TIFF and LibTiff Mail List Archive

1998.05.01 01:38 "Potential problem with libtiff G4 decompression", by Brent Foster

While dealing with these bad Kofax images and basically being fed random codes, I discovered that problems can occur with VL codes when b1 - codeLength < a0, which is of course invalid. You end up with negative length runs, which cause havoc.

S_VL in EXPAND2D needs to be changed to something like below I think. I don't know what it's appropriate to do in this situation - give up? Insert a zero run?

Does this sound right?


  case S_VL:
    if (TabEnt->Width > b1 - a0) {
      /* bad data */
    SETVAL(b1 - a0 - TabEnt->Param);
    b1 -= *--pb;