2005.09.28 00:49 "[Tiff] PSP libtiff hack?", by Frank Warmerdam
Thread
2005.09.28 13:50 "Re: [Tiff] PSP libtiff hack?", by Frank Warmerdam
On 9/28/05, edward@sidefx.com <edward@sidefx.com> wrote:
I tried the file in question with TIFFOpen() and it seems to have no problem. That is TIFFOpen() properly identifies it as corrupt and gives up. So I think the vulnerability has already been corrected in the current libtiff.
Hmm... I would like to see valgrind run to be sure though. :)
Edward,
Tried that. :-)
warmerda@gdal2200[4]% vg tiffinfo overflow.tif ==3303== Memcheck, a memory error detector for x86-linux.
==3303== Copyright (C) 2002-2005, and GNU GPL'd, by Julian Seward et al. ==3303== Using valgrind-2.4.0, a program supervision framework for x86-linux.
==3303== Copyright (C) 2000-2005, and GNU GPL'd, by Julian Seward et al.
==3303== For more details, rerun with: -v
==3303==
overflow.tif: Warning, incorrect count for field "BitsPerSample" (16496, expecting 3); tag trimmed. overflow.tif: Error fetching data for field "BitsPerSample".
==3303==
==3303== FILE DESCRIPTORS: 3 open at exit.
==3303== Open file descriptor 2: /dev/pts/3
==3303== <inherited from parent>
==3303==
==3303== Open file descriptor 1: /dev/pts/3
==3303== <inherited from parent>
==3303==
==3303== Open file descriptor 0: /dev/pts/3
==3303== <inherited from parent>
==3303==
==3303==
==3303== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 20 from 1) ==3303== malloc/free: in use at exit: 0 bytes in 0 blocks.
==3303== malloc/free: 5 allocs, 5 frees, 34345 bytes allocated.
==3303== For counts of detected errors, rerun with: -v ==3303== No malloc'd blocks -- no leaks are possible.
Best regards,
--
---------------------------------------+--------------------------------------
I set the clouds in motion - turn up | Frank Warmerdam, warmerdam@pobox.com
light and sound - activate the windows | http://pobox.com/~warmerdam
and watch the world go round - Rush | Geospatial Programmer for Rent