2020.12.11 15:22 "[Tiff] SIGSEGV within TIFFGetField()", by OnlineCop

My C++ application is terminating with SIGSEGV when I call TIFFGetField().

I cloned libtiff's master branch from https://gitlab.com/libtiff/libtiff and compiled with debugging. The VERSION file there says it's version 4.1.0.

gdb reports the SIGSEGV is in tif_dir.c line 1157:
https://gitlab.com/libtiff/libtiff/-/blob/master/libtiff/tif_dir.c#L1157

I'm defining almost identical tags that were reported in https://stackoverflow.com/a/27609465/801098 answer and registering them with TIFFMergeFieldInfo().

Then I loop over each of the tags I've created and call TIFFGetField(). For TIFF_ASCII types, I pass 3 parameters: the TIFF* pointer, the (custom) tag, and an [out] (void*) pointer where the value will be stored. For non-TIFF_ASCII types, I pass 4 parameters: the TIFF* pointer, the (custom) tag, an [out] (uint16_t*) pointer for the count, and an [out] (void*) pointer for the value.

The non-TIFF_ASCII types process just fine. The TIFF_ASCII types, however, get a segmentation fault.

I've posted some abbreviated code from my files (only the pertinent portions that relate to TIFF) at https://repl.it/@OnlineCop/SigsegvInTiff#main.cpp, but if it's easier for me to include that in an email, let me know and I can paste it. (I don't believe the code compiles there, as it doesn't link to the actual tiff*.h files.)

My code is being adapted from about 10-year-old code, so it's very possible that this worked with an older version of libTIFF, but has since changed. Any feedback is appreciated.

@onlinecop