552360 – [abrt] crash detected in libtiff-3.9.2-2.fc12

Bug 552360 - [abrt] crash detected in libtiff-3.9.2-2.fc12

Summary: [abrt] crash detected in libtiff-3.9.2-2.fc12

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	libtiff
Sub Component:
Version:	12
Hardware:	x86_64
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Tom Lane
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:	abrt_hash:eee6b3fad71b8f68534f1b11353...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2010-01-04 19:42 UTC by Adam Goode
Modified:	2013-07-03 03:26 UTC (History)
CC List:	2 users (show)
Fixed In Version:	3.9.2-3.fc12
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2010-01-07 00:58:43 UTC
Dependent Products:

Attachments	(Terms of Use)
File: backtrace (2.89 KB, text/plain) 2010-01-04 19:42 UTC, Adam Goode	no flags	Details
Crasher file (89.30 KB, image/tiff) 2010-01-05 17:33 UTC, Adam Goode	no flags	Details
New version of jpeg-scanline patch with crash fix (1.66 KB, patch) 2010-01-05 18:32 UTC, Adam Goode	no flags	Details \| Diff
Add an attachment (proposed patch, testcase, etc.)

Description Adam Goode 2010-01-04 19:42:27 UTC

abrt 1.0.0 detected a crash.

How to reproduce
-----
1. tiffinfo on a file that used to work fine in tiff 3.8.2

Comment: Trying to do TIFFReadDirectory on a particular file crashes in libtiff.
Attached file: backtrace
cmdline: tiffinfo /home/agoode/dd/TRESTLE - 20x Images/CASE3.tif
component: libtiff
executable: /usr/bin/tiffinfo
kernel: 2.6.31.9-174.fc12.x86_64
package: libtiff-3.9.2-2.fc12
rating: 4
reason: Process was terminated by signal 11

Comment 1 Adam Goode 2010-01-04 19:42:29 UTC

Created attachment 381623 [details]
File: backtrace

Comment 2 Adam Goode 2010-01-04 19:43:31 UTC

Sorry I don't have the TIFF file yet, it is a medical slide. I am working on getting a de-identified image that I can freely distribute.

Comment 3 Adam Goode 2010-01-04 19:50:51 UTC

This bug goes away if I don't apply libtiff-jpeg-scanline.patch.

Comment 4 Adam Goode 2010-01-04 21:56:10 UTC

It's calling TIFFFillTile before td->td_stripbytecount is initialized.

Comment 5 Adam Goode 2010-01-05 17:32:13 UTC

This only happens with multi-file images, on the directories after the first.

Comment 6 Adam Goode 2010-01-05 17:33:00 UTC

Created attachment 381800 [details]
Crasher file

Comment 7 Adam Goode 2010-01-05 18:12:54 UTC

It seems that in multi-file TIFF, not all fields are zeroed in the second go. The patch checks for (tif->tif_scanlinesize > 0) which isn't reset yet.

Comment 8 Adam Goode 2010-01-05 18:32:46 UTC

Created attachment 381808 [details]
New version of jpeg-scanline patch with crash fix

Comment 9 Fedora Update System 2010-01-06 05:11:59 UTC

libtiff-3.9.2-3.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/libtiff-3.9.2-3.fc12

Comment 10 Fedora Update System 2010-01-07 00:58:37 UTC

libtiff-3.9.2-3.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.