2008.08.29 22:53 "[Tiff] Some security fixes from RHEL", by Even Rouault

2008.09.01 18:19 "Re: [Tiff] Some security fixes from RHEL", by Rogier Wolff

On Mon, Sep 01, 2008 at 10:40:59AM -0500, Bob Friesenhahn wrote:

Your generated problem file causes a proper response here:

For the rest: I wrote a small test-suite that will take a tiff file (from a set), corrupt a set of bytes, and then try to convert it using "convert" from imagemagick. The detection of when things went wrong is not yet very sofisticated. I haven't decided yet what's wrong and what isn't. Some work may be required there.

Anyway, the posted "package" still "awaits moderator approval", because apparently it's too big.

Maybe it's better if I just post it online:

        http://prive.bitwizard.nl/htdocs/tifftest.tgz

My guess is that running it will give you some corner cases within the hour. Debugging those should take about an hour each. And fixing it once found less than 20 minutes. All in all, the most important ones can be found and fixed in two or three days full-time work. (say a weekend for someone who is not paid to work on open source software).

        Roger.

--

** R.E.Wolff@BitWizard.nl ** http://www.BitWizard.nl/ ** +31-15-2600998 **
**    Delftechpark 26 2628 XH  Delft, The Netherlands. KVK: 27239233    **

*-- BitWizard writes Linux device drivers for any device you may have! --*
Q: It doesn't work. A: Look buddy, doesn't work is an ambiguous statement.
Does it sit on the couch all day? Is it unemployed? Please be specific!
Define 'it' and what it isn't doing. --------- Adapted from lxrbot FAQ