LibTiff Mailing List
TIFF and LibTiff Mailing List Archive
August 2007
Previous Thread
Next Thread
Previous by Thread
Next by Thread
Previous by Date
Next by Date
Contact
The TIFF Mailing List Homepage
This list is run by Frank Warmerdam
Archive maintained by AWare Systems
2007.08.13 10:40 "bug in 3.8.2", by <jcupitt@gmail.com>
Hi,
I've found a bug in libtiff 3.8.2 with files over 2GB, if anyone
cares. Will there be another 3.x release? In case there is one
planned, it's in TIFFFetchData(), in tif_dirread.c, around line 986.
This has:
if ((tsize_t)dir->tdir_offset + cc < (tsize_t)dir->tdir_offset
|| (tsize_t)dir->tdir_offset + cc < cc
|| (tsize_t)dir->tdir_offset + cc > (tsize_t)tif->tif_size)
goto bad;
The 3rd sanity check will break for memory mapped files over 2GB,
since casting tif_size to tsize_t (which is int32) will produce a
negative number. The first and second tests will break for directories
which occur after the 2GB watershed, since again tdir_offset will
become negative.
I changed these tests to be:
if (dir->tdir_offset + (toff_t)cc < dir->tdir_offset)
goto bad;
if (dir->tdir_offset + (toff_t)cc < (toff_t)cc)
goto bad;
if (dir->tdir_offset + (toff_t)cc > tif->tif_size)
goto bad;
since toff_t is a uint32. With this change I can successfully read and
write 3GB multipage TIFF files.
tiff-4.0-alpha seems to work OK.
John