x/image/tiff: slice bounds out of range (original) (raw)

The following program crashes as:

panic: runtime error: slice bounds out of range
goroutine 1 [running]:
golang.org/x/image/tiff.(*decoder).ifdUint(0xc208072000, 0xc20801a0e4, 0xc, 0x3c, 0xc208074000, 0xc0000001, 0xc0000001, 0x0, 0x0)
    /ssd/src/gopath/src/golang.org/x/image/tiff/reader.go:98 +0x5e7
golang.org/x/image/tiff.(*decoder).parseIFD(0xc208072000, 0xc20801a0e4, 0xc, 0x3c, 0x0, 0x0)
    /ssd/src/gopath/src/golang.org/x/image/tiff/reader.go:125 +0x122
golang.org/x/image/tiff.newDecoder(0x7fdfb9016260, 0xc20800e440, 0x0, 0x0, 0x0)
    /ssd/src/gopath/src/golang.org/x/image/tiff/reader.go:415 +0x6d7
golang.org/x/image/tiff.Decode(0x7fdfb9016260, 0xc20800e440, 0x0, 0x0, 0x0, 0x0)
    /ssd/src/gopath/src/golang.org/x/image/tiff/reader.go:517 +0x6b
main.main()
    /tmp/tiff.go:9 +0xa6

package main

import ( "strings" "golang.org/x/image/tiff" )

func main() { tiff.Decode(strings.NewReader(data)) }

var data = "II*\x00\xc8\x03\x00\x00000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000\f\x000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000000000" + "00000000000000\x17\x01\x04\x00\x01\x00" + "\x00\xc0000000000000000000" + "00000000000000000000" + "00000000000000000000" + "000000"

on commit b2f48f3f517c959ebf11245aa7bf39b127497e9c