Bug 1658235 - Wrong exit status from tiffinfo on error output
Summary: Wrong exit status from tiffinfo on error output
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: libtiff
Version: 8.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: 8.0
Assignee: Nikola Forró
QA Contact: Miroslav Hradílek
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-12-11 15:04 UTC by Miroslav Hradílek
Modified: 2019-01-02 13:18 UTC (History)
0 users

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-01-02 13:18:41 UTC
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)

Description Miroslav Hradílek 2018-12-11 15:04:16 UTC
Description of problem:
Previously (RHEL-7) tiffinfo failed on broken file from CVE-2010-2067 test with exit status 1. In RHEL-8 it has the same output but exits with 0.

Might be related to RHEL-6 bug 1310137

Version-Release number of selected component (if applicable):
libtiff-4.0.9-12.el8.x86_64
libtiff-tools-4.0.9-12.el8.x86_64

How reproducible:
100%

Steps to Reproduce:
tiffinfo exploit.tif ; echo $?

Actual results:
TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
TIFFReadDirectory: Warning, Unknown field with tag 2052 (0x804) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 16705 (0x4141) encountered.
TIFFFetchNormalTag: Warning, Incorrect count for "YResolution"; tag ignored.
TIFF Directory at offset 0x8 (8)
. . .
         <photoshop:History/>
      </rdf:Description>
   </rdf:RDF>
</x:xmpmeta>
. . .               
<?xpacket end="w"?>
  RichTIFFIPTC Data: <present>, 28 bytes
  Photoshop Data: <present>, 5386 bytes
  EXIFIFDOffset: 0x5d5c
  ICC Profile: <present>, 3144 bytes
TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
exploit.tif: Warning, incorrect count for field "SubjectDistance" (5, expecting 1); tag trimmed.
TIFF Directory at offset 0x5d5c (23900)
  ColorSpace: 1
  PixelXDimension: 288
  SubjectDistance: 0.003521
0

Expected results:
Exit with status 1 as in
libtiff-4.0.3-27.el7_3.x86_64
libtiff-tools-4.0.3-27.el7_3.x86_64

TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
TIFFReadDirectory: Warning, Unknown field with tag 2052 (0x804) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 16705 (0x4141) encountered.
TIFFFetchNormalTag: Incorrect count for "YResolution"; tag ignored.
TIFF Directory at offset 0x8 (8)
. . .
         <photoshop:History/>
      </rdf:Description>
   </rdf:RDF>
</x:xmpmeta>
. . .                            
<?xpacket end="w"?>
  RichTIFFIPTC Data: <present>, 28 bytes
  Photoshop Data: <present>, 5386 bytes
  EXIFIFDOffset: 0x5d5c
  ICC Profile: <present>, 3144 bytes
TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
exploit.tif: Warning, incorrect count for field "SubjectDistance" (5, expecting 1); tag trimmed.
TIFF Directory at offset 0x5d5c (23900)
  ColorSpace: 1
  PixelXDimension: 288
  SubjectDistance: 0.003521
1

Comment 2 Nikola Forró 2018-12-13 12:48:18 UTC
This is expected, as upstream decided to treat incorrect count for a tag as a warning instead of an error:

https://gitlab.com/libtiff/libtiff/commit/9885124f1e66cc0e5dad03bfd2cb521aabb43523

Comment 3 Nikola Forró 2018-12-13 12:56:56 UTC
Also, note that the output is not the same:

@@ -1,7 +1,7 @@
 TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
 TIFFReadDirectory: Warning, Unknown field with tag 2052 (0x804) encountered.
 TIFFReadDirectory: Warning, Unknown field with tag 16705 (0x4141) encountered.
-TIFFFetchNormalTag: Incorrect count for "YResolution"; tag ignored.
+TIFFFetchNormalTag: Warning, Incorrect count for "YResolution"; tag ignored.
 TIFF Directory at offset 0x8 (8)
   Subfile Type: (0 = 0x0)
   Image Width: 288 Image Length: 144


Note You need to log in before you can comment on or make changes to this bug.