2011.10.22 17:11 "Re: [Tiff] Possible bug in tiffsplit and patch proposal", by Bob Friesenhahn
According to the most recent documentation, when getting the field JPEGTables (TIFFTAG_JPEGTABLES) with function TIFFGetField, the returned "count" is a uint32 -- see e.g. http://libtiff.maptools.org/man/TIFFGetField.3tiff.html. However, in the versions of the tool "tiffsplit" provided with tiff-3.9.5 and tiff-4.0.0beta7, a pointer to a uint16 is passed to TIFFGetField, which is IMHO wrong and may lead to some overwriting of another variable or memory zone. If this is right, here is a patch proposal to the two versions of tiffsplit:
Thanks for noticing this issue and supplying a patch. I have applied your patch to libtiff CVS.
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/