[Bug 48927] New: Heap buffer underflow in TiffFrameDecode_ReadTile when decoding 1x1 4bpp RGBA image

13 Apr 2020


      https://bugs.winehq.org/show_bug.cgi?id=48927
Bug ID: 48927
           Summary: Heap buffer underflow in TiffFrameDecode_ReadTile when
                    decoding 1x1 4bpp RGBA image
           Product: Wine-staging
           Version: unspecified
          Hardware: x86
                OS: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: -unknown
          Assignee: wine-bugs@winehq.org
          Reporter: thomas.faber@reactos.org
                CC: leslie_alistair@hotmail.com, z.figura12@gmail.com
      Distribution: ---
Created attachment 66887
  --> https://bugs.winehq.org/attachment.cgi?id=66887
Debugger info from ReactOS
ReactOS bug for reference: https://jira.reactos.org/browse/CORE-16796
Apologies for not reproducing this on Wine; the bug & fix are pretty simple
though.
The gdiplus:image test tries to decode a 1x1 TIFF image, and
TiffFrameDecode_ReadTile assumes that the cached_tile is large enough for an
even number of output pixels (i.e. a full number of input bytes).
The issue appears to be with this Staging patch:
https://github.com/wine-staging/wine-staging/blob/master/patches/windowscode...
The attachment has a backtrace and relevant variables. The line numbers may not
match but the underflow got caught at:
            dst[0] = (b & 0x20) ? 0xff : 0; /* B */
-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

[Bug 48927] New: Heap buffer underflow in TiffFrameDecode_ReadTile when decoding 1x1 4bpp RGBA image