AWARE SYSTEMS
TIFF and LibTiff Mail List Archive

Thread

2013.08.31 11:39 "[Tiff] Slightly corrupted tiff image causes libtiff to crash with double free or corruption", by Konstantin
2013.08.31 11:57 "Re: [Tiff] Slightly corrupted tiff image causes libtiff to crash with double free or corruption", by Steve Underwood
2013.09.01 16:54 "Re: [Tiff] Slightly corrupted tiff image causes libtiff to crash with double free or corruption", by Konstantin
2013.09.01 17:16 "Re: [Tiff] Slightly corrupted tiff image causes libtiff to crash with double free or corruption", by Steve Underwood
2013.09.02 01:05 "Re: [Tiff] Slightly corrupted tiff image causes libtiff to crash with double free or corruption", by Konstantin
2013.09.02 02:30 "Re: [Tiff] Slightly corrupted tiff image causes libtiff to crash with double free or corruption", by Lee Howard
2013.09.03 01:18 "Re: [Tiff] Slightly corrupted tiff image causes libtiff to crash with double free or corruption", by Lee Howard
2013.09.03 09:43 "Re: [Tiff] Slightly corrupted tiff image causes libtiff to crash with double free or corruption", by Joris Van Damme

2013.08.31 11:57 "Re: [Tiff] Slightly corrupted tiff image causes libtiff to crash with double free or corruption", by Steve Underwood

Hi Konstantin,

Its more likely your problem is in jbigkit rather than libtiff, so it might be worth looking for help from its author.

I would be interested in seeing some of your bad files. I have my own implementation of T.85 (the subset of JBIG used for FAX), and I use libtiff to read and write these images as the T85 compression type defined in the TIFF-FX spec. If some FAX systems send you bad images I would like to see how my code reacts to them.

Regards,
Steve

On 08/31/2013 07:39 PM, Konstantin wrote:

on a tiff image received per fax one of the pages has some strange corruption which causes libtiff (and any program using it) to crash in a strange way. If only the corrupted page is processed or it is processed first, there is no problem. But if more pages are processed and the corrupted one is not the first one, an error like the following appears:

*** glibc detected *** tiffcp: double free or corruption (!prev): 0x095b4eb8 *** ======= Backtrace: ========= /lib/libc.so.6[0x444306e1] /usr/lib/libtiff.so.5(_TIFFfree+0x1a)[0x47cc4d40]

tiffcp[0x804af7a]
tiffcp[0x804a33a]
/lib/libc.so.6(__libc_start_main+0xe6)[0x443da572]
tiffcp[0x804a415]

It seems to me as there is some data structure that is not initialized correctly between the iterations when processing the pages.

If anyone is interested in finding this bug please let me know so I can send you a good and the bad page (24kB each). Otherwise I will discard the bad images in a while. Here the tiffinfo output:

TIFF Directory at offset 0x5a08 (23048)
    Subfile Type: multi-page document (2 = 0x2)
    Image Width: 1728 Image Length: 1152
    Resolution: 200, 100 pixels/inch
    Bits/Sample: 1
    Compression Scheme: ISO JBIG
    Photometric Interpretation: min-is-white
    FillOrder: lsb-to-msb
    Orientation: row 0 top, col 0 lhs
    Samples/Pixel: 1
    Rows/Strip: (infinite)
    Planar Configuration: single image plane

  ImageDescription: +49 7625 13237162
  Make: VER. 1.26 VOM 18.07.97
  Model: 282
  Software: HylaFAX (tm) Version 6.0.3
  DateTime: 2013:08:27 13:21:55
  HostComputer: router
  FaxRecvParams: 2170920
  FaxRecvTime: 18
  FaxDcs: 00 44 1F 21 01 11 01 01 01 02