{"id":634,"date":"2016-11-09T16:20:41","date_gmt":"2016-11-09T14:20:41","guid":{"rendered":"http:\/\/blogs.gentoo.org\/ago\/?p=634"},"modified":"2016-11-09T16:20:41","modified_gmt":"2016-11-09T14:20:41","slug":"libtiff-memory-allocation-failure-in-_tiffcheckrealloc-tif_aux-c","status":"publish","type":"post","link":"https:\/\/blogs.gentoo.org\/ago\/2016\/11\/09\/libtiff-memory-allocation-failure-in-_tiffcheckrealloc-tif_aux-c\/","title":{"rendered":"libtiff: memory allocation failure in _TIFFCheckRealloc (tif_aux.c)"},"content":{"rendered":"

Description<\/strong>:
\nlibtiff<\/a> is a software that provides support for the Tag Image File Format (TIFF).<\/p>\n

During the fuzz of imagemagick, I noticed a memory allocation failure in libtiff. The issue was first reported to the imagemagick’s developers which confirmed that the issue resides in libtiff instead of imagemagick.<\/p>\n

The complete ASan output:<\/p>\n

# identify $FILE\r\n==26726==ERROR: AddressSanitizer failed to allocate 0x4195c4000 (17605345280) bytes of LargeMmapAllocator (error code: 12)\r\n==26726==Process memory map follows:\r\n        0x000000400000-0x000000520000   \/usr\/bin\/magick\r\n        0x000000720000-0x000000721000   \/usr\/bin\/magick\r\n        0x000000721000-0x000000724000   \/usr\/bin\/magick\r\n        0x000000724000-0x000001397000\r\n        0x00007fff7000-0x00008fff7000\r\n        0x00008fff7000-0x02008fff7000\r\n        0x02008fff7000-0x10007fff8000\r\n        0x600000000000-0x602000000000                                                                                                                                                                                                                                          \r\n        0x602000000000-0x602000010000                                                                                                                                                                                                                                          \r\n        0x602000010000-0x603000000000                                                                                                                                                                                                                                          \r\n        0x603000000000-0x603000010000                                                                                                                                                                                                                                          \r\n        0x603000010000-0x604000000000                                                                                                                                                                                                                                          \r\n        0x604000000000-0x604000020000                                                                                                                                                                                                                                          \r\n        0x604000020000-0x606000000000                                                                                                                                                                                                                                          \r\n        0x606000000000-0x606000020000                                                                                                                                                                                                                                          \r\n        0x606000020000-0x607000000000                                                                                                                                                                                                                                          \r\n        0x607000000000-0x607000010000                                                                                                                                                                                                                                          \r\n        0x607000010000-0x608000000000                                                                                                                                                                                                                                          \r\n        0x608000000000-0x608000010000                                                                                                                                                                                                                                          \r\n        0x608000010000-0x60a000000000                                                                                                                                                                                                                                          \r\n        0x60a000000000-0x60a000020000                                                                                                                                                                                                                                          \r\n        0x60a000020000-0x60b000000000                                                                                                                                                                                                                                          \r\n        0x60b000000000-0x60b000010000                                                                                                                                                                                                                                          \r\n        0x60b000010000-0x60c000000000                                                                                                                                                                                                                                          \r\n        0x60c000000000-0x60c000010000                                                                                                                                                                                                                                          \r\n        0x60c000010000-0x60d000000000                                                                                                                                                                                                                                          \r\n        0x60d000000000-0x60d000010000                                                                                                                                                                                                                                          \r\n        0x60d000010000-0x60e000000000                                                                                                                                                                                                                                          \r\n        0x60e000000000-0x60e000010000                                                                                                                                                                                                                                          \r\n        0x60e000010000-0x60f000000000                                                                                                                                                                                                                                          \r\n        0x60f000000000-0x60f000010000                                                                                                                                                                                                                                          \r\n        0x60f000010000-0x610000000000                                                                                                                                                                                                                                          \r\n        0x610000000000-0x610000010000                                                                                                                                                                                                                                          \r\n        0x610000010000-0x611000000000                                                                                                                                                                                                                                          \r\n        0x611000000000-0x611000010000                                                                                                                                                                                                                                          \r\n        0x611000010000-0x612000000000                                                                                                                                                                                                                                          \r\n        0x612000000000-0x612000010000                                                                                                                                                                                                                                          \r\n        0x612000010000-0x613000000000                                                                                                                                                                                                                                          \r\n        0x613000000000-0x613000010000                                                                                                                                                                                                                                          \r\n        0x613000010000-0x614000000000                                                                                                                                                                                                                                          \r\n        0x614000000000-0x614000020000                                                                                                                                                                                                                                          \r\n        0x614000020000-0x615000000000                                                                                                                                                                                                                                          \r\n        0x615000000000-0x615000020000                                                                                                                                                                                                                                          \r\n        0x615000020000-0x616000000000                                                                                                                                                                                                                                          \r\n        0x616000000000-0x616000020000                                                                                                                                                                                                                                          \r\n        0x616000020000-0x618000000000                                                                                                                                                                                                                                          \r\n        0x618000000000-0x618000020000                                                                                                                                                                                                                                          \r\n        0x618000020000-0x619000000000                                                                                                                                                                                                                                          \r\n        0x619000000000-0x619000020000                                                                                                                                                                                                                                          \r\n        0x619000020000-0x61a000000000                                                                                                                                                                                                                                          \r\n        0x61a000000000-0x61a000020000                                                                                                                                                                                                                                          \r\n        0x61a000020000-0x61b000000000\r\n        0x61b000000000-0x61b000020000\r\n        0x61b000020000-0x61d000000000\r\n        0x61d000000000-0x61d000020000\r\n        0x61d000020000-0x621000000000\r\n        0x621000000000-0x621000020000\r\n        0x621000020000-0x622000000000\r\n        0x622000000000-0x622000020000\r\n        0x622000020000-0x623000000000\r\n        0x623000000000-0x623000020000\r\n        0x623000020000-0x624000000000\r\n        0x624000000000-0x624000020000\r\n        0x624000020000-0x625000000000\r\n        0x625000000000-0x625000020000\r\n        0x625000020000-0x627000000000\r\n        0x627000000000-0x627000030000\r\n        0x627000030000-0x629000000000\r\n        0x629000000000-0x629000010000\r\n        0x629000010000-0x62f000000000\r\n        0x62f000000000-0x62f000030000\r\n        0x62f000030000-0x640000000000\r\n        0x640000000000-0x640000003000\r\n        0x7fa3c74b3000-0x7fa3c7517000   \/usr\/lib64\/libtiff.so.5.2.4\r\n        0x7fa3c7517000-0x7fa3c7717000   \/usr\/lib64\/libtiff.so.5.2.4\r\n        0x7fa3c7717000-0x7fa3c7718000   \/usr\/lib64\/libtiff.so.5.2.4\r\n        0x7fa3c7718000-0x7fa3c771b000   \/usr\/lib64\/libtiff.so.5.2.4\r\n        0x7fa3c771b000-0x7fa3c771c000\r\n        0x7fa3c771c000-0x7fa3c7786000   \/usr\/lib64\/ImageMagick-7.0.3\/modules-Q64HDRI\/coders\/tiff.so\r\n        0x7fa3c7786000-0x7fa3c7986000   \/usr\/lib64\/ImageMagick-7.0.3\/modules-Q64HDRI\/coders\/tiff.so\r\n        0x7fa3c7986000-0x7fa3c7988000   \/usr\/lib64\/ImageMagick-7.0.3\/modules-Q64HDRI\/coders\/tiff.so\r\n        0x7fa3c7988000-0x7fa3c798e000   \/usr\/lib64\/ImageMagick-7.0.3\/modules-Q64HDRI\/coders\/tiff.so\r\n        0x7fa3c798e000-0x7fa3ce000000   \/usr\/lib64\/locale\/locale-archive\r\n        0x7fa3ce000000-0x7fa3ce100000\r\n        0x7fa3ce200000-0x7fa3ce300000\r\n        0x7fa3ce31d000-0x7fa3d066f000\r\n        0x7fa3d066f000-0x7fa3d0696000   \/usr\/lib64\/libexpat.so.1.6.0\r\n        0x7fa3d0696000-0x7fa3d0895000   \/usr\/lib64\/libexpat.so.1.6.0\r\n        0x7fa3d0895000-0x7fa3d0898000   \/usr\/lib64\/libexpat.so.1.6.0\r\n        0x7fa3d0898000-0x7fa3d0899000   \/usr\/lib64\/libexpat.so.1.6.0\r\n        0x7fa3d0899000-0x7fa3d09ce000   \/usr\/lib64\/libglib-2.0.so.0.4600.2\r\n        0x7fa3d09ce000-0x7fa3d0bce000   \/usr\/lib64\/libglib-2.0.so.0.4600.2\r\n        0x7fa3d0bce000-0x7fa3d0bcf000   \/usr\/lib64\/libglib-2.0.so.0.4600.2\r\n        0x7fa3d0bcf000-0x7fa3d0bd0000   \/usr\/lib64\/libglib-2.0.so.0.4600.2\r\n        0x7fa3d0bd0000-0x7fa3d0bd1000\r\n        0x7fa3d0bd1000-0x7fa3d0bda000   \/usr\/lib64\/libltdl.so.7.3.1\r\n        0x7fa3d0bda000-0x7fa3d0dd9000   \/usr\/lib64\/libltdl.so.7.3.1\r\n        0x7fa3d0dd9000-0x7fa3d0dda000   \/usr\/lib64\/libltdl.so.7.3.1\r\n        0x7fa3d0dda000-0x7fa3d0ddb000   \/usr\/lib64\/libltdl.so.7.3.1\r\n        0x7fa3d0ddb000-0x7fa3d0df0000   \/lib64\/libz.so.1.2.8\r\n        0x7fa3d0df0000-0x7fa3d0fef000   \/lib64\/libz.so.1.2.8\r\n        0x7fa3d0fef000-0x7fa3d0ff0000   \/lib64\/libz.so.1.2.8\r\n        0x7fa3d0ff0000-0x7fa3d0ff1000   \/lib64\/libz.so.1.2.8\r\n        0x7fa3d0ff1000-0x7fa3d1000000   \/lib64\/libbz2.so.1.0.6\r\n        0x7fa3d1000000-0x7fa3d11ff000   \/lib64\/libbz2.so.1.0.6\r\n        0x7fa3d11ff000-0x7fa3d1200000   \/lib64\/libbz2.so.1.0.6\r\n        0x7fa3d1200000-0x7fa3d1201000   \/lib64\/libbz2.so.1.0.6\r\n        0x7fa3d1201000-0x7fa3d12a8000   \/usr\/lib64\/libfreetype.so.6.12.3\r\n        0x7fa3d12a8000-0x7fa3d14a8000   \/usr\/lib64\/libfreetype.so.6.12.3\r\n        0x7fa3d14a8000-0x7fa3d14ae000   \/usr\/lib64\/libfreetype.so.6.12.3\r\n        0x7fa3d14ae000-0x7fa3d14af000   \/usr\/lib64\/libfreetype.so.6.12.3\r\n        0x7fa3d14af000-0x7fa3d14ea000   \/usr\/lib64\/libfontconfig.so.1.8.0\r\n        0x7fa3d14ea000-0x7fa3d16e9000   \/usr\/lib64\/libfontconfig.so.1.8.0\r\n        0x7fa3d16e9000-0x7fa3d16eb000   \/usr\/lib64\/libfontconfig.so.1.8.0\r\n        0x7fa3d16eb000-0x7fa3d16ec000   \/usr\/lib64\/libfontconfig.so.1.8.0\r\n        0x7fa3d16ec000-0x7fa3d18e1000   \/usr\/lib64\/libfftw3.so.3.4.4\r\n        0x7fa3d18e1000-0x7fa3d1ae0000   \/usr\/lib64\/libfftw3.so.3.4.4\r\n        0x7fa3d1ae0000-0x7fa3d1af4000   \/usr\/lib64\/libfftw3.so.3.4.4\r\n        0x7fa3d1af4000-0x7fa3d1af5000   \/usr\/lib64\/libfftw3.so.3.4.4\r\n        0x7fa3d1af5000-0x7fa3d1b03000   \/usr\/lib64\/liblqr-1.so.0.3.2\r\n        0x7fa3d1b03000-0x7fa3d1d02000   \/usr\/lib64\/liblqr-1.so.0.3.2\r\n        0x7fa3d1d02000-0x7fa3d1d03000   \/usr\/lib64\/liblqr-1.so.0.3.2\r\n        0x7fa3d1d03000-0x7fa3d1d04000   \/usr\/lib64\/liblqr-1.so.0.3.2\r\n        0x7fa3d1d04000-0x7fa3d1d57000   \/usr\/lib64\/liblcms2.so.2.0.6\r\n        0x7fa3d1d57000-0x7fa3d1f57000   \/usr\/lib64\/liblcms2.so.2.0.6\r\n        0x7fa3d1f57000-0x7fa3d1f58000   \/usr\/lib64\/liblcms2.so.2.0.6\r\n        0x7fa3d1f58000-0x7fa3d1f5d000   \/usr\/lib64\/liblcms2.so.2.0.6\r\n        0x7fa3d1f5d000-0x7fa3d20f0000   \/lib64\/libc-2.22.so\r\n        0x7fa3d20f0000-0x7fa3d22f0000   \/lib64\/libc-2.22.so\r\n        0x7fa3d22f0000-0x7fa3d22f4000   \/lib64\/libc-2.22.so\r\n        0x7fa3d22f4000-0x7fa3d22f6000   \/lib64\/libc-2.22.so\r\n        0x7fa3d22f6000-0x7fa3d22fa000\r\n        0x7fa3d22fa000-0x7fa3d2310000   \/usr\/lib64\/gcc\/x86_64-pc-linux-gnu\/4.9.3\/libgcc_s.so.1\r\n        0x7fa3d2310000-0x7fa3d250f000   \/usr\/lib64\/gcc\/x86_64-pc-linux-gnu\/4.9.3\/libgcc_s.so.1\r\n        0x7fa3d250f000-0x7fa3d2510000   \/usr\/lib64\/gcc\/x86_64-pc-linux-gnu\/4.9.3\/libgcc_s.so.1\r\n        0x7fa3d2510000-0x7fa3d2511000   \/usr\/lib64\/gcc\/x86_64-pc-linux-gnu\/4.9.3\/libgcc_s.so.1\r\n        0x7fa3d2511000-0x7fa3d2517000   \/lib64\/librt-2.22.so\r\n        0x7fa3d2517000-0x7fa3d2717000   \/lib64\/librt-2.22.so\r\n        0x7fa3d2717000-0x7fa3d2718000   \/lib64\/librt-2.22.so\r\n        0x7fa3d2718000-0x7fa3d2719000   \/lib64\/librt-2.22.so\r\n        0x7fa3d2719000-0x7fa3d2730000   \/lib64\/libpthread-2.22.so\r\n        0x7fa3d2730000-0x7fa3d292f000   \/lib64\/libpthread-2.22.so\r\n        0x7fa3d292f000-0x7fa3d2930000   \/lib64\/libpthread-2.22.so\r\n        0x7fa3d2930000-0x7fa3d2931000   \/lib64\/libpthread-2.22.so\r\n        0x7fa3d2931000-0x7fa3d2935000\r\n        0x7fa3d2935000-0x7fa3d2a32000   \/lib64\/libm-2.22.so\r\n        0x7fa3d2a32000-0x7fa3d2c31000   \/lib64\/libm-2.22.so\r\n        0x7fa3d2c31000-0x7fa3d2c32000   \/lib64\/libm-2.22.so\r\n        0x7fa3d2c32000-0x7fa3d2c33000   \/lib64\/libm-2.22.so\r\n        0x7fa3d2c33000-0x7fa3d2c35000   \/lib64\/libdl-2.22.so\r\n        0x7fa3d2c35000-0x7fa3d2e35000   \/lib64\/libdl-2.22.so\r\n        0x7fa3d2e35000-0x7fa3d2e36000   \/lib64\/libdl-2.22.so\r\n        0x7fa3d2e36000-0x7fa3d2e37000   \/lib64\/libdl-2.22.so\r\n        0x7fa3d2e37000-0x7fa3d32fd000   \/usr\/lib64\/libMagickWand-7.Q64HDRI.so.0.0.0\r\n        0x7fa3d32fd000-0x7fa3d34fc000   \/usr\/lib64\/libMagickWand-7.Q64HDRI.so.0.0.0\r\n        0x7fa3d34fc000-0x7fa3d3511000   \/usr\/lib64\/libMagickWand-7.Q64HDRI.so.0.0.0\r\n        0x7fa3d3511000-0x7fa3d3553000   \/usr\/lib64\/libMagickWand-7.Q64HDRI.so.0.0.0\r\n        0x7fa3d3553000-0x7fa3d40e6000   \/usr\/lib64\/libMagickCore-7.Q64HDRI.so.0.0.0\r\n        0x7fa3d40e6000-0x7fa3d42e5000   \/usr\/lib64\/libMagickCore-7.Q64HDRI.so.0.0.0\r\n        0x7fa3d42e5000-0x7fa3d431e000   \/usr\/lib64\/libMagickCore-7.Q64HDRI.so.0.0.0\r\n        0x7fa3d431e000-0x7fa3d4390000   \/usr\/lib64\/libMagickCore-7.Q64HDRI.so.0.0.0\r\n        0x7fa3d4390000-0x7fa3d4393000\r\n        0x7fa3d4393000-0x7fa3d43b5000   \/lib64\/ld-2.22.so\r\n        0x7fa3d44ad000-0x7fa3d44cd000\r\n        0x7fa3d44cd000-0x7fa3d44f0000   \/usr\/share\/locale\/it\/LC_MESSAGES\/libc.mo\r\n        0x7fa3d44f0000-0x7fa3d44f1000\r\n        0x7fa3d44f5000-0x7fa3d45a7000\r\n        0x7fa3d45a7000-0x7fa3d45b4000\r\n        0x7fa3d45b4000-0x7fa3d45b5000   \/lib64\/ld-2.22.so\r\n        0x7fa3d45b5000-0x7fa3d45b6000   \/lib64\/ld-2.22.so\r\n        0x7fa3d45b6000-0x7fa3d45b7000\r\n        0x7fff923b9000-0x7fff923da000   [stack]\r\n        0x7fff923de000-0x7fff923e0000   [vvar]\r\n        0x7fff923e0000-0x7fff923e2000   [vdso]\r\n        0xffffffffff600000-0xffffffffff601000   [vsyscall]\r\n==26726==End of process memory map.\r\n==26726==AddressSanitizer CHECK failed: \/var\/tmp\/portage\/sys-devel\/llvm-3.8.1-r2\/work\/llvm-3.8.1.src\/projects\/compiler-rt\/lib\/sanitizer_common\/sanitizer_common.cc:183 \"((0 && \"unable to mmap\")) != (0)\" (0x0, 0x0)\r\n    #0 0x4c9f9d in AsanCheckFailed \/var\/tmp\/portage\/sys-devel\/llvm-3.8.1-r2\/work\/llvm-3.8.1.src\/projects\/compiler-rt\/lib\/asan\/asan_rtl.cc:67\r\n    #1 0x4d0ad3 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) \/var\/tmp\/portage\/sys-devel\/llvm-3.8.1-r2\/work\/llvm-3.8.1.src\/projects\/compiler-rt\/lib\/sanitizer_common\/sanitizer_common.cc:159\r\n    #2 0x4d0cc1 in __sanitizer::ReportMmapFailureAndDie(unsigned long, char const*, char const*, int, bool) \/var\/tmp\/portage\/sys-devel\/llvm-3.8.1-r2\/work\/llvm-3.8.1.src\/projects\/compiler-rt\/lib\/sanitizer_common\/sanitizer_common.cc:183\r\n    #3 0x4d9cfa in __sanitizer::MmapOrDie(unsigned long, char const*, bool) \/var\/tmp\/portage\/sys-devel\/llvm-3.8.1-r2\/work\/llvm-3.8.1.src\/projects\/compiler-rt\/lib\/sanitizer_common\/sanitizer_posix.cc:122\r\n    #4 0x4244ea in __sanitizer::LargeMmapAllocator::Allocate(__sanitizer::AllocatorStats*, unsigned long, unsigned long) \/var\/tmp\/portage\/sys-devel\/llvm-3.8.1-r2\/work\/llvm-3.8.1.src\/projects\/compiler-rt\/lib\/asan\/..\/sanitizer_common\/sanitizer_allocator.h:1033\r\n    #5 0x4244ea in __sanitizer::CombinedAllocator<__sanitizer::SizeClassAllocator64<105553116266496ul, 4398046511104ul, 0ul, __sanitizer::SizeClassMap, __asan::AsanMapUnmapCallback>, __sanitizer::SizeClassAllocatorLocalCache<__sanitizer::SizeClassAllocator64<105553116266496ul, 4398046511104ul, 0ul, __sanitizer::SizeClassMap, __asan::AsanMapUnmapCallback> >, __sanitizer::LargeMmapAllocator >::Allocate(__sanitizer::SizeClassAllocatorLocalCache<__sanitizer::SizeClassAllocator64<105553116266496ul, 4398046511104ul, 0ul, __sanitizer::SizeClassMap, __asan::AsanMapUnmapCallback> >*, unsigned long, unsigned long, bool, bool) \/var\/tmp\/portage\/sys-devel\/llvm-3.8.1-r2\/work\/llvm-3.8.1.src\/projects\/compiler-rt\/lib\/asan\/..\/sanitizer_common\/sanitizer_allocator.h:1302\r\n    #6 0x4244ea in __asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool) \/var\/tmp\/portage\/sys-devel\/llvm-3.8.1-r2\/work\/llvm-3.8.1.src\/projects\/compiler-rt\/lib\/asan\/asan_allocator.cc:368\r\n    #7 0x4c09e1 in realloc \/var\/tmp\/portage\/sys-devel\/llvm-3.8.1-r2\/work\/llvm-3.8.1.src\/projects\/compiler-rt\/lib\/asan\/asan_malloc_linux.cc:79\r\n    #8 0x7fa3c74badcb in _TIFFCheckRealloc \/tmp\/portage\/media-libs\/tiff-4.0.6\/work\/tiff-4.0.6\/libtiff\/tif_aux.c:73\r\n    #9 0x7fa3c74c8599 in ChopUpSingleUncompressedStrip \/tmp\/portage\/media-libs\/tiff-4.0.6\/work\/tiff-4.0.6\/libtiff\/tif_dirread.c:5519\r\n    #10 0x7fa3c74c8599 in TIFFReadDirectory \/tmp\/portage\/media-libs\/tiff-4.0.6\/work\/tiff-4.0.6\/libtiff\/tif_dirread.c:4032\r\n    #11 0x7fa3c74e1d21 in TIFFClientOpen \/tmp\/portage\/media-libs\/tiff-4.0.6\/work\/tiff-4.0.6\/libtiff\/tif_open.c:466\r\n    #12 0x7fa3c7731955 in ReadTIFFImage \/tmp\/portage\/media-gfx\/imagemagick-7.0.3.0\/work\/ImageMagick-7.0.3-0\/coders\/tiff.c:1160:8\r\n    #13 0x7fa3d37beb12 in ReadImage \/tmp\/portage\/media-gfx\/imagemagick-7.0.3.0\/work\/ImageMagick-7.0.3-0\/MagickCore\/constitute.c:496:13\r\n    #14 0x7fa3d3f56406 in ReadStream \/tmp\/portage\/media-gfx\/imagemagick-7.0.3.0\/work\/ImageMagick-7.0.3-0\/MagickCore\/stream.c:1012:9\r\n    #15 0x7fa3d37bd5ca in PingImage \/tmp\/portage\/media-gfx\/imagemagick-7.0.3.0\/work\/ImageMagick-7.0.3-0\/MagickCore\/constitute.c:226:9\r\n    #16 0x7fa3d37bde25 in PingImages \/tmp\/portage\/media-gfx\/imagemagick-7.0.3.0\/work\/ImageMagick-7.0.3-0\/MagickCore\/constitute.c:326:10\r\n    #17 0x7fa3d30434c3 in IdentifyImageCommand \/tmp\/portage\/media-gfx\/imagemagick-7.0.3.0\/work\/ImageMagick-7.0.3-0\/MagickWand\/identify.c:319:18\r\n    #18 0x7fa3d30d926a in MagickCommandGenesis \/tmp\/portage\/media-gfx\/imagemagick-7.0.3.0\/work\/ImageMagick-7.0.3-0\/MagickWand\/mogrify.c:183:14\r\n    #19 0x4f1fb5 in MagickMain \/tmp\/portage\/media-gfx\/imagemagick-7.0.3.0\/work\/ImageMagick-7.0.3-0\/utilities\/magick.c:145:10\r\n    #20 0x4f1fb5 in main \/tmp\/portage\/media-gfx\/imagemagick-7.0.3.0\/work\/ImageMagick-7.0.3-0\/utilities\/magick.c:176\r\n    #21 0x7fa3d1f7d61f in __libc_start_main \/var\/tmp\/portage\/sys-libs\/glibc-2.22-r4\/work\/glibc-2.22\/csu\/libc-start.c:289\r\n    #22 0x419138 in _init (\/usr\/bin\/magick+0x419138)\r\n<\/font><\/pre>\n
Affected version:<\/strong>
\n4.0.6<\/p>\n
Fixed version:<\/strong>
\nN\/A<\/p>\n
Commit fix:<\/strong>
\nN\/A<\/p>\n
Credit:<\/strong>
\nThis bug was discovered by Agostino Sarubbo of Gentoo.<\/p>\n
CVE:<\/strong>
\nN\/A<\/p>\n
Reproducer:<\/strong>
\nhttps:\/\/github.com\/asarubbo\/poc\/blob\/master\/00032-libtiff-memalloc-_TIFFCheckRealloc<\/a><\/p>\n
Timeline:<\/strong>
\n2016-09-14: bug discovered
\n2016-11-04: bug reported to upstream
\n2016-11-09: blog post about the issue<\/p>\n
Note:<\/strong>
\nThis bug was found with American Fuzzy Lop<\/a>.<\/p>\n
Permalink:<\/strong><\/p>\n
libtiff: memory allocation failure in _TIFFCheckRealloc (tif_aux.c)<\/a><\/p><\/blockquote>\n