comment about bug 2591

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

comment about bug 2591

Henri Salo
Can't reproduce this case with the latest codebase:

http://bugzilla.maptools.org/show_bug.cgi?id=2591

--
Henri Salo
_______________________________________________
Tiff mailing list: [hidden email]
http://lists.maptools.org/mailman/listinfo/tiff
http://www.remotesensing.org/libtiff/
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: comment about bug 2591

Even Rouault-2
Le mercredi 09 novembre 2016 18:25:43, Henri Salo a écrit :
> Can't reproduce this case with the latest codebase:
>
> http://bugzilla.maptools.org/show_bug.cgi?id=2591

Me too, but I cannot either reproduce with stock 4.0.6...

There are large memory allocation ( 800MB + 1.2 GB), but they occur after the
reported crash.

The reported crash occurs is a SEGV on unknown address 0x000000000000 in
TIFFVGetFieldDefaulted() on

                        TIFFPredictorState* sp = (TIFFPredictorState*) tif->tif_data;
                        *va_arg(ap, uint16*) = (uint16) sp->predictor;

So it would seem that tif->tif_data is NULL.

tif->tif_data is allocated in TIFFInitZIP() in tif_zip.c

        tif->tif_data = (uint8*) _TIFFmalloc(sizeof (ZIPState));
        if (tif->tif_data == NULL)
                goto bad;

I've simulated a failed malloc(), but that cause a very early return in the
utility, so that's not the cause.

So this bug is a mystery.

--
Spatialys - Geospatial professional services
http://www.spatialys.com
_______________________________________________
Tiff mailing list: [hidden email]
http://lists.maptools.org/mailman/listinfo/tiff
http://www.remotesensing.org/libtiff/
Loading...