2016.11.09 23:39 "Re: [Tiff] comment about bug 2591", by Even Rouault
Le mercredi 09 novembre 2016 18:25:43, Henri Salo a écrit:
Can't reproduce this case with the latest codebase:
Me too, but I cannot either reproduce with stock 4.0.6...
There are large memory allocation ( 800MB + 1.2 GB), but they occur after the reported crash.
The reported crash occurs is a SEGV on unknown address 0x000000000000 in TIFFVGetFieldDefaulted() on
TIFFPredictorState* sp = (TIFFPredictorState*) tif->tif_data;
*va_arg(ap, uint16*) = (uint16) sp->predictor;
So it would seem that tif->tif_data is NULL.
tif->tif_data is allocated in TIFFInitZIP() in tif_zip.c
tif->tif_data = (uint8*) _TIFFmalloc(sizeof (ZIPState));
if (tif->tif_data == NULL)
I've simulated a failed malloc(), but that cause a very early return in the utility, so that's not the cause.
So this bug is a mystery.
Spatialys - Geospatial professional services