2007.07.13 18:14 "[Tiff] Read warnings in TIFFReadEncodedStrip lead to crash on TIFFClose", by Steve Bougerolle

2007.07.13 18:14 "[Tiff] Read warnings in TIFFReadEncodedStrip lead to crash on TIFFClose", by Steve Bougerolle

We've run into an obscure bug/feature: when reading some specific TIFF files

Fax4Decode (called from TIFFReadEncodedStrip) will toss out a few warnings about "line length mismatch" and continue reading. However, farther down the

line the program segfaults while doing TIFFClose().

The program seems to be doing everything right that I can see - reading the fields

in the right order, checking error return values. The problem is libtiff only DISPLAYS

this warning but doesn't return any error code. If this can cause a segfault, surely it

needs to be classed as an error?

Adding "return -1" to the CLEANUP_RUNS macro in libtiff/tif_fax3.h seems to fix the

problem.