2003.12.30 21:29 "[Tiff] Win32 TIFFRealloc bug", by Larry Grill

2003.12.30 21:29 "[Tiff] Win32 TIFFRealloc bug", by Larry Grill

I finally dug into a Windows access violation that has been causing trouble here since 3.6.0. I noticed it happening on every TIFFOpen call.

The problem is that TIFFOpen eventually calls TIFFReadDirectory, which in turn calls TIFFRealloc. In the win32 code, the old mem pointer size is checked with the Win API call GlobalSize(ptr), which blows up if the pointer is null. I changed the win32.c TIFFRealloc code thusly and it cures the problem:

tdata_t
_TIFFrealloc(tdata_t p, tsize_t s)
{
  void* pvTmp;
  tsize_t old;

  if(p==NULL)
    return ((tdata_t)GlobalAlloc(GMEM_FIXED, s));

  old = GlobalSize(p);

  if (old>=s)
  {
    if ((pvTmp = GlobalAlloc(GMEM_FIXED, s)) != NULL) {
      CopyMemory(pvTmp, p, s);
      GlobalFree(p);
    }
  }
  else
  {
    if ((pvTmp = GlobalAlloc(GMEM_FIXED, s)) != NULL) {
      CopyMemory(pvTmp, p, old);
      GlobalFree(p);
    }
  }
  return ((tdata_t)pvTmp);
}

Larry M. Grill
NUGLYPHIX
larry@nuglyphix.com
www.nuglyphix.com