Post any defects you find in the released or beta versions of the ImageMagick software here. Include the ImageMagick version, OS, and any command-line required to reproduce the problem. Got a patch for a bug? Post it here.
4 posts • Page 1 of 1
The stack trace shows the fault occurs withing the libTIFF delegate library. ImageMagick calls libTIFF's TIFFGetField() to obtain a private tag profile 37724 (used by Adobe). TIFFGetField() returns success with a length of 9908 bytes and a data buffer to the location of the profile. Unfortunately the data buffer is corrupt. The fix to this problem lies within the TIFF delegate library, libTIFF. If the 37724 profile is corrupt, libTIFF should return something other than success (1) for TIFFGetField(). If it does return success, the associated data buffer should be valid and subsequently touching it would not return a fault.
Reply from LibTIFF developer: http://bugzilla.maptools.org/show_bug.cgi?id=2730#c3
Can you try the latest release of ImageMagick, 6.9.9-11? We tried your test case and it returned gracefully:
Code: Select all
$ convert tiff_uaf_TIFFSetField test.tif convert: Incorrect value for "ICC Profile"; tag ignored. `TIFFFetchNormalTag' @ warning/tiff.c/TIFFWarnings/921. convert: unable to decompress image `tiff_uaf_TIFFSetField' @ error/psd.c/ReadPSDChannel/1385.