|
Bugzilla – Full Text Bug Listing |
| Summary: | TIFF G4: images corruption across SUSE versions | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE 11.4 | Reporter: | Stanislav Brabec <sbrabec> |
| Component: | Other | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Critical | ||
| Priority: | P3 - Medium | CC: | security-team, skliu |
| Version: | Final | ||
| Target Milestone: | --- | ||
| Hardware: | x86-64 | ||
| OS: | Other | ||
| Whiteboard: | maint:running:39731:important maint:released:11.3:40267 maint:released:11.4:40267 maint:released:sles9:40263 maint:released:sle11-sp1:40265 maint:released:sle10-sp3:40261 maint:released:sle10-sp4:40262 | ||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Bug Depends on: | |||
| Bug Blocks: | 672510 | ||
|
Description
Stanislav Brabec
2011-03-27 01:21:35 UTC
Could you please provide rpm -q --changelog tiff | head ? Testcases would be helpfull, please feel free to use my private mail. Please use local suse.cz NFS /home/sbrabec/tiff_bnc682871 tax_app1.tif: My original tax application, as it was scanned and backed up on 11.1. Views OK on 11.1, corrupted (bottom part black) on 11.4. tax_app1_compressed_on_11_4.tif: Created by: tiffcp -c g4 tax_app1_decompressed_on_11_1.tif tax_app1_compressed_on_11_4.tif Corrupted in all SUSE versions (black stripe across image). tax_app1_decompressed_on_11_1.tif: Decompressed on 11.4 using 11.1 or 11.1 update (both works correctly). No compression used, views OK on all openSUSE versions. LD_LIBRARY_PATH=/home/sbrabec/tiff_bnc682871/11.1 11.1/tiffcp -c none tax_app1.tif tax_app1_decompressed_on_11_1.tif I used these 11.1 packages to decompress: wget -N http://download.opensuse.org/update/11.1/rpm/i586/tiff-3.8.2-133.35.1.i586.rpm wget -N http://download.opensuse.org/update/11.1/rpm/i586/libtiff3-3.8.2-133.35.1.i586.rpm * Wed Feb 04 2009 nadvornik@suse.cz - fixed an endless loop on invalid images (bnc#444079) CVE-2008-1586 And standard 11.4 update packages for 11.4 testing: tiff-3.9.4-3.3.1.x86_64 libtiff3-3.9.4-3.3.1.x86_64 * Thu Mar 03 2011 pgajdos@suse.cz - fixed buffer overflow [bnc#672510] * CVE-2011-0192.patch (In reply to comment #2) > * Thu Mar 03 2011 pgajdos@suse.cz > - fixed buffer overflow [bnc#672510] > * CVE-2011-0192.patch This update seems to be the culprit. Could you please confirm with packages from home:pgajdos:branches:openSUSE:11.4:Update:Test as soon as they are published? They are built without this patch. I can confirm this for 11.3 (3.9.2). I can confirm that your new library package can read tax_app1.tif and write non-corrupted G4 files. Your packages can even create bit-exact equal files comparing to 11.1. Command tested: tiffcp -c none tax_app1.tif tax_app1_decompressed_on_11_4_pgajdos.tif tiffcp -c g4 -r -1 tax_app1_decompressed_on_11_4_pgajdos.tif tax_app1_compressed_on_11_4_pgajdos.tif cmp tax_app1.tif tax_app1_compressed_on_11_4_pgajdos.tif (OK) tiffcp -c g4 tax_app1_decompressed_on_11_4_pgajdos.tif tax_app1_compressed_on_11_4_pgajdos_defrows.tif cmp tax_app1_compressed_on_11_4.tif tax_app1_compressed_on_11_4_pgajdos_defrows.tif (again the same) It means that only the decompression was affected, compression was OK even on 11.4. Thanks Ludwig. Standa, could you please again look at tiff packages under home:pgajdos:branches:openSUSE:11.4:Update:Test? (Make sure that they are built today.) They are built with modified CVE-2011-0192.patch. I have test it for 11.3 at it seems to work. Installed this libtiff3: * Thu Mar 31 2011 pgajdos@suse.cz - fixed regression caused by previous update [bnc#682871] * modified CVE-2011-0192.patch This version seems to work well, tests from comment 4 passed. Please have a look on following submissions: factory: sr#65707 11.3: sr#65708 11.4: sr#65709 11.2: sr#65710 11sp1: sr#11388 10sp4: sr#11389 10sp3: sr#11390 9: /work/src/done/SLES9/tiff Can not reproduce this issue on sle10sp4, any suggestions? note: this bug can be reproduced on sle10sp3 sle11sp1 and sle9. sled10sp4-i386:~/skliu # ls 1.pdf bug-647375_tt2.ttf colors.tiff fax4.tif hehe.jpg oddsize1bit.tiff sled10sp4-i386:~/skliu # tiffcp -c g4 fax4.tif hehe.jpg sled10sp4-i386:~/skliu # (In reply to comment #0) > TIFF G4 is one of the best compressions for B/W images it is often used for > archiving. > > Images created by openSUSE 11.1 (and probably also SLES11/SLED11) may be read > corrupted on openSUSE 11.4. > > Fax4Decode: tax_app1.tif: Bad code word at line 2457 of strip 0 (x 0). > Fax4Decode: Warning, tax_app1.tif: Premature EOL at line 2457 of strip 0 (got > 0, expected 5072). > Fax4Decode: Warning, tax_app1.tif: Line length mismatch at line 2465 of strip 0 > (got 5073, expected 5072). > Fax4Decode: tax_app1.tif: Bad code word at line 2466 of strip 0 (x 5071). > Fax4Decode: Warning, tax_app1.tif: Premature EOL at line 2466 of strip 0 (got > 5071, expected 5072). > ... > > Work-around: Use tiff-3.8.2 library and utilities from openSUSE 11.1 repos and > decode it there. > > Even Images created by openSUSE 11.4 may be read corrupted on openSUSE 11.4, > however the corruption pattern is different. > > Fax4Decode: tax_app1.tif: Bad code word at line 9 of strip 204 (x 0). > Fax4Decode: Warning, tax_app1.tif: Premature EOL at line 9 of strip 204 (got 0, > expected 5072). > Fax4Decode: tax_app1.tif: Bad code word at line 8 of strip 205 (x 0). > Fax4Decode: Warning, tax_app1.tif: Premature EOL at line 8 of strip 205 (got 0, > expected 5072). > > Work-around: None available, data are corrupted even if read by itself. > > Marking the bug as critical, as it may cause important data losses. > > It implies: tiff-3.9.4 is surely buggy. It is not known whether files written > by tiff-3.8.2 are corrupted or tiff-3.9.4 decoder is buggy. > > Not attaching images due to their private nature. Please contact me by a mail > to get them. This is an autogenerated message for OBS integration: This bug (682871) was mentioned in https://build.opensuse.org/request/show/65707 https://build.opensuse.org/request/show/65708 https://build.opensuse.org/request/show/65709 https://build.opensuse.org/request/show/65710 released Update released for: libtiff-devel, libtiff3, libtiff3-debuginfo, tiff, tiff-debuginfo, tiff-debugsource Products: openSUSE 11.2 (debug, i586, x86_64) Update released for: libtiff-devel, libtiff3, libtiff3-debuginfo, tiff, tiff-debuginfo, tiff-debugsource Products: openSUSE 11.3 (debug, i586, x86_64) openSUSE 11.4 (debug, i586, x86_64) Update released for: libtiff, tiff Products: Novell-Linux-POS 9 (i386) Open-Enterprise-Server 9 (i386) SUSE-CORE 9 (i386, ia64, ppc, s390, s390x, x86_64) Update released for: libtiff-devel, libtiff-devel-32bit, libtiff3, libtiff3-32bit, libtiff3-x86, tiff, tiff-debuginfo, tiff-debugsource Products: SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP1 (i386, x86_64) SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP1 (i386, x86_64) Update released for: libtiff, libtiff-32bit, libtiff-64bit, libtiff-devel, libtiff-devel-32bit, libtiff-devel-64bit, libtiff-x86, tiff, tiff-debuginfo Products: SLE-SAP-APL 10-SP3 (x86_64) SLE-SDK 10-SP3 (i386, ia64, ppc, s390x, x86_64) SLE-SERVER 10-SP3 (i386, ia64, ppc, s390x, x86_64) SLE-SERVER 10-SP3-TERADATA (x86_64) Update released for: libtiff, libtiff-32bit, libtiff-64bit, libtiff-devel, libtiff-devel-32bit, libtiff-devel-64bit, libtiff-x86, tiff, tiff-debuginfo Products: SLE-DESKTOP 10-SP4 (i386, x86_64) SLE-SDK 10-SP4 (i386, ia64, ppc, s390x, x86_64) SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64) |