2008.09.18 06:40 "[Tiff] tiff2pdf: t2p_read_tiff_size allocates length * width bytes processing jpeg compressed input images", by Burkhard_Schölpen


I think there is a bug in tiff2pdf.c (at least versions 3.7.2 to 3.8.2).

  Processing jpeg compressed input tiff files with the dimension of
length * width pixels, a buffer of length * width bytes is allocated in
memory, because t2p_read_tiff_size is set to this value. I think there
is a return statement missing in the function t2p_read_tiff_size (at the
end of the #ifdef JPEG_SUPPORT section), because otherwise the buffer
size is set to a fixed value (t2p->tiff_datasize=TIFFScanlineSize(input)
* t2p->tiff_length) which is absolutely different from the size
calculated a few lines of code above.

Additionally it would be a convenient feature, if the input image would

not be placed in memory as a whole, because this is a waste of memory,

which is actually not necessary and obviously leads to crashes if length

* width is bigger than the available amount of RAM. I think the jpeg
stripes could be processed by and by without holding the rest of the
image in memory.

Burkhard Schölpen

This E-mail is solely intended for the addressed person or organization and contains confidential and/or legally protected information. If you are not the right addressee or if you received this E-mail by mistake, please inform the addresser by return and delete this E-mail. The illegal copying as well as the unauthorized transmission of this E-mail is not permitted.

Conventional E-mails are not protected against the access by a third party and therefore, the confidentiality is also possibly not preserved. Hence, we are not liable for the intactness of E-mails after they left our domain.

This nonliability is only valid as far as legally permissible.

Sitz der Gesellschaft:
Registergericht Montabaur
HRB 5580

Johannes Roth
Gerhard Baecker