Bug 2822 – read error while using certain tiff

Bug 2822 - read error while using certain tiff

Summary:

read error while using certain tiff

Status:	RESOLVED LATER

Product:	libtiff
Component:	default
Version:	unspecified
Platform:	PC MacOS X

Importance:	P2 enhancement
Target Milestone:	---
Assigned To:	Frank Warmerdam

URL:
Whiteboard:
Keywords:	migrated_to_gitlab

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2018-11-02 22:13 by Jiyuan Wang
Modified:	2019-10-01 14:21 (History)

Attachments
crash seed (29.67 KB, application/octet-stream) 2018-11-02 22:15, Jiyuan Wang	Details
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description From Jiyuan Wang 2018-11-02 22:13:45

With certain tiff file, ./tools/tiffdump will read error accessing tag 0 value.
The default information as follow:
Magic: 0x4d4d <big-endian> Version: 0x2b <BigTIFF>
OffsetSize: 0x3155 Unused: 0x3455
Directory 0: offset 18 (0x12) next 0 (0)
52479 (0xccff) 65280 (0xff00) 39138215902314496< ...>
65535 (0xffff) 65280 (0xff00) 0<>
2560 (0xa00) 0 (0) 0<>
0 (0) 0 (0) 0<>
58368 (0xe400) 0 (0) 0<>
0 (0) 0 (0) 369098752< ...>
32 (0x20) 0 (0) 0<>
2560 (0xa00) 0 (0) 10<>
65535 (0xffff) 1280 (0x500) 19421773393035264< ...>
0 (0) 0 (0) 0<>
0 (0) 0 (0) 0<>
0 (0) 1024 (0x400) 72057044265336832< ...>
8704 (0x2200) 0 (0) 281384782397440< ...>
0 (0) 62463 (0xf3ff) 12157666572173312< ...>
1536 (0x600) 0 (0) 879830761216< ...>
0 (0) 0 (0) 0<>
0 (0) 0 (0) 0<>
0 (0) 0 (0) 0<>
65535 (0xffff) 65280 (0xff00) 0<>
0 (0) 0 (0) 255< ...>
0 (0) 0 (0) 16711424< ...>
0 (0) 0 (0) 2130706432< ...>
0 (0) 0 (0) 0<>
65535 (0xffff) 65535 (0xffff) 18446744073709551615< ...>
65535 (0xffff) 65535 (0xffff) 18446744073707651071< ...>
65535 (0xffff) 65535 (0xffff) 18446744073709551615< ...>
65535 (0xffff) 65535 (0xffff) 18446744073709551615< ...>
65535 (0xffff) 65535 (0xffff) 18446744073709551615< ...>
65535 (0xffff) 65535 (0xffff) 18446744073709551615< ...>
1000 (0x3e8) 65535 (0xffff) 18444492273895866367< ...>
65535 (0xffff) 65535 (0xffff) 18446744073709551615< ...>
65535 (0xffff) 65535 (0xffff) 18446744071562067967< ...>
65535 (0xffff) 65535 (0xffff) 18446744073709551615< ...>
65535 (0xffff) 65535 (0xffff) 18446744073709551615< ...>
65535 (0xffff) 65535 (0xffff) 18446744073709551615< ...>
65535 (0xffff) 65535 (0xffff) 18446744073709551615< ...>
65535 (0xffff) 65535 (0xffff) 18446603335751434239< ...>
65535 (0xffff) 65535 (0xffff) 18446744073709551615< ...>
65535 (0xffff) 65535 (0xffff) 18446744073693822976< ...>
52479 (0xccff) 65280 (0xff00) 71915757052559104< ...>
64512 (0xfc00) 0 (0) 283673999966240< ...>
0 (0) 89 (0x59) 111769813249< ...>
20780 (0x512c) 12224 (0x2fc0) 10451104334090338303< ...>
58487 (0xe477) 20320 (0x4f60) 675857382075017015< ...>
43094 (0xa856) 27655 (0x6c07) 14650544835858824271< ...>
1 (0x1) 0 (0) 11260111465021613< ...>
2 (0x2) 0 (0) 4299161859< ...>
../../libtiff_tifftump
crashes/id:000001,sig:06,src:000696+000579,op:splice,rep:16: Read error
accessing tag 261 value.

------- Comment #1 From Jiyuan Wang 2018-11-02 22:15:11 -------

Created an attachment (id=874) [details]
crash seed

------- Comment #2 From Jiyuan Wang 2018-11-02 22:16:09 -------

libtiff 4.0.9

------- Comment #3 From Thomas Bernard 2019-02-13 04:37:47 -------

what is the expected behavior ?

------- Comment #4 From Even Rouault 2019-10-01 14:21:24 -------

Bugzilla is no longer used for tracking libtiff issues. Remaining open tickets,
such as this one, have been migrated to the libtiff GitLab instance at
https://gitlab.com/libtiff/libtiff/issues .

The migrated tickets have their summary prefixed with [BZ#XXXX] where XXXX is
the initial Bugzilla issue number.