Bug#735847: tag patch
attached patch from upstream cvs seem to fix the tag issue, thought I'm
not so sure about if its save concerning buffer overflows.
http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/Metadata/XTIFF.cpp?r1=1.23&r2=1.24&view=patch
http://sourceforge.net/p/freeimage/discussion/36110/thread/3738788c/
Origin: http://sourceforge.net/p/freeimage/discussion/36110/thread/3738788c/
http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/Metadata/XTIFF.cpp?r1=1.23&r2=1.24&view=patch
Index: freeimage-3.15.4/Source/Metadata/XTIFF.cpp
===================================================================
--- freeimage-3.15.4.orig/Source/Metadata/XTIFF.cpp 2012-05-02 06:04:06.000000000 +0000
+++ freeimage-3.15.4/Source/Metadata/XTIFF.cpp 2014-01-17 22:46:06.306361621 +0000
@@ -451,10 +451,20 @@
FreeImage_SetTagValue(fitag, raw_data);
break;
+ case TIFF_ASCII:
default: {
- // remember that raw_data = _TIFFmalloc(value_size * value_count);
- const int value_size = _TIFFDataSize(fip->field_type);
- size_t length = value_size * value_count;
+ size_t length = 0;
+ if(!mem_alloc && (fip->field_type == TIFF_ASCII) && (fip->field_readcount == TIFF_VARIABLE)) {
+ // when metadata tag is of type ASCII and it's value is of variable size (TIFF_VARIABLE),
+ // tiff_read_exif_tag function gives length of 1 so all strings are truncated ...
+ // ... try to avoid this by using an explicit calculation for 'length'
+ length = strlen((char*)raw_data) + 1;
+ }
+ else {
+ // remember that raw_data = _TIFFmalloc(value_size * value_count);
+ const int value_size = _TIFFDataSize(fip->field_type);
+ length = value_size * value_count;
+ }
FreeImage_SetTagType(fitag, FIDT_ASCII);
FreeImage_SetTagLength(fitag, (DWORD)length);
FreeImage_SetTagCount(fitag, (DWORD)length);
Reply to: