AWARE [SYSTEMS] Imaging expertise for the Delphi developer
AWare Systems, Imaging expertise for the Delphi developer, Home TIFF and LibTiff Mailing List Archive

LibTiff Mailing List

TIFF and LibTiff Mailing List Archive
August 2017

Previous Thread
Next Thread

Previous by Thread
Next by Thread

Previous by Date
Next by Date

Contact

The TIFF Mailing List Homepage
This list is run by Frank Warmerdam
Archive maintained by AWare Systems



Valid HTML 4.01!



Thread

2017.08.02 15:00 "Error handling in Read/Write/Seek", by Nicolas Ruff
2017.08.02 15:26 "Re: Error handling in Read/Write/Seek", by Bob Friesenhahn
2017.08.03 15:04 "Re: Error handling in Read/Write/Seek", by Nicolas Ruff
2017.08.03 15:23 "Re: Error handling in Read/Write/Seek", by Bob Friesenhahn
2017.08.04 15:27 "Re: Error handling in Read/Write/Seek", by Even Rouault
2017.08.07 15:53 "Re: Error handling in Read/Write/Seek", by Nicolas Ruff
2017.09.06 07:48 "Re: Error handling in Read/Write/Seek", by Nicolas Ruff
2017.09.06 10:32 "Re: Error handling in Read/Write/Seek", by Even Rouault
2017.09.06 13:16 "Re: Error handling in Read/Write/Seek", by Nicolas Ruff
2017.09.07 14:06 "Re: Error handling in Read/Write/Seek", by Even Rouault
2017.09.08 07:50 "Re: Error handling in Read/Write/Seek", by Nicolas Ruff

2017.09.08 07:50 "Re: Error handling in Read/Write/Seek", by Nicolas Ruff

Awesome, thank you!

I'll resume fuzzing and keep you posted.


2017-09-07 16:06 GMT+02:00 Even Rouault <even.rouault@spatialys.com>:
> Hi,
>
>
>
>> So the proper patch should be:
>
>>
>
>> - (TIFFSeekFile((tif),(off),SEEK_SET)==(off))
>
>> + (((int64)(off) >= 0) && TIFFSeekFile((tif),(off),SEEK_SET)==(off))
>
>>
>
>
>
> I've applied a variation of your proposal, which avoids some compiler
> warning when off is of type uint32 (then a cast to int64 always result in a
>>= 0 value), which avoids undefined behaviour when casting a too large
> uint64 to int64 and which avoids the (existing) issue if off where the
> result of a function with a side effect.
>
>
>
>
>
> Index: libtiff/tif_aux.c
>
> ===================================================================
>
> RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_aux.c,v
>
> retrieving revision 1.29
>
> diff -u -r1.29 tif_aux.c
>
> --- libtiff/tif_aux.c 11 Nov 2016 20:45:53 -0000 1.29
>
> +++ libtiff/tif_aux.c 7 Sep 2017 14:00:39 -0000
>
> @@ -359,6 +359,13 @@
>
> }
>
> }
>
> +int _TIFFSeekOK(TIFF* tif, toff_t off)
>
> +{
>
> + /* Huge offsets, expecially -1 / UINT64_MAX, can cause issues */
>
> + /* See http://bugzilla.maptools.org/show_bug.cgi?id=2726 */
>
> + return off <= (~(uint64)0)/2 && TIFFSeekFile(tif,off,SEEK_SET)==off;
>
> +}
>
> +
>
> /* vim: set ts=8 sts=8 sw=8 noet: */
>
> /*
>
> * Local Variables:
>
> Index: libtiff/tiffiop.h
>
> ===================================================================
>
> RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tiffiop.h,v
>
> retrieving revision 1.94
>
> diff -u -r1.94 tiffiop.h
>
> --- libtiff/tiffiop.h 4 Jul 2017 13:28:42 -0000 1.94
>
> +++ libtiff/tiffiop.h 7 Sep 2017 14:00:39 -0000
>
> @@ -238,8 +238,7 @@
>
> (TIFFReadFile((tif),(buf),(size))==(size))
>
> #endif
>
> #ifndef SeekOK
>
> -#define SeekOK(tif, off) \
>
> - (TIFFSeekFile((tif),(off),SEEK_SET)==(off))
>
> +#define SeekOK(tif, off) _TIFFSeekOK(tif, off)
>
> #endif
>
> #ifndef WriteOK
>
> #define WriteOK(tif, buf, size) \
>
> @@ -384,6 +383,7 @@
>
> _TIFFReadTileAndAllocBuffer(TIFF* tif,
>
> void **buf, tmsize_t bufsizetoalloc,
>
> uint32 x, uint32 y, uint32 z, uint16 s);
>
> +extern int _TIFFSeekOK(TIFF* tif, toff_t off);
>
> extern int TIFFInitDumpMode(TIFF*, int);
>
> #ifdef PACKBITS_SUPPORT
>
>
>
>
>
> Even
>
>
>
> --
>
> Spatialys - Geospatial professional services
>
> http://www.spatialys.com