Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/image/tiff: integer divide by zero #10711

Closed
dvyukov opened this issue May 6, 2015 · 2 comments
Closed

x/image/tiff: integer divide by zero #10711

dvyukov opened this issue May 6, 2015 · 2 comments
Labels
FrozenDueToAge
Milestone
Unreleased

Comments

@dvyukov
Copy link
Member

dvyukov commented May 6, 2015

The following program crashes with panic:

package main

import (
    "bytes"
    "golang.org/x/image/tiff"
)

func main() {
    cfg, err := tiff.DecodeConfig(bytes.NewReader([]byte(data)))
    if err != nil || cfg.Width*cfg.Height > 1e6 {
        return
    }
    img, err := tiff.Decode(bytes.NewReader([]byte(data)))
    if err != nil {
        return
    }
    var w bytes.Buffer
    err = tiff.Encode(&w, img, nil)
    if err != nil {
        panic(err)
    }
}

var data = "II*\x00Z\x02\x00\x00000000000000" +
    "00000000000000000000" +
    "00000000000000000000" +
    "00000000000000000000" +
    "00000000000000000000" +
    "00000000000000000000" +
    "00000000000000000000" +
    "00000000000000000000" +
    "00000000000000000000" +
    "00000000000000000000" +
    "00000000000000000000" +
    "00000000000000000000" +
    "00000000000000000000" +
    "00000000000000000000" +
    "00000000000000000000" +
    "00000000000000000000" +
    "00000000000000000000" +
    "00000000000000000000" +
    "00000000000000000000" +
    "00000000000000000000" +
    "00000000000000000000" +
    "00000000000000000000" +
    "00000000000000000000" +
    "00000000000000000000" +
    "00000000000000000000" +
    "00000000000000000000" +
    "0.000000000000000000" +
    "00000000000000000000" +
    "00000000000000000000" +
    "00000000000000000000" +
    "00\x10\x00000000000000\x00\x01\x03\x00" +
    "0\x00\x00\x000\x00\x00\x00\x01\x01\x03\x00\x01\x00\x00\x000\x0000" +
    "\x02\x01\x03\x00\x01\x00\x00\x00\x00\x0000\x03\x01\x03\x00\x01\x00\x00\x00" +
    "\x05\x80000000000000000000" +
    "00000000\x11\x01\x04\x000\x00\x00\x000\x00\x00\x00" +
    "00000000000000000000" +
    "0000000000000000\x17\x01\x04\x00" +
    "0\x00\x00\x000\x02\x00\x00000000000000" +
    "00000000000000000000" +
    "0000000000000000"
panic: runtime error: integer divide by zero

goroutine 1 [running]:
golang.org/x/image/tiff.(*decoder).decode(0xc2080700a0, 0x7ff2dbbdb3c0, 0xc208012440, 0x0, 0x0, 0x3030, 0x30, 0x0, 0x0)
    src/golang.org/x/image/tiff/reader.go:278 +0xa7c
golang.org/x/image/tiff.Decode(0x7ff2dbbdb260, 0xc208016450, 0x7ff2dbbdb3c0, 0xc208012440, 0x0, 0x0)
    src/golang.org/x/image/tiff/reader.go:656 +0xb39
main.main()
    test.go:13 +0x278

on commit 4a3ed0c1249ebedab3c715c000034638f1cad002
@gopherbot
Copy link

CL https://golang.org/cl/10485 mentions this issue.

@ianlancetaylor ianlancetaylor added this to the Unreleased milestone Jun 3, 2015
@gopherbot
Copy link

CL https://golang.org/cl/10943 mentions this issue.

@golang golang locked and limited conversation to collaborators Jun 25, 2016
mrhyperbit23z0d added a commit to mrhyperbit23z0d/bhegde8 that referenced this issue Jun 6, 2022
@mrhyperbit23z0d
image/tiff: do not allow zero bits per sample
e29abf2 
Fuzzing detected a divide by zero in images with 0 bits
per sample. Instead of panicing, return an error. Do more
validation of bits per sample so that the package only
supports what we've actually tested.

Fixes golang/go#10711.

Change-Id: Ib41b5cd798c32b06429164c9bc471f5f321d88c5
Reviewed-on: https://go-review.googlesource.com/10943
Reviewed-by: Benny Siegert <bsiegert@gmail.com>
Reviewed-by: Nigel Tao <nigeltao@golang.org>
GalaxyForcew added a commit to GalaxyForcew/A1bisshy that referenced this issue Jun 6, 2022
@GalaxyForcew
image/tiff: do not allow zero bits per sample
530b65d 
Fuzzing detected a divide by zero in images with 0 bits
per sample. Instead of panicing, return an error. Do more
validation of bits per sample so that the package only
supports what we've actually tested.

Fixes golang/go#10711.

Change-Id: Ib41b5cd798c32b06429164c9bc471f5f321d88c5
Reviewed-on: https://go-review.googlesource.com/10943
Reviewed-by: Benny Siegert <bsiegert@gmail.com>
Reviewed-by: Nigel Tao <nigeltao@golang.org>
yi-ge3 added a commit to yi-ge3/wislie that referenced this issue Jun 6, 2022
@yi-ge3
image/tiff: do not allow zero bits per sample
7cde6eb 
Fuzzing detected a divide by zero in images with 0 bits
per sample. Instead of panicing, return an error. Do more
validation of bits per sample so that the package only
supports what we've actually tested.

Fixes golang/go#10711.

Change-Id: Ib41b5cd798c32b06429164c9bc471f5f321d88c5
Reviewed-on: https://go-review.googlesource.com/10943
Reviewed-by: Benny Siegert <bsiegert@gmail.com>
Reviewed-by: Nigel Tao <nigeltao@golang.org>
balloontmz6 added a commit to balloontmz6/Likewise42l that referenced this issue Jun 6, 2022
@balloontmz6
image/tiff: do not allow zero bits per sample
add94eb 
Fuzzing detected a divide by zero in images with 0 bits
per sample. Instead of panicing, return an error. Do more
validation of bits per sample so that the package only
supports what we've actually tested.

Fixes golang/go#10711.

Change-Id: Ib41b5cd798c32b06429164c9bc471f5f321d88c5
Reviewed-on: https://go-review.googlesource.com/10943
Reviewed-by: Benny Siegert <bsiegert@gmail.com>
Reviewed-by: Nigel Tao <nigeltao@golang.org>
snapbakkhfbav added a commit to snapbakkhfbav/SayedBaladohr that referenced this issue Oct 6, 2022
@snapbakkhfbav
image/tiff: do not allow zero bits per sample
fc5fcca 
Fuzzing detected a divide by zero in images with 0 bits
per sample. Instead of panicing, return an error. Do more
validation of bits per sample so that the package only
supports what we've actually tested.

Fixes golang/go#10711.

Change-Id: Ib41b5cd798c32b06429164c9bc471f5f321d88c5
Reviewed-on: https://go-review.googlesource.com/10943
Reviewed-by: Benny Siegert <bsiegert@gmail.com>
Reviewed-by: Nigel Tao <nigeltao@golang.org>
MiderWong5ddop added a commit to MiderWong5ddop/sidie88f that referenced this issue Oct 7, 2022
@MiderWong5ddop
image/tiff: do not allow zero bits per sample
1cab777 
Fuzzing detected a divide by zero in images with 0 bits
per sample. Instead of panicing, return an error. Do more
validation of bits per sample so that the package only
supports what we've actually tested.

Fixes golang/go#10711.

Change-Id: Ib41b5cd798c32b06429164c9bc471f5f321d88c5
Reviewed-on: https://go-review.googlesource.com/10943
Reviewed-by: Benny Siegert <bsiegert@gmail.com>
Reviewed-by: Nigel Tao <nigeltao@golang.org>
rorypeckwnt4v added a commit to rorypeckwnt4v/LearnByBhanuPrataph that referenced this issue Oct 7, 2022
@rorypeckwnt4v
image/tiff: do not allow zero bits per sample
b75efa8 
Fuzzing detected a divide by zero in images with 0 bits
per sample. Instead of panicing, return an error. Do more
validation of bits per sample so that the package only
supports what we've actually tested.

Fixes golang/go#10711.

Change-Id: Ib41b5cd798c32b06429164c9bc471f5f321d88c5
Reviewed-on: https://go-review.googlesource.com/10943
Reviewed-by: Benny Siegert <bsiegert@gmail.com>
Reviewed-by: Nigel Tao <nigeltao@golang.org>
egorovcharenko9 added a commit to egorovcharenko9/RiceBIOC470z that referenced this issue Oct 7, 2022
@egorovcharenko9
image/tiff: do not allow zero bits per sample
4d38974 
Fuzzing detected a divide by zero in images with 0 bits
per sample. Instead of panicing, return an error. Do more
validation of bits per sample so that the package only
supports what we've actually tested.

Fixes golang/go#10711.

Change-Id: Ib41b5cd798c32b06429164c9bc471f5f321d88c5
Reviewed-on: https://go-review.googlesource.com/10943
Reviewed-by: Benny Siegert <bsiegert@gmail.com>
Reviewed-by: Nigel Tao <nigeltao@golang.org>
RafayGhafoorf added a commit to RafayGhafoorf/dustinsand8 that referenced this issue Oct 7, 2022
@RafayGhafoorf
image/tiff: do not allow zero bits per sample
2493109 
Fuzzing detected a divide by zero in images with 0 bits
per sample. Instead of panicing, return an error. Do more
validation of bits per sample so that the package only
supports what we've actually tested.

Fixes golang/go#10711.

Change-Id: Ib41b5cd798c32b06429164c9bc471f5f321d88c5
Reviewed-on: https://go-review.googlesource.com/10943
Reviewed-by: Benny Siegert <bsiegert@gmail.com>
Reviewed-by: Nigel Tao <nigeltao@golang.org>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
4 participants
@dvyukov @ianlancetaylor @nigeltao @gopherbot