2013.04.10 22:40 "[Tiff] Getting a crash after calling TIFFReadRGBAImageOriented()", by Bruce A. Mallett

2013.04.10 22:40 "[Tiff] Getting a crash after calling TIFFReadRGBAImageOriented()", by Bruce A. Mallett

The man page for TIFFReadRGBAImage()/TIFFReadRGBAImageOriented() indicates that if I pass in a raster less high than the source image this function will crop accordingly. If I want only the very last scanline of a 1024x800 image then it sounds like I can do something like this:

ORIENTATION_BOTLEFT, 0)

This crashes because when TIFFReadRGBAImageOriented() calls TIFFRGBAImageGet() it does so as follows:

         ok = TIFFRGBAImageGet(&img, raster+(rheight-img.height)*rwidth,
             rwidth, img.height);

Substituting rheight=1, img.height=800, rwidth=1024 this becomes:

         ok = TIFFRGBAImageGet(&img, raster+(1-800)*1024,
             800, 1024);

or
         ok = TIFFRGBAImageGet(&img, raster - 818176,
             800, 1024);

Given that "raster" is a uint32 *" TIFFRGBAImageGet() receives an address that is 4*818176 before the start of raster. Eventually this bubbles down to gtStripContig() and then to putRGBUAcontig8bittile() which segfaults trying to put a uint32 value to that address.

I'm curious if I'm reading the man page wrong or I'm using this wrong or if the code is wrong.

Thanks!

      - Bruce

P.S. While stepping in gdb I found this amusing bit of code in gtStripContig():

    toskew = -(int32)(w - w);

One too many edits?