@@ -211,6 +211,45 @@ func TestDecompress(t *testing.T) {
211211 }
212212}
213213
214+ // TestTileTooBig checks that we do not panic when a tile is too big compared
215+ // to the data available.
216+ // Issue 10712
217+ func TestTileTooBig (t * testing.T ) {
218+ contents , err := ioutil .ReadFile (testdataDir + "video-001-tile-64x64.tiff" )
219+ if err != nil {
220+ t .Fatal (err )
221+ }
222+
223+ // Mutate the loaded image to have the problem.
224+ //
225+ // 0x42 01: tag number (tTileWidth)
226+ // 03 00: data type (short, or uint16)
227+ // 01 00 00 00: count
228+ // xx 00 00 00: value (0x40 -> 0x44: a wider tile consumes more data
229+ // than is available)
230+ find := []byte {0x42 , 0x01 , 3 , 0 , 1 , 0 , 0 , 0 , 0x40 , 0 , 0 , 0 }
231+ repl := []byte {0x42 , 0x01 , 3 , 0 , 1 , 0 , 0 , 0 , 0x44 , 0 , 0 , 0 }
232+ contents = bytes .Replace (contents , find , repl , 1 )
233+
234+ // Turn off the predictor, which makes it possible to hit the
235+ // place with the defect. Without this patch to the image, we run
236+ // out of data too early, and do not hit the part of the code where
237+ // the original panic was.
238+ //
239+ // 42 01: tag number (tPredictor)
240+ // 03 00: data type (short, or uint16)
241+ // 01 00 00 00: count
242+ // xx 00 00 00: value (2 -> 1: 2 = horizontal, 1 = none)
243+ find = []byte {0x3d , 0x01 , 3 , 0 , 1 , 0 , 0 , 0 , 2 , 0 , 0 , 0 }
244+ repl = []byte {0x3d , 0x01 , 3 , 0 , 1 , 0 , 0 , 0 , 1 , 0 , 0 , 0 }
245+ contents = bytes .Replace (contents , find , repl , 1 )
246+
247+ _ , err = Decode (bytes .NewReader (contents ))
248+ if err == nil {
249+ t .Fatal ("did not expect nil error" )
250+ }
251+ }
252+
214253// Do not panic when image dimensions are zero, return zero-sized
215254// image instead.
216255// Issue 10393.
0 commit comments