2013.05.29 18:20 "[Tiff] LibTiff Bug in ChopUpSingleUncompressedStrip", by LaViolette, Alan
I have found an issue in ChopUpSingleUncompressedStrip() located in tif_dirread.c. This function attempts to split up a large single strip image into multiple strips. I believe the issue I am having is it does not reset/change the td->td_stripbufmax value to represent the new size of the size and offset blocks. This causes the code in _TIFFGetByteCount() and _TIFFGetOffset() to incorrectly compute the correct block number (it should now always be 0), It will only work for images with < td_stripbufmax strips, in my case 1024.
Code in _TIFFGetByteCount():
_TIFFGetByteCount(TIFF* tif, tstrip_t strip)
TIFFDirectory *td = &tif->tif_dir;
int status = 1;
uint32 blkno = strip / td->td_stripbufmax; // Value is not set correctly
Code as it needs to be in ChopUpSingleUncompressedStrip():
td->td_stripbcsbuf = newcounts;
td->td_stripoffsbuf = newoffsets;
td->td_stripbcsblk = 0;
td->td_stripoffsblk = 0;
td->td_stripbytecountsorted = 1;
td->td_stripbufmax = nstrips; // New assignment to td_stripbufmax
I have tested this change in my own code base and it is working correctly, but I don't know if it will have any other effects. Also other td_strip* values are not adjusted in ChopUpSingleUncompressedStrip(), is that Ok.