LibTiff Mailing List
TIFF and LibTiff Mailing List Archive
June 2010
Previous Thread
Next Thread
Previous by Thread
Next by Thread
Previous by Date
Next by Date
Contact
The TIFF Mailing List Homepage
This list is run by Frank Warmerdam
Archive maintained by AWare Systems
Thread
2010.06.25 12:27 "Re: Use of uninitialised value in tiled jpeg tiff", by Andrey Kiselev
On Wed, Jun 23, 2010 at 01:11:39PM +0100, jcupitt@gmail.com wrote: > I noticed a small problem in libtiff-3.9.2 with tiled jpeg images. If > the image to be written is smaller than a tile, the jpeg compressor > appears to read beyond the end of the available data. > > For example: > > $ tiffinfo tiny.tif > TIFF Directory at offset 0x9008 (36872) > Image Width: 128 Image Length: 96 > Resolution: 1.25, 1.25 pixels/cm > Bits/Sample: 8 > Compression Scheme: None > Photometric Interpretation: RGB color > Orientation: row 0 top, col 0 lhs > Samples/Pixel: 3 > Rows/Strip: 16 > Planar Configuration: single image plane > $ valgrind tiffcp -t -c jpeg tiny.tif test.tif > ==2872== Use of uninitialised value of size 8 > ==2872== at 0x50987B8: rgb_ycc_convert (jccolor.c:159) > ==2872== by 0x50977B3: pre_process_data (jcprepct.c:145) > ==2872== by 0x509730D: process_data_simple_main (jcmainct.c:122) > ==2872== by 0x5093F1B: jpeg_write_scanlines (jcapistd.c:108) > ==2872== by 0x4E4EE0B: ??? (in /usr/lib/libtiff.so.4.3.2) > ==2872== by 0x4E4EE9B: ??? (in /usr/lib/libtiff.so.4.3.2) > ==2872== by 0x4E66111: TIFFWriteEncodedTile (in /usr/lib/libtiff.so.4.3.2) > ==2872== by 0x40508B: ??? (in /usr/bin/tiffcp) > ==2872== by 0x4041AD: ??? (in /usr/bin/tiffcp) > ==2872== by 0x404420: ??? (in /usr/bin/tiffcp) > ==2872== by 0x40340D: ??? (in /usr/bin/tiffcp) > ==2872== by 0x576CC4C: (below main) (libc-start.c:226) This happens not only for JPEG case, but for any conversion when output tile is larger than the image size. I have checked in the code to initialize the allocated buffers (memset to 0) in tiffcp, that should fix the issue. -- Andrey V. Kiselev