You need to log in before you can comment on or make changes to this bug.
stacktrace On 4.0.9, with -fsanitize=undefined: raw2tiff $FILE out.tiff Image width and height are not specified. raw2tiff.c:568:29: runtime error: division by zero read error. PoC: https://github.com/rshariffdeen/poc/blob/master/0001-libtiff-dividebyzero-rawtiff
(In reply to comment #0) > stacktrace > > On 4.0.9, with -fsanitize=undefined: Does it happen with 4.0.10 ?
Yes verified on 4.0.10 as well
OK, I think there may indeed be a bug in raw2tiff.c in the code to guess the image dimensions guessSize() It calculates the correlation between two guessed scanlines. But if both are only 0's, correlation() results in Nan (and involves a divide by 0) I think before calling correlation() it should do a memcmp() to check if both scanlines are equals... And anyway any full 0 line trigger a divide by 0
Created an attachment (id=889) [details] proposed fix for raw2tiff.c
can I request for a CVE ID for this bug?
Bugzilla is no longer used for tracking libtiff issues. Remaining open tickets, such as this one, have been migrated to the libtiff GitLab instance at https://gitlab.com/libtiff/libtiff/issues . The migrated tickets have their summary prefixed with [BZ#XXXX] where XXXX is the initial Bugzilla issue number.