Skip to content

Improved IFD-Loop Handling (fixes #455)

Su Laus requested to merge Su_Laus/libtiff:fix-455_Improved-IFD-loop-handling into master

IFD infinite looping is not fixed by MR 20 (see #455 (closed)).
An improved IFD loop handling is proposed.

Basic approach:

  • The order in the entire chain must be checked, and not only whether an offset has already been read once.
  • To do this, pairs of directory number and offset are stored and checked.
  • The offset of a directory number can change.
  • TIFFAdvanceDirectory() must also perform an IFD loop check.
  • TIFFCheckDirOffset() is replaced by _TIFFCheckDirNumberAndOffset().

Rules for the check:

  • If an offset is already in the list, it must have the same IFD number. Otherwise it is an IDF loop.
  • If the offset is not in the list and the IFD number is greater than there are list entries, a new list entry is added.
  • Otherwise, the offset of the IFD number is updated.

Reference is also made to old bugzilla bug 2772 and MR 20, which did not solve the general issue.
This MR closes #455 (closed)

Merge request reports