Bug#1057270: libimager-perl: FTBFS: t/t10tiff.t failure
Niko Tyni
ntyni at debian.org
Sat Dec 2 18:35:38 GMT 2023
Control: forwarded -1 https://github.com/tonycoz/imager/issues/522
On Sat, Dec 02, 2023 at 07:24:39PM +0200, Niko Tyni wrote:
> On Sat, Dec 02, 2023 at 01:40:51PM +0100, gregor herrmann wrote:
> > On Sat, 02 Dec 2023 14:24:01 +0200, Niko Tyni wrote:
> It can be reproduced like this with the libimager-perl binaries
> currently in sid and every tiff file I tried with, for example
> test/images/palette-1c-8b.tiff in src:tiff.
Further simplifying, this fails in the exact same way:
$ perl -MImager -e '$i=Imager->new; Imager::init_log(); $i->read(file => shift) or die $i->_error_as_msg()' tiff/test/images/palette-1c-8b.tiff
> I note it says "filesize 0". The patch determines the file size with
>
> uint64_t filesize = TIFFGetFileSize(tif);
>
> and TIFFGetFileSize() is in src:tiff libtiff/tiffiop.h as follows:
>
> #define TIFFGetFileSize(tif) ((*(tif)->tif_sizeproc)((tif)->tif_clientdata))
>From http://www.simplesystems.org/libtiff/functions/TIFFOpen.html
TIFFClientOpen() is like TIFFOpen() except that the caller supplies a
collection of functions that the library will use to do UNIX-like I/O
operations. The readproc and writeproc functions are called to read and
write data at the current file position. seekproc is called to change
the current file position à la lseek() (2). closeproc is invoked to
release any resources associated with an open file. sizeproc is invoked
to obtain the size in bytes of a file. mapproc and unmapproc are called
to map and unmap a file's contents in memory; c.f. mmap() (2) and
munmap() (2). The clientdata parameter is an opaque "handle" passed to
the client-specified routines passed as parameters to TIFFClientOpen().
>From https://sources.debian.org/src/libimager-perl/1.020%2Bdfsg-1/TIFF/imtiff.c/#L302
static toff_t sizeproc(thandle_t x) {
return 0;
}
which is used as the TIFFClientOpen() argument in i_readtiff_wiol():
https://sources.debian.org/src/libimager-perl/1.020%2Bdfsg-1/TIFF/imtiff.c/#L710
So it looks like libimager-perl is always saying the file size is 0,
and this hasn't hurt earlier but now does with the src:tiff CVE-2023-6277
patch.
Not sure where this leaves us, but I've just reported it at
https://github.com/tonycoz/imager/issues/522
--
Niko
More information about the pkg-perl-maintainers
mailing list