Date: Mon, 10 Apr 2017 07:03:25 +0000 From: "Agostino Sarubbo" <ago@...too.org> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: CVE-2017-7592: libtiff: left shift http://bugzilla.maptools.org/show_bug.cgi?id=2658 : In tif_getimage.c, in function putagreytile, there is a shift of unsigned char by 24: *(pp+1) << 24. Since there is no cast, *(pp+1) is treated as int, so UndefinedBehaviorSanitizer says: runtime error: left shift of 134 by 24 places cannot be represented in type 'int' Maybe we could have something like: *cp++ = BWmap[*pp] & ((uint32)*(pp+1) << 24 | ~A1); ########### Fixed per 2017-01-11 Even Rouault <even.rouault at spatialys.com> * libtiff/tif_getimage.c: add explicit uint32 cast in putagreytile to avoid UndefinedBehaviorSanitizer warning. Patch by Nicolás Peña. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2658 -- Agostino Sarubbo Gentoo Linux Developer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ