- 2018.04.09 08:05 "Re: [Tiff] fuzzing libtiff with google's oss-fuzz", by Nicolas RUFF
- 2018.04.09 11:57 "Re: [Tiff] fuzzing libtiff with google's oss-fuzz", by Even Rouault
- 2018.04.15 14:34 "Re: [Tiff] fuzzing libtiff with google's oss-fuzz", by Even Rouault
2018.04.09 09:48 "Re: [Tiff] fuzzing libtiff with google's oss-fuzz", by Paavo Helde
On 9.04.2018 11:05, Nicolas RUFF wrote:
I don't think we reached a definitive conclusion at that time. The thread ended with those famous last words:
"And yes, these are the customers having 20 GB TIFF files (has happened) and 10 GB strips (will happen soon). There is no "sane" limit."
I kind of disagree (libtiff would crash on 32-bit systems while trying to malloc(10GB)), but I ended up fuzzing libtiff privately.
This is very fine and understandable if 32-bit libTIFF fails when reading a TIFF file with strips larger than e.g. 1GB. On the other hand, current major desktop OS-es are all 64-bit and for example our software (which also uses LibTIFF) has been used in 64-bit only for over 10 years already.
Recently I got a bug report from a customer who was having troubles with a TIFF file containing a 40960x38912 pixel image frame (24bpp RGB originating from Hamamatsu Nanozoomer Slidescanner ). Helpfully, this was encoded just as a single strip! This makes the unpacked single strip allocation 4.5 GB. Actually our software was able to read it in fine via LibTIFF, just the display part had problems.
Cheers
Paavo