Bug 1658235

Summary: Wrong exit status from tiffinfo on error output
Product: Red Hat Enterprise Linux 8 Reporter: Miroslav Hradílek <mhradile>
Component: libtiffAssignee: Nikola Forró <nforro>
Status: CLOSED NOTABUG QA Contact: Miroslav Hradílek <mhradile>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.0   
Target Milestone: rc   
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-01-02 13:18:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Miroslav Hradílek 2018-12-11 15:04:16 UTC 
Description of problem:
Previously (RHEL-7) tiffinfo failed on broken file from CVE-2010-2067 test with exit status 1. In RHEL-8 it has the same output but exits with 0.

Might be related to RHEL-6 bug 1310137

Version-Release number of selected component (if applicable):
libtiff-4.0.9-12.el8.x86_64
libtiff-tools-4.0.9-12.el8.x86_64

How reproducible:
100%

Steps to Reproduce:
tiffinfo exploit.tif ; echo $?

Actual results:
TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
TIFFReadDirectory: Warning, Unknown field with tag 2052 (0x804) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 16705 (0x4141) encountered.
TIFFFetchNormalTag: Warning, Incorrect count for "YResolution"; tag ignored.
TIFF Directory at offset 0x8 (8)
. . .
         <photoshop:History/>
      </rdf:Description>
   </rdf:RDF>
</x:xmpmeta>
. . .               
<?xpacket end="w"?>
  RichTIFFIPTC Data: <present>, 28 bytes
  Photoshop Data: <present>, 5386 bytes
  EXIFIFDOffset: 0x5d5c
  ICC Profile: <present>, 3144 bytes
TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
exploit.tif: Warning, incorrect count for field "SubjectDistance" (5, expecting 1); tag trimmed.
TIFF Directory at offset 0x5d5c (23900)
  ColorSpace: 1
  PixelXDimension: 288
  SubjectDistance: 0.003521
0

Expected results:
Exit with status 1 as in
libtiff-4.0.3-27.el7_3.x86_64
libtiff-tools-4.0.3-27.el7_3.x86_64

TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
TIFFReadDirectory: Warning, Unknown field with tag 2052 (0x804) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 16705 (0x4141) encountered.
TIFFFetchNormalTag: Incorrect count for "YResolution"; tag ignored.
TIFF Directory at offset 0x8 (8)
. . .
         <photoshop:History/>
      </rdf:Description>
   </rdf:RDF>
</x:xmpmeta>
. . .                            
<?xpacket end="w"?>
  RichTIFFIPTC Data: <present>, 28 bytes
  Photoshop Data: <present>, 5386 bytes
  EXIFIFDOffset: 0x5d5c
  ICC Profile: <present>, 3144 bytes
TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
exploit.tif: Warning, incorrect count for field "SubjectDistance" (5, expecting 1); tag trimmed.
TIFF Directory at offset 0x5d5c (23900)
  ColorSpace: 1
  PixelXDimension: 288
  SubjectDistance: 0.003521
1
Comment 2 Nikola Forró 2018-12-13 12:48:18 UTC 
This is expected, as upstream decided to treat incorrect count for a tag as a warning instead of an error:

https://gitlab.com/libtiff/libtiff/commit/9885124f1e66cc0e5dad03bfd2cb521aabb43523
Comment 3 Nikola Forró 2018-12-13 12:56:56 UTC 
Also, note that the output is not the same:

@@ -1,7 +1,7 @@
 TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
 TIFFReadDirectory: Warning, Unknown field with tag 2052 (0x804) encountered.
 TIFFReadDirectory: Warning, Unknown field with tag 16705 (0x4141) encountered.
-TIFFFetchNormalTag: Incorrect count for "YResolution"; tag ignored.
+TIFFFetchNormalTag: Warning, Incorrect count for "YResolution"; tag ignored.
 TIFF Directory at offset 0x8 (8)
   Subfile Type: (0 = 0x0)
   Image Width: 288 Image Length: 144