Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 10 Apr 2017 07:03:25 +0000
From: "Agostino Sarubbo" <ago@...too.org>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: CVE-2017-7592: libtiff: left shift

http://bugzilla.maptools.org/show_bug.cgi?id=2658 :

In tif_getimage.c, in function putagreytile, there is a shift of unsigned char
by 24:
*(pp+1) << 24.

Since there is no cast, *(pp+1) is treated as int, so
UndefinedBehaviorSanitizer says:
runtime error: left shift of 134 by 24 places cannot be represented in type
'int'

Maybe we could have something like:

*cp++ = BWmap[*pp][0] & ((uint32)*(pp+1) << 24 | ~A1);

###########

Fixed per

2017-01-11 Even Rouault <even.rouault at spatialys.com>

        * libtiff/tif_getimage.c: add explicit uint32 cast in putagreytile to
        avoid UndefinedBehaviorSanitizer warning.
        Patch by Nicolás Peña.
        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2658

--
Agostino Sarubbo
Gentoo Linux Developer


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ