- 2017.05.22 13:25 "Re: [Tiff] Libtiff 4.0.8 released", by PSIRT
-
2017.05.24 18:38 "Re: [Tiff] Sporadic crash on Windows when appending images to TIFF file", by Dinesh Iyer
- 2017.05.24 15:42 "[Tiff] Sporadic crash on Windows when appending images to TIFF file", by Dinesh Iyer
- 2017.05.24 19:19 "Re: [Tiff] Sporadic crash on Windows when appending images to TIFF file", by Bob Friesenhahn
-
2017.07.04 11:04 "[Tiff] A bug in libtiff error/warning handling", by Paavo Helde
-
2017.07.04 11:30 "Re: [Tiff] A bug in libtiff error/warning handling", by Even Rouault
- 2017.07.04 12:20 "Re: [Tiff] A bug in libtiff error/warning handling", by
-
2017.07.04 12:30 "Re: [Tiff] A bug in libtiff error/warning handling", by Paavo Helde
-
2017.07.04 18:38 "Re: [Tiff] A bug in libtiff error/warning handling", by Bob Friesenhahn
- 2017.07.04 19:31 "Re: [Tiff] A bug in libtiff error/warning handling", by Paavo Helde
- 2017.07.05 12:12 "Re: [Tiff] A bug in libtiff error/warning handling", by Edward Lam
-
2017.07.04 18:38 "Re: [Tiff] A bug in libtiff error/warning handling", by Bob Friesenhahn
-
2017.07.04 11:30 "Re: [Tiff] A bug in libtiff error/warning handling", by Even Rouault
2017.07.04 11:04 "[Tiff] A bug in libtiff error/warning handling", by Paavo Helde
Hi,
I would like to report what I think is a bug in libtiff error and warning handling. There are two error handlers which can be installed (via TIFFSetErrorHandler and TIFFSetErrorHandlerExt) and which are called with a va_list. However, if both handlers are installed they will both iterate through the same va_list without reinitialization which is not allowed (seems to crash randomly with gcc on Linux, for example). I believe it should be the task of libtiff to reinitialize va_list between the calls. Ditto for warnings.
A patch file is attached, hopefully in a usable format.
Cheers
Paavo
Index: tif_warning.c
===================================================================
--- tif_warning.c (revision 120569)
+++ tif_warning.c (working copy)
@@ -51,12 +51,16 @@
TIFFWarning(const char* module, const char* fmt, ...)
{
va_list ap;
- va_start(ap, fmt);
- if (_TIFFwarningHandler)
+ if (_TIFFwarningHandler) {
+ va_start(ap, fmt);
(*_TIFFwarningHandler)(module, fmt, ap);
- if (_TIFFwarningHandlerExt)
+ va_end(ap);
+ }
+ if (_TIFFwarningHandlerExt) {
+ va_start(ap, fmt);
(*_TIFFwarningHandlerExt)(0, module, fmt, ap);
- va_end(ap);
+ va_end(ap);
+ }
}
void
@@ -63,12 +67,16 @@
TIFFWarningExt(thandle_t fd, const char* module, const char* fmt, ...)
{
va_list ap;
- va_start(ap, fmt);
- if (_TIFFwarningHandler)
+ if (_TIFFwarningHandler) {
+ va_start(ap, fmt);
(*_TIFFwarningHandler)(module, fmt, ap);
- if (_TIFFwarningHandlerExt)
+ va_end(ap);
+ }
+ if (_TIFFwarningHandlerExt) {
+ va_start(ap, fmt);
(*_TIFFwarningHandlerExt)(fd, module, fmt, ap);
- va_end(ap);
+ va_end(ap);
+ }
}
Index: tif_error.c
===================================================================
--- tif_error.c (revision 120569)
+++ tif_error.c (working copy)
@@ -51,12 +51,16 @@
TIFFError(const char* module, const char* fmt, ...)
{
va_list ap;
- va_start(ap, fmt);
- if (_TIFFerrorHandler)
+ if (_TIFFerrorHandler) {
+ va_start(ap, fmt);
(*_TIFFerrorHandler)(module, fmt, ap);
- if (_TIFFerrorHandlerExt)
+ va_end(ap);
+ }
+ if (_TIFFerrorHandlerExt) {
+ va_start(ap, fmt);
(*_TIFFerrorHandlerExt)(0, module, fmt, ap);
- va_end(ap);
+ va_end(ap);
+ }
}
void
@@ -63,12 +67,16 @@
TIFFErrorExt(thandle_t fd, const char* module, const char* fmt, ...)
{
va_list ap;
- va_start(ap, fmt);
- if (_TIFFerrorHandler)
+ if (_TIFFerrorHandler) {
+ va_start(ap, fmt);
(*_TIFFerrorHandler)(module, fmt, ap);
- if (_TIFFerrorHandlerExt)
+ va_end(ap);
+ }
+ if (_TIFFerrorHandlerExt) {
+ va_start(ap, fmt);
(*_TIFFerrorHandlerExt)(fd, module, fmt, ap);
- va_end(ap);
+ va_end(ap);
+ }
}
/*