2004.10.14 07:58 "[Tiff] WIN32 _TIFFrealloc() bug?", by Ville Herva

2004.10.15 21:47 "Re: [Tiff] WIN32 _TIFFrealloc() bug?", by Ville Herva

In CVS the _TIFFRealloc implementation in tif_win32.c has been changed to the following as others have reported the same issue.


I imagine this new implementation is in the latest libtiff 3.7.0 beta as well, which I would encourage you to try out. There are a number of known (and fixed) issues with the libtiff 3.6.1 and earlier releases.

I know. Are the Chris Evans' newest findings (http://scary.beasts.org/security/CESA-2004-006.txt) already fixed in the beta?

_TIFFrealloc(tdata_t p, tsize_t s)
         void* pvTmp;
         tsize_t old;

         if(p == NULL)
                 return ((tdata_t)GlobalAlloc(GMEM_FIXED, s));

Yeah, that seems sane.

