2015.11.14 13:19 "[Tiff] ColorMap and high bit depth", by Even Rouault

2015.11.14 15:11 "Re: [Tiff] ColorMap and high bit depth", by Olivier Paquet

2015-11-14 9:33 GMT-05:00 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>:

The colormap is not compressed so the best defense against DOS is to check that the file has provided the backing data for the colormap before making the memory allocation. It is easy to declare a 1.6 GB colormap, but much more difficult to supply it.

This seems like something which could be done as a general precaution for all reads. It would be fairly simple to check against the file size in TIFFReadDirEntryArray() before doing any large allocation. I'd avoid doing it for small arrays as there might be some overhead from the extra seek to the end of the file.

On the other hand, this is a largely theoretical problem as all you'll be grabbing on modern operating systems is address space. No physical memory is used up until the data is read.

Olivier