[Bug 48927] New: Heap buffer underflow in TiffFrameDecode_ReadTile when decoding 1x1 4bpp RGBA image
WineHQ Bugzilla
wine-bugs at winehq.org
Mon Apr 13 10:45:04 CDT 2020
https://bugs.winehq.org/show_bug.cgi?id=48927
Bug ID: 48927
Summary: Heap buffer underflow in TiffFrameDecode_ReadTile when
decoding 1x1 4bpp RGBA image
Product: Wine-staging
Version: unspecified
Hardware: x86
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: -unknown
Assignee: wine-bugs at winehq.org
Reporter: thomas.faber at reactos.org
CC: leslie_alistair at hotmail.com, z.figura12 at gmail.com
Distribution: ---
Created attachment 66887
--> https://bugs.winehq.org/attachment.cgi?id=66887
Debugger info from ReactOS
ReactOS bug for reference: https://jira.reactos.org/browse/CORE-16796
Apologies for not reproducing this on Wine; the bug & fix are pretty simple
though.
The gdiplus:image test tries to decode a 1x1 TIFF image, and
TiffFrameDecode_ReadTile assumes that the cached_tile is large enough for an
even number of output pixels (i.e. a full number of input bytes).
The issue appears to be with this Staging patch:
https://github.com/wine-staging/wine-staging/blob/master/patches/windowscodecs-TIFF_Support/0012-windowscodecs-Add-support-for-4bpp-RGBA-format-to-TI.patch
The attachment has a backtrace and relevant variables. The line numbers may not
match but the underflow got caught at:
dst[0] = (b & 0x20) ? 0xff : 0; /* B */
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list