Re: November Report

To: Roberto C. Sánchez <roberto@debian.org>
Cc: debian-lts@lists.debian.org
Subject: Re: November Report
From: Brian May <bam@debian.org>
Date: Tue, 21 Nov 2017 08:32:17 +1100
Message-id: <[🔎] 87shd8tz4u.fsf@prune.linuxpenguins.xyz>
In-reply-to: <[🔎] 20171120211835.by2lcapgjdkxgb2l@santiago.connexer.com>
References: <[🔎] 87vai4u027.fsf@prune.linuxpenguins.xyz> <[🔎] 20171120211835.by2lcapgjdkxgb2l@santiago.connexer.com>

"Roberto C. Sánchez" <roberto@debian.org> writes:

> I am nearly done with the package I am currently working on.  Also, I
> previously did updates for tiff/tiff3, including looking into
> CVE-2017-9935.  I would be glad to take over from here.

Ok, sure.

Please find attached my full diff. It includes lots of extra printf -
naturally these should be removed.

Also I removed comparisons of t2p->tiff_transferfunction[0] and
t2p->tiff_transferfunction[1] because I could not imagine how these
would help achieve the required goal.
-- 
Brian May <bam@debian.org>

--- tiff-4.0.8.orig/libtiff/tif_dir.c
+++ tiff-4.0.8/libtiff/tif_dir.c
@@ -1065,6 +1065,9 @@
 			if (td->td_samplesperpixel - td->td_extrasamples > 1) {
 				*va_arg(ap, uint16**) = td->td_transferfunction[1];
 				*va_arg(ap, uint16**) = td->td_transferfunction[2];
+			} else {
+				*va_arg(ap, uint16**) = NULL;
+				*va_arg(ap, uint16**) = NULL;
 			}
 			break;
 		case TIFFTAG_REFERENCEBLACKWHITE:
--- tiff-4.0.8.orig/tools/tiff2pdf.c
+++ tiff-4.0.8/tools/tiff2pdf.c
@@ -1047,6 +1047,8 @@
 	uint16 pagen=0;
 	uint16 paged=0;
 	uint16 xuint16=0;
+	uint16 tiff_transferfunctioncount=0;
+	float* tiff_transferfunction[3];
 
 	directorycount=TIFFNumberOfDirectories(input);
 	t2p->tiff_pages = (T2P_PAGE*) _TIFFmalloc(TIFFSafeMultiply(tmsize_t,directorycount,sizeof(T2P_PAGE)));
@@ -1127,14 +1129,20 @@
               sizeof(T2P_PAGE), t2p_cmp_t2p_page);
 
 	for(i=0;i<t2p->tiff_pagecount;i++){
+                printf("---  +0 = %d\n", t2p->pdf_xrefcount);
 		t2p->pdf_xrefcount += 5;
+                printf("--- A+5 = %d\n", t2p->pdf_xrefcount);
+                printf("--- B0+0 = %d\n", t2p->pdf_xrefcount);
 		TIFFSetDirectory(input, t2p->tiff_pages[i].page_directory );
+                printf("--- B1+0 = %d\n", t2p->pdf_xrefcount);
 		if((TIFFGetField(input, TIFFTAG_PHOTOMETRIC, &xuint16)
                     && (xuint16==PHOTOMETRIC_PALETTE))
 		   || TIFFGetField(input, TIFFTAG_INDEXED, &xuint16)) {
 			t2p->tiff_pages[i].page_extra++;
 			t2p->pdf_xrefcount++;
+                        printf("--- B+1 = %d\n", t2p->pdf_xrefcount);
 		}
+                printf("--- B2+0 = %d\n", t2p->pdf_xrefcount);
 #ifdef ZIP_SUPPORT
 		if (TIFFGetField(input, TIFFTAG_COMPRESSION, &xuint16)) {
                         if( (xuint16== COMPRESSION_DEFLATE ||
@@ -1146,27 +1154,57 @@
                         }
                 }
 #endif
+                printf("--- C+0 = %d\n", t2p->pdf_xrefcount);
+                printf("01XXXXXXXXXXXX %p %p %p\n", tiff_transferfunction[0], tiff_transferfunction[1], tiff_transferfunction[2]);
 		if (TIFFGetField(input, TIFFTAG_TRANSFERFUNCTION,
-                                 &(t2p->tiff_transferfunction[0]),
-                                 &(t2p->tiff_transferfunction[1]),
-                                 &(t2p->tiff_transferfunction[2]))) {
-			if((t2p->tiff_transferfunction[1] != (float*) NULL) &&
-                           (t2p->tiff_transferfunction[2] != (float*) NULL) &&
-                           (t2p->tiff_transferfunction[1] !=
-                            t2p->tiff_transferfunction[0])) {
-				t2p->tiff_transferfunctioncount = 3;
-				t2p->tiff_pages[i].page_extra += 4;
-				t2p->pdf_xrefcount += 4;
-			} else {
-				t2p->tiff_transferfunctioncount = 1;
-				t2p->tiff_pages[i].page_extra += 2;
-				t2p->pdf_xrefcount += 2;
-			}
-			if(t2p->pdf_minorversion < 2)
-				t2p->pdf_minorversion = 2;
+                                 &(tiff_transferfunction[0]),
+                                 &(tiff_transferfunction[1]),
+                                 &(tiff_transferfunction[2]))) {
+
+                        printf("02XXXXXXXXXXXX %p %p %p\n", tiff_transferfunction[0], tiff_transferfunction[1], tiff_transferfunction[2]);
+                        if((tiff_transferfunction[1] != (float*) NULL) &&
+                           (tiff_transferfunction[2] != (float*) NULL)
+                          ) {
+                            tiff_transferfunctioncount=3;
+                        } else {
+                            tiff_transferfunctioncount=1;
+                        }
                 } else {
-			t2p->tiff_transferfunctioncount=0;
+			tiff_transferfunctioncount=0;
 		}
+
+                printf("1XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX %d %d\n", i, tiff_transferfunctioncount);
+                if (i > 0){
+                    printf("2XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX %d %d %d\n", i, t2p->tiff_transferfunctioncount, tiff_transferfunctioncount);
+                    if (tiff_transferfunctioncount != t2p->tiff_transferfunctioncount){
+                        printf("xxxxxxxxxxxxxxxxxxxxxxxxxxxx");
+                        TIFFError(
+                            TIFF2PDF_MODULE, 
+                            "Different transfer function on page %d", 
+                            i);
+                        t2p->t2p_error = T2P_ERR_ERROR;
+                        return;
+                    }
+                }
+
+                t2p->tiff_transferfunctioncount = tiff_transferfunctioncount;
+                t2p->tiff_transferfunction[0] = tiff_transferfunction[0];
+                t2p->tiff_transferfunction[1] = tiff_transferfunction[1];
+                t2p->tiff_transferfunction[2] = tiff_transferfunction[2];
+                if(tiff_transferfunctioncount == 3){
+                        t2p->tiff_pages[i].page_extra += 4;
+                        t2p->pdf_xrefcount += 4;
+                        printf("--- C+4 = %d\n", t2p->pdf_xrefcount);
+                        if(t2p->pdf_minorversion < 2)
+                                t2p->pdf_minorversion = 2;
+                } else if (tiff_transferfunctioncount == 1){
+                        t2p->tiff_pages[i].page_extra += 2;
+                        t2p->pdf_xrefcount += 2;
+                        printf("--- D+2 = %d\n", t2p->pdf_xrefcount);
+                        if(t2p->pdf_minorversion < 2)
+                                t2p->pdf_minorversion = 2;
+                }
+
 		if( TIFFGetField(
 			input, 
 			TIFFTAG_ICCPROFILE, 
@@ -1174,6 +1212,7 @@
 			&(t2p->tiff_iccprofile)) != 0){
 			t2p->tiff_pages[i].page_extra++;
 			t2p->pdf_xrefcount++;
+                        printf("--- E+1 = %d\n", t2p->pdf_xrefcount);
 			if(t2p->pdf_minorversion<3){t2p->pdf_minorversion=3;}
 		}
 		t2p->tiff_tiles[i].tiles_tilecount=
@@ -1203,6 +1242,7 @@
 		if( t2p->tiff_tiles[i].tiles_tilecount > 0){
 			t2p->pdf_xrefcount += 
 				(t2p->tiff_tiles[i].tiles_tilecount -1)*2;
+                        printf("--- F+%d = %d\n", (t2p->tiff_tiles[i].tiles_tilecount -1)*2, t2p->pdf_xrefcount);
 			TIFFGetField(input, 
 				TIFFTAG_TILEWIDTH, 
 				&( t2p->tiff_tiles[i].tiles_tilewidth) );
@@ -1222,6 +1262,7 @@
 				return;
 			}
 		}
+                printf("11111page %d %d\n", i, t2p->pdf_xrefcount);
 	}
 
 	return;
@@ -1824,8 +1865,7 @@
 			 &(t2p->tiff_transferfunction[2]))) {
 		if((t2p->tiff_transferfunction[1] != (float*) NULL) &&
                    (t2p->tiff_transferfunction[2] != (float*) NULL) &&
-                   (t2p->tiff_transferfunction[1] !=
-                    t2p->tiff_transferfunction[0])) {
+                  ) {
 			t2p->tiff_transferfunctioncount=3;
 		} else {
 			t2p->tiff_transferfunctioncount=1;
@@ -5430,6 +5470,7 @@
 		t2p->t2p_error = T2P_ERR_ERROR;
 		return(written);
 	}
+        printf("xxxxxxxxxxxxxxxxxxxxxxxxxx %d %d\n", t2p->tiff_transferfunctioncount, t2p->pdf_xrefcount);
 	t2p->pdf_xrefcount=0;
 	t2p->pdf_catalog=1;
 	t2p->pdf_info=2;
@@ -5451,13 +5492,16 @@
 	written += t2p_write_pdf_pages(t2p, output);
 	written += t2p_write_pdf_obj_end(output);
 	for(t2p->pdf_page=0;t2p->pdf_page<t2p->tiff_pagecount;t2p->pdf_page++){
+                printf("xxxxx new page %d %d %d\n", t2p->pdf_page, t2p->tiff_pagecount, t2p->pdf_xrefcount);
 		t2p_read_tiff_data(t2p, input);
 		if(t2p->t2p_error!=T2P_ERR_OK){return(0);}
 		t2p->pdf_xrefoffsets[t2p->pdf_xrefcount++]=written;
+                printf("--- AA+1 = %d\n", t2p->pdf_xrefcount);
 		written += t2p_write_pdf_obj_start(t2p->pdf_xrefcount, output);
 		written += t2p_write_pdf_page(t2p->pdf_xrefcount, t2p, output);
 		written += t2p_write_pdf_obj_end(output);
 		t2p->pdf_xrefoffsets[t2p->pdf_xrefcount++]=written;
+                printf("--- AB+1 = %d\n", t2p->pdf_xrefcount);
 		written += t2p_write_pdf_obj_start(t2p->pdf_xrefcount, output);
 		written += t2p_write_pdf_stream_dict_start(output);
 		written += t2p_write_pdf_stream_dict(0, t2p->pdf_xrefcount+1, output);
@@ -5469,16 +5513,21 @@
 		written += t2p_write_pdf_stream_end(output);
 		written += t2p_write_pdf_obj_end(output);
 		t2p->pdf_xrefoffsets[t2p->pdf_xrefcount++]=written;
+                printf("--- AC+1 = %d\n", t2p->pdf_xrefcount);
 		written += t2p_write_pdf_obj_start(t2p->pdf_xrefcount, output);
 		written += t2p_write_pdf_stream_length(streamlen, output);
 		written += t2p_write_pdf_obj_end(output);
 		if(t2p->tiff_transferfunctioncount != 0){
 			t2p->pdf_xrefoffsets[t2p->pdf_xrefcount++]=written;
+                        printf("--- B+1 = %d\n", t2p->pdf_xrefcount);
 			written += t2p_write_pdf_obj_start(t2p->pdf_xrefcount, output);
 			written += t2p_write_pdf_transfer(t2p, output);
 			written += t2p_write_pdf_obj_end(output);
 			for(i=0; i < t2p->tiff_transferfunctioncount; i++){
+                                printf("1zzzzzzzzzzzzzzzzzzzzzzzzz %d %d %d\n", i, t2p->tiff_transferfunctioncount, t2p->pdf_xrefcount);
 				t2p->pdf_xrefoffsets[t2p->pdf_xrefcount++]=written;
+                                printf("--- C+1 = %d\n", t2p->pdf_xrefcount);
+                                printf("2zzzzzzzzzzzzzzzzzzzzzzzzz %d %d %d\n", i, t2p->tiff_transferfunctioncount, t2p->pdf_xrefcount);
 				written += t2p_write_pdf_obj_start(t2p->pdf_xrefcount, output);
 				written += t2p_write_pdf_stream_dict_start(output);
 				written += t2p_write_pdf_transfer_dict(t2p, output, i);
@@ -5489,10 +5538,12 @@
 				/* streamlen=written-streamlen; */ /* value not used */
 				written += t2p_write_pdf_stream_end(output);
 				written += t2p_write_pdf_obj_end(output);
+                                printf("5zzzzzzzzzzzzzzzzzzzzzzzzz %d %d %d\n", i, t2p->tiff_transferfunctioncount, t2p->pdf_xrefcount);
 			}
 		}
 		if( (t2p->pdf_colorspace & T2P_CS_PALETTE) != 0){
 			t2p->pdf_xrefoffsets[t2p->pdf_xrefcount++]=written;
+                        printf("--- D+1 = %d\n", t2p->pdf_xrefcount);
 			t2p->pdf_palettecs=t2p->pdf_xrefcount;
 			written += t2p_write_pdf_obj_start(t2p->pdf_xrefcount, output);
 			written += t2p_write_pdf_stream_dict_start(output);
@@ -5507,6 +5558,7 @@
 		}
 		if( (t2p->pdf_colorspace & T2P_CS_ICCBASED) != 0){
 			t2p->pdf_xrefoffsets[t2p->pdf_xrefcount++]=written;
+                        printf("--- E+1 = %d\n", t2p->pdf_xrefcount);
 			t2p->pdf_icccs=t2p->pdf_xrefcount;
 			written += t2p_write_pdf_obj_start(t2p->pdf_xrefcount, output);
 			written += t2p_write_pdf_stream_dict_start(output);
@@ -5522,6 +5574,7 @@
 		if(t2p->tiff_tiles[t2p->pdf_page].tiles_tilecount !=0){
 			for(i2=0;i2<t2p->tiff_tiles[t2p->pdf_page].tiles_tilecount;i2++){
 				t2p->pdf_xrefoffsets[t2p->pdf_xrefcount++]=written;
+                                printf("--- F+1 = %d\n", t2p->pdf_xrefcount);
 				written += t2p_write_pdf_obj_start(t2p->pdf_xrefcount, output);
 				written += t2p_write_pdf_stream_dict_start(output);
 				written += t2p_write_pdf_xobject_stream_dict(
@@ -5539,12 +5592,14 @@
 				written += t2p_write_pdf_stream_end(output);
 				written += t2p_write_pdf_obj_end(output);
 				t2p->pdf_xrefoffsets[t2p->pdf_xrefcount++]=written;
+                                printf("--- G+1 = %d\n", t2p->pdf_xrefcount);
 				written += t2p_write_pdf_obj_start(t2p->pdf_xrefcount, output);
 				written += t2p_write_pdf_stream_length(streamlen, output);
 				written += t2p_write_pdf_obj_end(output);
 			}
 		} else {
 			t2p->pdf_xrefoffsets[t2p->pdf_xrefcount++]=written;
+                        printf("--- H+1 = %d\n", t2p->pdf_xrefcount);
 			written += t2p_write_pdf_obj_start(t2p->pdf_xrefcount, output);
 			written += t2p_write_pdf_stream_dict_start(output);
 			written += t2p_write_pdf_xobject_stream_dict(
@@ -5562,10 +5617,12 @@
 			written += t2p_write_pdf_stream_end(output);
 			written += t2p_write_pdf_obj_end(output);
 			t2p->pdf_xrefoffsets[t2p->pdf_xrefcount++]=written;
+                        printf("--- I+1 = %d\n", t2p->pdf_xrefcount);
 			written += t2p_write_pdf_obj_start(t2p->pdf_xrefcount, output);
 			written += t2p_write_pdf_stream_length(streamlen, output);
 			written += t2p_write_pdf_obj_end(output);
 		}
+                printf("22222page %d %d\n", t2p->pdf_page, t2p->pdf_xrefcount);
 	}
 	t2p->pdf_startxref = written;
 	written += t2p_write_pdf_xreftable(t2p, output);

Reply to:

References:
- November Report
  - From: Brian May <bam@debian.org>
- Re: November Report
  - From: Roberto C. Sánchez <roberto@debian.org>

Prev by Date: Re: November Report
Next by Date: Re: Wheezy update of shibboleth-sp2?
Previous by thread: Re: November Report
Next by thread: Re: [Announce] Samba 4.7.3, 4.6.11 and 4.5.15 Security Releases Available for Download
Index(es):
- Date
- Thread