2011.04.18 17:42 "[Tiff] WhiteLevel with 3.9.5", by Ashish Uthama

2011.04.18 17:42 "[Tiff] WhiteLevel with 3.9.5", by Ashish Uthama

Hi folks,

I am trying to use the 3.9.5 library to handle a DNG file with a subIFD. The subIFD has a WhiteLevel tag http://www.awaresystems.be/imaging/tiff/tifftags/whitelevel.html which appears to cause a segfault with 3.9.5 (Used to work fine with 3.7.1).

Debugging 3.9.5, I noticed that TIFFSetField at 1739 was called for this tag:

tif_dirread.c:

   1737                           ok = (fip->field_passcount ?
   1738                               TIFFSetField(tif, dp->tdir_tag, 1, 

&v32)

   1739                             : TIFFSetField(tif, dp->tdir_tag, v32));

which cases the memcpy in 506 to fail:

tif_dir.c:

    497                 if ((fip->field_passcount
    498                     || fip->field_writecount == TIFF_VARIABLE
    499                     || fip->field_writecount == TIFF_VARIABLE2
    500                     || fip->field_writecount == TIFF_SPP
    501                     || tv->count > 1)
    502                     && fip->field_tag != TIFFTAG_PAGENUMBER
    503                     && fip->field_tag != TIFFTAG_HALFTONEHINTS
    504                     && fip->field_tag != TIFFTAG_YCBCRSUBSAMPLING
    505                     && fip->field_tag != TIFFTAG_DOTRANGE) {
    506                     _TIFFmemcpy(tv->value, va_arg(ap, void *),
    507                                 tv->count * tv_size);
    508                 } else {
    509                     /*
    510                      * XXX: The following loop required to handle
    511                      * TIFFTAG_PAGENUMBER, TIFFTAG_HALFTONEHINTS,
    512                      * TIFFTAG_YCBCRSUBSAMPLING and 
TIFFTAG_DOTRANGE tags.
    513                      * These tags are actually arrays and should 
be passed as
    514                      * array pointers to TIFFSetField() 
function, but actually
    515                      * passed as a list of separate values. This 
behaviour
    516                      * must be changed in the future!
    517                      */

Based on the comment (510-517), and the description for the tag, I added TIFFTAG_WHITELEVEL after line 505 to skip the memcpy and use the else block to process it.

Would this be the right way to handle this tag?

Ashish