2004.09.24 12:36 "[Tiff] Possible (tiny) bug in LZW code", by Joris Van Damme

2004.09.24 13:30 "Re: [Tiff] Possible (tiny) bug in LZW code", by Joris Van Damme


Another tif_lzw.c issue.

Inside LZWDecode, there's a lot of checking going on. Part of it is:

if (free_entp < &sp->dec_codetab[0] ||
    free_entp >= &sp->dec_codetab[CSIZE])

I don't see how this could ever happen.

free_entp is initialized as first free entry, and is, from that point on, only incremented. It cannot ever drop down to before the first entry.

And as to incrementing beyond the last entry, there's a check at one point

  if (++nbits > BITS_MAX)  /* should not happen */

Only if what is commented to not ever should be occuring, does occur, free_entp will grow beyond last entry. Next time around in this loop, the check free_entp >= &sp->dec_codetab[CSIZE] will cause an error. So how about causing an error right away, if (++nbits > BITS_MAX), and forgetting about the check in question entirely? *If* I'm not mistaking, that should boil down to the same thing, only be a little faster.

Joris Van Damme
Download your free TIFF tag viewer for windows here: