rpms/libtiff/devel libtiff-scanlinesize.patch, NONE, 1.1 libtiff-jpeg-scanline.patch, 1.1, 1.2 libtiff.spec, 1.60, 1.61
Tom Lane
tgl at fedoraproject.org
Wed Jan 6 04:31:25 UTC 2010
Author: tgl
Update of /cvs/pkgs/rpms/libtiff/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv31783
Modified Files:
libtiff-jpeg-scanline.patch libtiff.spec
Added Files:
libtiff-scanlinesize.patch
Log Message:
Fix assorted issues around downsampled JPEG files
libtiff-scanlinesize.patch:
tif_jpeg.c | 14 ++++++++++----
tif_strip.c | 18 +++++++-----------
2 files changed, 17 insertions(+), 15 deletions(-)
--- NEW FILE libtiff-scanlinesize.patch ---
Partial fix for issues filed upstream at
http://bugzilla.maptools.org/show_bug.cgi?id=2140
This stops the tiffcmp core dump noted in bug #460322, but isn't enough
to make tiffcmp return the right answer (it emits a bunch of error
messages instead).
diff -Naur tiff-3.9.2.orig/libtiff/tif_jpeg.c tiff-3.9.2/libtiff/tif_jpeg.c
--- tiff-3.9.2.orig/libtiff/tif_jpeg.c 2009-08-30 12:21:46.000000000 -0400
+++ tiff-3.9.2/libtiff/tif_jpeg.c 2010-01-05 22:40:40.000000000 -0500
@@ -988,8 +988,15 @@
tsize_t nrows;
(void) s;
- /* data is expected to be read in multiples of a scanline */
- if ( (nrows = sp->cinfo.d.image_height) ) {
+ nrows = cc / sp->bytesperline;
+ if (cc % sp->bytesperline)
+ TIFFWarningExt(tif->tif_clientdata, tif->tif_name, "fractional scanline not read");
+
+ if( nrows > (int) sp->cinfo.d.image_height )
+ nrows = sp->cinfo.d.image_height;
+
+ /* data is expected to be read in multiples of a scanline */
+ if (nrows) {
/* Cb,Cr both have sampling factors 1, so this is correct */
JDIMENSION clumps_per_line = sp->cinfo.d.comp_info[1].downsampled_width;
int samples_per_clump = sp->samplesperclump;
@@ -1087,8 +1094,7 @@
* TODO: resolve this */
buf += sp->bytesperline;
cc -= sp->bytesperline;
- nrows -= sp->v_sampling;
- } while (nrows > 0);
+ } while (--nrows > 0);
#ifdef JPEG_LIB_MK1
_TIFFfree(tmpbuf);
diff -Naur tiff-3.9.2.orig/libtiff/tif_strip.c tiff-3.9.2/libtiff/tif_strip.c
--- tiff-3.9.2.orig/libtiff/tif_strip.c 2006-03-25 13:04:35.000000000 -0500
+++ tiff-3.9.2/libtiff/tif_strip.c 2010-01-05 21:39:20.000000000 -0500
@@ -238,23 +238,19 @@
ycbcrsubsampling + 0,
ycbcrsubsampling + 1);
- if (ycbcrsubsampling[0] == 0) {
+ if (ycbcrsubsampling[0]*ycbcrsubsampling[1] == 0) {
TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
"Invalid YCbCr subsampling");
return 0;
}
- scanline = TIFFroundup(td->td_imagewidth,
+ /* number of sample clumps per line */
+ scanline = TIFFhowmany(td->td_imagewidth,
ycbcrsubsampling[0]);
- scanline = TIFFhowmany8(multiply(tif, scanline,
- td->td_bitspersample,
- "TIFFScanlineSize"));
- return ((tsize_t)
- summarize(tif, scanline,
- multiply(tif, 2,
- scanline / ycbcrsubsampling[0],
- "TIFFVStripSize"),
- "TIFFVStripSize"));
+ /* number of samples per line */
+ scanline = multiply(tif, scanline,
+ ycbcrsubsampling[0]*ycbcrsubsampling[1] + 2,
+ "TIFFScanlineSize");
} else {
scanline = multiply(tif, td->td_imagewidth,
td->td_samplesperpixel,
libtiff-jpeg-scanline.patch:
tif_dir.c | 7 +++++++
tif_jpeg.c | 16 ++++++++++++++--
2 files changed, 21 insertions(+), 2 deletions(-)
Index: libtiff-jpeg-scanline.patch
===================================================================
RCS file: /cvs/pkgs/rpms/libtiff/devel/libtiff-jpeg-scanline.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- libtiff-jpeg-scanline.patch 17 Dec 2009 00:57:50 -0000 1.1
+++ libtiff-jpeg-scanline.patch 6 Jan 2010 04:31:25 -0000 1.2
@@ -1,10 +1,29 @@
-Upstream patch that partially fixes bug #460322. The tiffcmp case is
-still there, but this is a step forward anyhow, so going with it for now.
+Upstream patch for tiff2ps core dump noted in bug #460322. (Note that
+the tiffcmp crash mentioned there is really a different bug.)
+Now also incorporating Adam Goode's patch for bug #552360. See
+http://bugzilla.maptools.org/show_bug.cgi?id=1936
+diff -Naur tiff-3.9.2.orig/libtiff/tif_dir.c tiff-3.9.2/libtiff/tif_dir.c
+--- tiff-3.9.2.orig/libtiff/tif_dir.c 2008-12-31 19:10:43.000000000 -0500
++++ tiff-3.9.2/libtiff/tif_dir.c 2010-01-05 19:59:12.000000000 -0500
+@@ -1100,6 +1100,13 @@
+ */
+ tif->tif_flags &= ~TIFF_ISTILED;
+
++ /*
++ * Clear other directory-specific fields.
++ */
++ tif->tif_tilesize = 0;
++ tif->tif_scanlinesize = 0;
++
++
+ return (1);
+ }
+
diff -Naur tiff-3.9.2.orig/libtiff/tif_jpeg.c tiff-3.9.2/libtiff/tif_jpeg.c
--- tiff-3.9.2.orig/libtiff/tif_jpeg.c 2009-08-30 12:21:46.000000000 -0400
-+++ tiff-3.9.2/libtiff/tif_jpeg.c 2009-12-05 16:48:56.000000000 -0500
++++ tiff-3.9.2/libtiff/tif_jpeg.c 2010-01-05 19:59:12.000000000 -0500
@@ -1613,7 +1613,11 @@
* Must recalculate cached tile size in case sampling state changed.
* Should we really be doing this now if image size isn't set?
Index: libtiff.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libtiff/devel/libtiff.spec,v
retrieving revision 1.60
retrieving revision 1.61
diff -u -p -r1.60 -r1.61
--- libtiff.spec 5 Jan 2010 17:11:44 -0000 1.60
+++ libtiff.spec 6 Jan 2010 04:31:25 -0000 1.61
@@ -1,7 +1,7 @@
Summary: Library of functions for manipulating TIFF format image files
Name: libtiff
Version: 3.9.2
-Release: 2%{?dist}
+Release: 3%{?dist}
License: libtiff
Group: System Environment/Libraries
@@ -12,6 +12,7 @@ Patch1: libtiff-acversion.patch
Patch2: libtiff-mantypo.patch
Patch3: libtiff-CVE-2009-2347.patch
Patch4: libtiff-jpeg-scanline.patch
+Patch5: libtiff-scanlinesize.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: zlib-devel libjpeg-devel
@@ -68,6 +69,7 @@ image files using the libtiff library.
%patch2 -p1
%patch3 -p1
%patch4 -p1
+%patch5 -p1
# Use build system's libtool.m4, not the one in the package.
rm -f libtool.m4
@@ -179,6 +181,14 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man1/*
%changelog
+* Tue Jan 5 2010 Tom Lane <tgl at redhat.com> 3.9.2-3
+- Apply Adam Goode's fix for Warmerdam's fix
+Resolves: #552360
+Resolves: #533353
+- Add some defenses to prevent tiffcmp from crashing on downsampled JPEG
+ images; this isn't enough to make it really work correctly though
+Related: #460322
+
* Wed Dec 16 2009 Tom Lane <tgl at redhat.com> 3.9.2-2
- Apply Warmerdam's partial fix for bug #460322 ... better than nothing.
Related: #460322
More information about the fedora-extras-commits
mailing list