abrt 1.0.0 detected a crash. How to reproduce ----- 1. tiffinfo on a file that used to work fine in tiff 3.8.2 Comment: Trying to do TIFFReadDirectory on a particular file crashes in libtiff. Attached file: backtrace cmdline: tiffinfo /home/agoode/dd/TRESTLE - 20x Images/CASE3.tif component: libtiff executable: /usr/bin/tiffinfo kernel: 2.6.31.9-174.fc12.x86_64 package: libtiff-3.9.2-2.fc12 rating: 4 reason: Process was terminated by signal 11
Created attachment 381623 [details] File: backtrace
Sorry I don't have the TIFF file yet, it is a medical slide. I am working on getting a de-identified image that I can freely distribute.
This bug goes away if I don't apply libtiff-jpeg-scanline.patch.
It's calling TIFFFillTile before td->td_stripbytecount is initialized.
This only happens with multi-file images, on the directories after the first.
Created attachment 381800 [details] Crasher file
It seems that in multi-file TIFF, not all fields are zeroed in the second go. The patch checks for (tif->tif_scanlinesize > 0) which isn't reset yet.
Created attachment 381808 [details] New version of jpeg-scanline patch with crash fix
libtiff-3.9.2-3.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/libtiff-3.9.2-3.fc12
libtiff-3.9.2-3.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.