2005.09.28 00:49 "[Tiff] PSP libtiff hack?", by Frank Warmerdam

2005.09.28 13:50 "Re: [Tiff] PSP libtiff hack?", by Frank Warmerdam

On 9/28/05, edward@sidefx.com <edward@sidefx.com> wrote:

I tried the file in question with TIFFOpen() and it seems to have no problem. That is TIFFOpen() properly identifies it as corrupt and gives up. So I think the vulnerability has already been corrected in the current libtiff.

Hmm... I would like to see valgrind run to be sure though. :)


Tried that. :-)

warmerda@gdal2200[4]% vg tiffinfo overflow.tif ==3303== Memcheck, a memory error detector for x86-linux.

==3303== Copyright (C) 2002-2005, and GNU GPL'd, by Julian Seward et al. ==3303== Using valgrind-2.4.0, a program supervision framework for x86-linux.

==3303== Copyright (C) 2000-2005, and GNU GPL'd, by Julian Seward et al.

==3303== For more details, rerun with: -v

overflow.tif: Warning, incorrect count for field "BitsPerSample" (16496, expecting 3); tag trimmed. overflow.tif: Error fetching data for field "BitsPerSample".

==3303== FILE DESCRIPTORS: 3 open at exit.
==3303== Open file descriptor 2: /dev/pts/3
==3303== <inherited from parent>
==3303== Open file descriptor 1: /dev/pts/3
==3303== <inherited from parent>
==3303== Open file descriptor 0: /dev/pts/3
==3303== <inherited from parent>

==3303== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 20 from 1) ==3303== malloc/free: in use at exit: 0 bytes in 0 blocks.

==3303== malloc/free: 5 allocs, 5 frees, 34345 bytes allocated.

==3303== For counts of detected errors, rerun with: -v ==3303== No malloc'd blocks -- no leaks are possible.

Best regards,

I set the clouds in motion - turn up   | Frank Warmerdam, warmerdam@pobox.com
light and sound - activate the windows | http://pobox.com/~warmerdam
and watch the world go round - Rush    | Geospatial Programmer for Rent