AWARE SYSTEMS
TIFF and LibTiff Mail List Archive

Thread

2004.10.14 07:58 "[Tiff] WIN32 _TIFFrealloc() bug?", by Ville Herva
2004.10.15 20:01 "[Tiff] WIN32 _TIFFrealloc() bug?", by Ville Herva
2004.10.15 20:09 "Re: [Tiff] WIN32 _TIFFrealloc() bug?", by Frank Warmerdam
2004.10.15 21:47 "Re: [Tiff] WIN32 _TIFFrealloc() bug?", by Ville Herva
2004.10.16 07:52 "Re: [Tiff] WIN32 _TIFFrealloc() bug?", by Andrey Kiselev
2004.10.17 16:47 "RE: [Tiff] WIN32 _TIFFrealloc() bug?", by Larry Grill
2004.10.17 17:26 "Re: [Tiff] WIN32 _TIFFrealloc() bug?", by Ville Herva

2004.10.17 16:47 "RE: [Tiff] WIN32 _TIFFrealloc() bug?", by Larry Grill

Hi,

I thought this one was fixed in the general release some time ago. If you search the message archive you should find the same topic from me, but if you change the TIFFrealloc method this way, it will be fine. This is corrected in the 3.7 release.

tdata_t
_TIFFrealloc(tdata_t p, tsize_t s)
{
  void* pvTmp;
  tsize_t old;

  if(p==NULL)
    return ((tdata_t)GlobalAlloc(GMEM_FIXED, s));

  old = GlobalSize(p);

  if (old>=s)
  {
    if ((pvTmp = GlobalAlloc(GMEM_FIXED, s)) != NULL) {
      CopyMemory(pvTmp, p, s);
      GlobalFree(p);
    }
  }
  else
  {
    if ((pvTmp = GlobalAlloc(GMEM_FIXED, s)) != NULL) {
      CopyMemory(pvTmp, p, old);
      GlobalFree(p);
    }
  }
  return ((tdata_t)pvTmp);
}

Larry M. Grill
larry@nuglyphix.com
www.nuglyphix.com

> -----Original Message-----
> From: tiff-bounces@remotesensing.org
> [mailto:tiff-bounces@remotesensing.org]On Behalf Of Ville Herva
> Sent: Thursday, October 14, 2004 2:59 AM
> To: tiff@remotesensing.org
> Subject: [Tiff] WIN32 _TIFFrealloc() bug?

[I'll appreciate Cc'ing me, but I will read the archive]

Hi,

When opening an image on WIN32, libtiff-3.6.1 does:

GlobalSize(NULL)

_TIFFrealloc(void * 0x00000000, long 4) line 237 TIFFReadDirectory(tiff * 0x001b5ec8) line 112 + 25 bytes

TIFFClientOpen(const char * 0x009d4934, const char * 0x009d4920,  thandle_t__ * 0x00000000, long (thandle_t__ *, void *, long)*  0x00627caa _tiffFileReadProc(thandle_t__ *, void *, long), long  (thandle_t__ *, void *, long)* 0x00627cd1  _tiffFileWriteProc(thandle_t__ *, void *, long), unsigned long  (thandle_t__ *, unsigned long, int)* ...) line 367 + 9 bytes

iTIFFOpen(char * 0x009d4920) line 669 + 51 bytes

in _TIFFrealloc() there's this GlobalSize() call:

tdata_t
_TIFFrealloc(tdata_t p, tsize_t s)
{
  void* pvTmp;
  tsize_t old=GlobalSize(p);
  if (old>=s)
    {
      if ((pvTmp = GlobalAlloc(GMEM_FIXED, s)) != NULL) {
        CopyMemory(pvTmp, p, s);
        GlobalFree(p);
      }
    }
  else
    {
      if ((pvTmp = GlobalAlloc(GMEM_FIXED, s)) != NULL) {
        CopyMemory(pvTmp, p, old);
        GlobalFree(p);
      }
    }
  return ((tdata_t)pvTmp);
}

called from TIFFReadDirectory():

        tif->tif_dirlist = _TIFFrealloc(tif->tif_dirlist,
                                        tif->tif_dirnumber * sizeof(toff_t));

Should the line perhaps read:

  tsize_t old=p != 0? GlobalSize(p): 0;

and maybe also

-        CopyMemory(pvTmp, p, old);
+        if (old!=0) CopyMemory(pvTmp, p, old);

Comments?

-- v --

v@iki.fi