More information.
In the TIFF standard,
https://web.archive.org/web/20180810205359/https://www.adobe.io/content/udp/en/open/standards/TIFF/_jcr_content/contentbody/download/file.res/TIFF6.pdf
, page 39, there is a description of RowsPerStrip with an example
equation for calculating image size. There is also mention of a default
value of maximum unsigned int, 0xFFFF or 0xFFFFFFFF. The default value
is called "effectively infinity" and it is recommended that it not be used.
An explicit check for this default value in tiff might solve the problem
of loading TIFF files created by ancient software while still avoiding
writes to arbitrary memory.
Example files are at: https://www.rsok.com/~jrm/raw/IMG_4758.zip
Thanks
John
--
John Moyer
[email protected]
[email protected]
http://www.rsok.com/~jrm/
