Menu

#710 Undefined behavior while passing a null pointer as an argument to a nonnull function.

v1.0_(example)
closed-fixed
Bob Friesenhahn
None
5
2023-04-29
2023-04-17
babybus
No

Command Input

gm convert poc_file /dev/null

poc_file are attached.

Sanitizer Dump

coders/tiff.c:2349:9: runtime error: null pointer passed as argument 2, which is declared to never be null
/usr/include/string.h:44:28: note: nonnull attribute specified here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior coders/tiff.c:2349:9 in

Environment

  • OS: Ubuntu 20.04.1
  • Clang:12.0.0
  • GraphicsMagick: GraphicsMagick-1.3.40

we built GraphicsMagick with UndefinedBehaviourSanitizer (UBSAN).

  CC       = clang
  CFLAGS   = -fopenmp -fsanitize=undefined -g -O0 -Wall
  CPPFLAGS = -I/usr/include/freetype2 -I/usr/include/libxml2
  CXX      = clang++
  CXXFLAGS = -fsanitize=undefined -g -O0
  DEFS     = -DHAVE_CONFIG_H
  LDFLAGS  = 
  LIBS     = -ljbig -lwebp -lwebpmux -ltiff -lfreetype -ljpeg -lpng16 -lXext -lSM -lICE -lX11 -llzma -lbz2 -lxml2 -lz -lm -lpthread
1 Attachments
poc_file

Discussion

  • Bob Friesenhahn

    Bob Friesenhahn - 2023-04-17
    • assigned_to: Bob Friesenhahn
     

  • Bob Friesenhahn

    Bob Friesenhahn - 2023-04-29
     

  • Bob Friesenhahn

    Bob Friesenhahn - 2023-04-29

    This issue seems to depend on the version of libtiff used. With current libtiff I get this error message from libtiff, and there is no crash:

    Defined set_field_type of custom tag 230 (Tag 230) is TIFF_SETGET_UNDEFINED and thus tag is not read from file. (TIFFFetchNormalTag)

    I will add more defensive programming for the case where libtiff reports apparent success but useful values are not returned.

     

  • Bob Friesenhahn

    Bob Friesenhahn - 2023-04-29
    • status: open --> closed-fixed
    • private: Yes --> No
     

  • Bob Friesenhahn

    Bob Friesenhahn - 2023-04-29

    This issue is fixed by Mercurial changeset 17037:c9b750fbb01f

     

Log in to post a comment.

MongoDB Logo MongoDB