2010.03.16 17:38 "[Tiff] Heap corruption reading ICC profiles under windows", by Dan Pidcock

2010.03.16 18:24 "Re: [Tiff] Heap corruption reading ICC profiles under windows", by Olivier Paquet

On Tue, Mar 16, 2010 at 1:38 PM, Dan Pidcock <dan.pidcock@googlemail.com> wrote:

When I use tiff lib under windows to read a TIFF that has an embedded ICC profile (created by Adobe Photoshop CS3) I am seeing heap corruption in when calling for the custom tag. Is this a  TIFFFreeDirectory _TIFFfree known issue or some problem with my configuration that I need to sort out? I have tried 3.8.2 and 4.0.0beta5 versions of tiff lib.

I built tiff lib using nmake after modifying the file to comment  nmake.opt out USE_WIN_CRT_LIB = 1.

The code I am using to test is:

    TIFF* tif = TIFFOpen(argv[1], "r");

>     if (tif) {
>         unsigned long profileSize;
>         unsigned char *rawIccProfile = NULL;
>         if (TIFFGetField (tif, TIFFTAG_ICCPROFILE, &profileSize,

&rawIccProfile))

>             _TIFFfree(rawIccProfile);
>         TIFFClose(tif);
>     }

which is fundamentally the same as that used at  http://www.littlecms.com/tiffemb.c and  http://www.freecolormanagement.com/download/tiff_icc.diff

Any ideas gratefully received,

I don't think you need to free the pointer returned by TIFFGetField. That second reference you linked doesn't as far as I can see. The first one is probably broken. The pointer you get points to libtiff's internal copy of the directory. This is why libtiff fails when trying to clean up and free the memory you've already released yourself.

This also means you must make your own copy of the data if you're going to need it beyond TIFFClose (or any directory change for that matter).

Olivier