[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#8336: off-by-one count in tiff_load
From: |
Paul Eggert |
Subject: |
bug#8336: off-by-one count in tiff_load |
Date: |
Wed, 23 Mar 2011 23:33:11 -0700 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.14) Gecko/20110223 Thunderbird/3.1.8 |
src/image.c's tiff_load function counts the number of images in the
TIFF file incorrectly. It always reports one more image than is
actually present.
This bug was found by static analysis, using gcc -Wstrict-overflow
(GCC 4.5.2, x86-64).
I plan to fix it with the following patch.
* image.c (tiff_load): Fix off-by-one image count.
=== modified file 'src/image.c'
--- src/image.c 2011-03-13 08:04:44 +0000
+++ src/image.c 2011-03-24 04:31:06 +0000
@@ -6754,7 +6754,7 @@
TIFF *tiff;
int width, height, x, y, count;
uint32 *buf;
- int rc, rc2;
+ int rc;
XImagePtr ximg;
tiff_memory_source memsrc;
Lisp_Object image;
@@ -6842,8 +6842,8 @@
rc = fn_TIFFReadRGBAImage (tiff, width, height, buf, 0);
/* Count the number of images in the file. */
- for (count = 1, rc2 = 1; rc2; count++)
- rc2 = fn_TIFFSetDirectory (tiff, count);
+ for (count = 1; fn_TIFFSetDirectory (tiff, count); count++)
+ continue;
if (count > 1)
img->data.lisp_val = Fcons (Qcount,
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- bug#8336: off-by-one count in tiff_load,
Paul Eggert <=