Bug 552360 - [abrt] crash detected in libtiff-3.9.2-2.fc12
Summary: [abrt] crash detected in libtiff-3.9.2-2.fc12
Alias: None
Product: Fedora
Classification: Fedora
Component: libtiff
Version: 12
Hardware: x86_64
OS: Linux
Target Milestone: ---
Assignee: Tom Lane
QA Contact: Fedora Extras Quality Assurance
Whiteboard: abrt_hash:eee6b3fad71b8f68534f1b11353...
Depends On:
TreeView+ depends on / blocked
Reported: 2010-01-04 19:42 UTC by Adam Goode
Modified: 2013-07-03 03:26 UTC (History)
2 users (show)

Fixed In Version: 3.9.2-3.fc12
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2010-01-07 00:58:43 UTC

Attachments (Terms of Use)
File: backtrace (2.89 KB, text/plain)
2010-01-04 19:42 UTC, Adam Goode
no flags Details
Crasher file (89.30 KB, image/tiff)
2010-01-05 17:33 UTC, Adam Goode
no flags Details
New version of jpeg-scanline patch with crash fix (1.66 KB, patch)
2010-01-05 18:32 UTC, Adam Goode
no flags Details | Diff

Description Adam Goode 2010-01-04 19:42:27 UTC
abrt 1.0.0 detected a crash.

How to reproduce
1. tiffinfo on a file that used to work fine in tiff 3.8.2

Comment: Trying to do TIFFReadDirectory on a particular file crashes in libtiff.
Attached file: backtrace
cmdline: tiffinfo /home/agoode/dd/TRESTLE - 20x Images/CASE3.tif
component: libtiff
executable: /usr/bin/tiffinfo
package: libtiff-3.9.2-2.fc12
rating: 4
reason: Process was terminated by signal 11

Comment 1 Adam Goode 2010-01-04 19:42:29 UTC
Created attachment 381623 [details]
File: backtrace

Comment 2 Adam Goode 2010-01-04 19:43:31 UTC
Sorry I don't have the TIFF file yet, it is a medical slide. I am working on getting a de-identified image that I can freely distribute.

Comment 3 Adam Goode 2010-01-04 19:50:51 UTC
This bug goes away if I don't apply libtiff-jpeg-scanline.patch.

Comment 4 Adam Goode 2010-01-04 21:56:10 UTC
It's calling TIFFFillTile before td->td_stripbytecount is initialized.

Comment 5 Adam Goode 2010-01-05 17:32:13 UTC
This only happens with multi-file images, on the directories after the first.

Comment 6 Adam Goode 2010-01-05 17:33:00 UTC
Created attachment 381800 [details]
Crasher file

Comment 7 Adam Goode 2010-01-05 18:12:54 UTC
It seems that in multi-file TIFF, not all fields are zeroed in the second go. The patch checks for (tif->tif_scanlinesize > 0) which isn't reset yet.

Comment 8 Adam Goode 2010-01-05 18:32:46 UTC
Created attachment 381808 [details]
New version of jpeg-scanline patch with crash fix

Comment 9 Fedora Update System 2010-01-06 05:11:59 UTC
libtiff-3.9.2-3.fc12 has been submitted as an update for Fedora 12.

Comment 10 Fedora Update System 2010-01-07 00:58:37 UTC
libtiff-3.9.2-3.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.