2011.10.19 21:20 "[Tiff] Possible bug in tiffsplit and patch proposal", by Christophe Deroulers

2011.10.22 17:11 "Re: [Tiff] Possible bug in tiffsplit and patch proposal", by Bob Friesenhahn

    Dear all,

According to the most recent documentation, when getting the field JPEGTables (TIFFTAG_JPEGTABLES) with function TIFFGetField, the returned "count" is a uint32 -- see e.g. http://libtiff.maptools.org/man/TIFFGetField.3tiff.html. However, in the versions of the tool "tiffsplit" provided with tiff-3.9.5 and tiff-4.0.0beta7, a pointer to a uint16 is passed to TIFFGetField, which is IMHO wrong and may lead to some overwriting of another variable or memory zone. If this is right, here is a patch proposal to the two versions of tiffsplit:

Thanks for noticing this issue and supplying a patch. I have applied your patch to libtiff CVS.

Bob
--
Bob Friesenhahn
bfriesen@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/