AWARE [SYSTEMS]
AWare Systems, , Home TIFF and LibTiff Mailing List Archive

LibTiff Mailing List

TIFF and LibTiff Mailing List Archive
December 2018

Previous Thread
Next Thread

Previous by Thread
Next by Thread

Previous by Date
Next by Date

Contact

The TIFF Mailing List Homepage
Archive maintained by AWare Systems



New Datamatrix section



Valid HTML 4.01!



Thread

2018.12.08 20:43 "Zlib inflate recovery action required?", by Bob Friesenhahn
2018.12.08 21:14 "Re: Zlib inflate recovery action required?", by Bob Friesenhahn
2018.12.08 21:22 "Re: Zlib inflate recovery action required?", by Olivier Paquet
2018.12.08 21:29 "Re: Zlib inflate recovery action required?", by Even Rouault
2018.12.08 21:42 "Re: Zlib inflate recovery action required?", by Bob Friesenhahn
2018.12.08 22:03 "Re: Zlib inflate recovery action required?", by Toby Thain

2018.12.08 22:03 "Re: Zlib inflate recovery action required?", by Toby Thain

On 2018-12-08 3:43 PM, Bob Friesenhahn wrote:
> I have a TIFF pixar log compressed file for which zlib is reporting
> Z_DATA_ERROR from inflate() in tif_pixarlog.c line 816. ...
> 
> Is it the consensus of opinion that an attempt to recover from
> Z_DATA_ERROR is valuable?  The alternative is to quit right away and
> hopefully not plow into reading unitialized memory (considered to be a
> security problem rather than a virtue).  Should libtiff try really hard
> to read apparently corrupted files or can we safely assume that modern
> computers do not produce useful corrupted files?
> 
> Thanks in advance for any informed opinions.

Speaking only as the author of a PSD parser/scavenger (extensively fuzz
tested) I think libtiff should make a reasonable effort to read the
file, but the activity of trying to recover or scavenge data doesn't
really belong in a general purpose library, especially if it increases
attack surface or complexity. Most important imho is to ensure the error
reporting chain is as reliable and comprehensive as possible.

--Toby


> 
> Bob

_______________________________________________
Tiff mailing list
Tiff@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/tiff