2013.08.31 11:39 "[Tiff] Slightly corrupted tiff image causes libtiff to
crash with double free or corruption", by Konstantin
Thread
2013.08.31 11:39 "[Tiff] Slightly corrupted tiff image causes libtiff to crash with double free or corruption", by Konstantin
Hi,
on a tiff image received per fax one of the pages has some strange corruption which causes libtiff (and any program using it) to crash in a strange way. If only the corrupted page is processed or it is processed first, there is no problem. But if more pages are processed and the corrupted one is not the first one, an error like the following appears:
*** glibc detected *** tiffcp: double free or corruption (!prev): 0x095b4eb8 *** ======= Backtrace: ========= /lib/libc.so.6[0x444306e1] /usr/lib/libtiff.so.5(_TIFFfree+0x1a)[0x47cc4d40]
tiffcp[0x804af7a]
tiffcp[0x804a33a]
/lib/libc.so.6(__libc_start_main+0xe6)[0x443da572]
tiffcp[0x804a415]
It seems to me as there is some data structure that is not initialized correctly between the iterations when processing the pages.
If anyone is interested in finding this bug please let me know so I can send you a good and the bad page (24kB each). Otherwise I will discard the bad images in a while. Here the tiffinfo output:
TIFF Directory at offset 0x5a08 (23048)
Subfile Type: multi-page document (2 = 0x2)
Image Width: 1728 Image Length: 1152
Resolution: 200, 100 pixels/inch
Bits/Sample: 1
Compression Scheme: ISO JBIG
Photometric Interpretation: min-is-white
FillOrder: lsb-to-msb
Orientation: row 0 top, col 0 lhs
Samples/Pixel: 1
Rows/Strip: (infinite)
Planar Configuration: single image plane
ImageDescription: +49 7625 13237162
Make: VER. 1.26 VOM 18.07.97
Model: 282
Software: HylaFAX (tm) Version 6.0.3
DateTime: 2013:08:27 13:21:55
HostComputer: router
FaxRecvParams: 2170920
FaxRecvTime: 18
FaxDcs: 00 44 1F 21 01 11 01 01 01 02