Ola Lundqvist <ola@inguza.com> writes:
> Interesting. I wonder what the fix do differently in this case. It is a
> little worrying that it exit with a zero return code, but maybe not major.
> On the other hand, if we cannot reproduce the problem maybe it is not worth
> patching... Hmm.
I tried to reproduce this in a stretch chroot using version
4.0.9-1. This version should be vulerable, it is the version mentioned
in the upstream bug report:
http://bugzilla.maptools.org/show_bug.cgi?id=2819
Still can't reproduce:
(stretch-amd64-default)root@silverfish:/tmp/brian/tmpog1hq_fw/build/amd64# tiff2bw /tmp/poc /dev/null
TIFFReadDirectory: Warning, Unknown field with tag 292 (0x124) encountered.
LZWDecode: Not enough data at scanline 0 (short 6442004472 bytes).
TIFFWriteDirectoryTagData: IO error writing tag data.
>From upstream bug report:
$ ./tiff2bw poc /dev/null
TIFFReadDirectory: Warning, Unknown field with tag 292 (0x124) encountered.
Segmentation fault
I might have missed something, however I can't see any sign of any
Debian specific changes in 4.0.9-1 either.
--
Brian May <bam@debian.org>