https://bugs.winehq.org/show_bug.cgi?id=48927 Bug ID: 48927 Summary: Heap buffer underflow in TiffFrameDecode_ReadTile when decoding 1x1 4bpp RGBA image Product: Wine-staging Version: unspecified Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs(a)winehq.org Reporter: thomas.faber(a)reactos.org CC: leslie_alistair(a)hotmail.com, z.figura12(a)gmail.com Distribution: --- Created attachment 66887 --> https://bugs.winehq.org/attachment.cgi?id=66887 Debugger info from ReactOS ReactOS bug for reference: https://jira.reactos.org/browse/CORE-16796 Apologies for not reproducing this on Wine; the bug & fix are pretty simple though. The gdiplus:image test tries to decode a 1x1 TIFF image, and TiffFrameDecode_ReadTile assumes that the cached_tile is large enough for an even number of output pixels (i.e. a full number of input bytes). The issue appears to be with this Staging patch: https://github.com/wine-staging/wine-staging/blob/master/patches/windowscode... The attachment has a backtrace and relevant variables. The line numbers may not match but the underflow got caught at: dst[0] = (b & 0x20) ? 0xff : 0; /* B */ -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.