/usr/lib/x86_64-linux-gnu/libasan.so.0+0xf653) #1 0x7f6bbeb6fd55 in TIFFWriteDirectoryTagTransferfunction /home/wdw/experiment/libtiff/libtiff/tif_dirwrite.c:1901 #2 0x7f6bbeb6ab2b in TIFFWriteDirectorySec /home/wdw/experiment/libtiff/libtiff/tif_dirwrite.c:628 #3 0x7f6bbeb67747 in TIFFWriteDirectory /home/wdw/experiment/libtiff/libtiff/tif_dirwrite.c:182 #4 0x4028b7 in main /home/wdw/experiment/libtiff/tools/tiffcp.c:301 #5 0x7f6bbe75af44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #6 0x401958 in _start (/home/wdw/experiment/libtiff/install-asan/bin/tiffcp+0x401958) SUMMARY: AddressSanitizer: SEGV ??:0 ?? ==12521== ABORTING
duplicate of http://bugzilla.maptools.org/show_bug.cgi?id=2833 see https://gitlab.com/libtiff/libtiff/merge_requests/54
I found the crash at tif_dirwrite.c:1896 duplicate of http://bugzilla.maptools.org/show_bug.cgi?id=2820, but the one at tif_dirwrite.c:1901 may be different.
does it reproduce with the current "master" ? ae0bed1fe530a82faf2e9ea1775109dbf301a971
Bugzilla is no longer used for tracking libtiff issues. Remaining open tickets, such as this one, have been migrated to the libtiff GitLab instance at https://gitlab.com/libtiff/libtiff/issues . The migrated tickets have their summary prefixed with [BZ#XXXX] where XXXX is the initial Bugzilla issue number.