2001.06.15 18:21 "libefence crashes?", by Arnar Mar Hrafnkelsson

2001.06.15 18:21 "libefence crashes?", by Arnar Mar Hrafnkelsson

This is using libtiff 3.5.5

I had a little problem reading a fax image in my program when I linked with efence. A stack backtrace follows:

#0 0x401e3f9d in _TIFFFax3fillruns (buf=0x4083bf28 'ÿ' <repeats 200
times>..., runs=0x4083d4f8, erun=0x4083d500, lastx=1728)
    at ../libtiff/tif_fax3.c:450
450 cp[0] |= _fillmasks[run]>>bx;
(gdb) bt
#0 0x401e3f9d in _TIFFFax3fillruns (buf=0x4083bf28 'ÿ' <repeats 200
times>..., runs=0x4083d4f8, erun=0x4083d500, lastx=1728)
    at ../libtiff/tif_fax3.c:450
#1 0x401e2c50 in Fax3Decode1D (tif=0x4049add0, buf=0x4083bf28 'ÿ'
<repeats 200 times>..., occ=216, s=0) at ../libtiff/tif_fax3.c:245
#2 0x401f3da9 in TIFFReadEncodedStrip (tif=0x4049add0, strip=0,
buf=0x4083a0c8, size=7992) at ../libtiff/tif_read.c:145
#3 0x401e8307 in gtStripContig (img=0xbffff498, raster=0x407f4900,
w=1728, h=37) at ../libtiff/tif_getimage.c:588
#4 0x401e7c15 in TIFFRGBAImageGet (img=0xbffff498, raster=0x407f4900,
w=1728, h=37) at ../libtiff/tif_getimage.c:369
#5 0x401ecf4c in TIFFReadRGBAStrip (tif=0x4049add0, row=0,
raster=0x407f4900) at ../libtiff/tif_getimage.c:1932
#6 0x401c76e1 in i_readtiff_wiol () from
/u02/Imager-next/devel/blib/arch/auto/Imager/Imager.so
#7 0x401ac90a in XS_Imager_i_readtiff_wiol () from
/u02/Imager-next/devel/blib/arch/auto/Imager/Imager.so
#8 0x80894d8 in Perl_pp_entersub ()
#9 0x80b498d in Perl_runops_standard ()
#10 0x8059338 in perl_run ()
#11 0x80577e1 in main ()
#12 0x400689cb in __libc_start_main (main=0x8057770 <main>, argc=4,
argv=0xbffffaf4, init=0x8056a94 <_init>, fini=0x80b4a2c <_fini>,
    rtld_fini=0x4000ae60 <_dl_fini>, stack_end=0xbffffaec) at
../sysdeps/generic/libc-start.c:92

It crashes at line 450 in libtiff/tif_fax3.c. It seems to involve some of those variables that purify (as the comment in the file talks about) complains about. The comment about purify says the code is harmless. Is this a real bounds problem or is something else going wrong? This was using ElectricFence-2.2.2.

-- Arnar.