Boost logo

Boost :

From: Tilo Nitzsche (tricorus_at_[hidden])
Date: 2006-12-14 16:10:04

When reading RGBA tiffs, there is a buffer overflow happening in tiff_io.hpp.

void apply(const View& view) {
    std::vector<pixel<typename View::channel_t,
      typename View::color_space_t::base>> row(view.width());
    for (int y=0;y<view.height();++y) {
        io_error_if(TIFFReadScanline(_tp,&row.front(), y)!=1);

TIFFReadScanline() can return up to TIFFScanlineSize() bytes of data, in the
case of RGBA images the scanline size is larger than the size of row
resulting in a buffer overflow (it may happen in other cases as well).

A quick fix for that would be to do a

before the loop.


The RGBA images will come out corrupted anyway (since there is a mismatch in
the number of channels), is there any plan for supporting them?

Adding a new type to tiff_io.hpp like:

template <>
struct tiff_read_support_private<bits16,rgba_t> {

will work fine for static image types. Of course, that won't do for dynamic

-- Tilo

Any questions? Get answers on any topic at Try it now.

Boost list run by bdawes at, gregod at, cpdaniel at, john at