2004.10.17 15:42 "[Tiff] libtiff 3.7.0 dumps core while writing photoshop tag", by Bob Friesenhahn

2004.10.17 15:42 "[Tiff] libtiff 3.7.0 dumps core while writing photoshop tag", by Bob Friesenhahn

During the libtiff 3.7 development cycle it was noted that TIFFWriteDirectory() causes a core dump while writing the photoshop tag. The problem is noticed with GraphicsMagick and has been replicated with three major GraphicsMagick release branches (which use substantially different tiff support code). This problem is still evident with the 3.7.0 release.

It appears likely that the stack is becoming corrupted since a debug backtrace shows that a stack value (filename pointer) has been altered.

(gdb) bt
#0  0x00000208 in ?? ()
#1  0x282beb7f in TIFFWriteDirectory (tif=0x828e400)
     at /home/bfriesen/src/graphics/libtiff/libtiff/tif_dirwrite.c:401
#2  0x081a99dc in WriteTIFFImage (image_info=0x82fb000, image=0x82fe000)
     at /home/bfriesen/src/graphics/GraphicsMagick-head/coders/tiff.c:2497
#3  0x080866db in GmWriteImage (image_info=0x82ba000, image=0x82fe000)
     at /home/bfriesen/src/graphics/GraphicsMagick-head/magick/constitute.c:4262
#4  0x08086a90 in GmWriteImages (image_info=0x82ba000, image=0x82fe000,
     filename=0x1 <Address 0x1 out of bounds>, exception=0xbfbfec7c)
     at /home/bfriesen/src/graphics/GraphicsMagick-head/magick/constitute.c:4370
#5  0x0805eae9 in GmConvertImageCommand (image_info=0x82ba000, argc=3,
     argv=0x82be000, metadata=0x0, exception=0xbfbfec7c)
     at /home/bfriesen/src/graphics/GraphicsMagick-head/magick/command.c:4649
#6  0x08065590 in GmMagickCommand (image_info=0x82ba000, argc=3,
     argv=0xbfbff4f0, metadata=0xbfbfec78, exception=0xbfbfec7c)
     at /home/bfriesen/src/graphics/GraphicsMagick-head/magick/command.c:7216
#7  0x08050569 in main (argc=3, argv=0xbfbff4f0)
     at /home/bfriesen/src/graphics/GraphicsMagick-head/utilities/gm.c:150
#8  0x08050365 in _start ()

The problem is evident under Solaris (SPARC) and FreeBSD (Intel Pentinum IV) using GCC 3.4.2, and under FreeBSD using GCC 3.2.1. Libtiff 3.6.1 worked fine in these environments.

Interestingly, the problem does not occur under Linux using GCC 3.3.3 and GraphicsMagick valgrinds clean with libtiff 3.7.0 during the conversion operation.

Since GraphicsMagick preserves the Photoshop tag when converting TIFF files, this problem makes libtiff 3.7.0 useless for use with GraphicsMagick (except for maybe under Linux).

Bob

======================================
Bob Friesenhahn
bfriesen@simple.dallas.tx.us
http://www.simplesystems.org/users/bfriesen