(In reply to comment #3) > I'm using hoary with the latest updates. I have libtiff4 Version > 3.6.1-5ubuntu0.1, which is the latest as far as I know. I can repeat the problem with the same version of the programs and the same TIFF image. Here's the same gdb but with symbolic information. (gdb) run /tmp/bug18289/FemBusiness28mei2005.tif Starting program: /home/ralph/src/libtiff4/tiff-3.6.1/tools/tiffinfo /tmp/bug18289/FemBusiness28mei2005.tif TIFFReadDirectory: Warning, /tmp/bug18289/FemBusiness28mei2005.tif: unknown field with tag 513 (0x201) encountered. TIFFReadDirectory: Warning, /tmp/bug18289/FemBusiness28mei2005.tif: unknown field with tag 514 (0x202) encountered. TIFFReadDirectory: Warning, /tmp/bug18289/FemBusiness28mei2005.tif: unknown field with tag 37679 (0x932f) encountered. TIFFReadDirectory: Warning, /tmp/bug18289/FemBusiness28mei2005.tif: unknown field with tag 37680 (0x9330) encountered. TIFFReadDirectory: Warning, /tmp/bug18289/FemBusiness28mei2005.tif: unknown field with tag 37681 (0x9331) encountered. Program received signal SIGFPE, Arithmetic exception. 0xb7fc5867 in TIFFVStripSize (tif=0x804c008, nrows=2338) at ../libtiff/tif_strip.c:133 133 nrows = TIFFroundup(nrows, ycbcrsubsampling[1]); (gdb) bt #0 0xb7fc5867 in TIFFVStripSize (tif=0x804c008, nrows=2338) at ../libtiff/tif_strip.c:133 #1 0xb7fc59a2 in TIFFStripSize (tif=0x921) at ../libtiff/tif_strip.c:181 #2 0xb7fa43ac in TIFFReadDirectory (tif=0x804c008) at ../libtiff/tif_dirread.c:637 #3 0xb7fbd4ea in TIFFClientOpen (name=0xbffff99a "/tmp/bug18289/FemBusiness28mei2005.tif", mode=0x8049c96 "rc", clientdata=0x6, readproc=0xb7fc6590 <_tiffReadProc>, writeproc=0xb7fc65d0 <_tiffWriteProc>, seekproc=0xb7fc6610 <_tiffSeekProc>, closeproc=0xb7fc6650 <_tiffCloseProc>, sizeproc=0xb7fc6680 <_tiffSizeProc>, mapproc=0xb7fc66c0 <_tiffMapProc>, unmapproc=0xb7fc66d0 <_tiffUnmapProc>) at ../libtiff/tif_open.c:367 #4 0xb7fc6756 in TIFFFdOpen (fd=6, name=0x921
, mode=0x921
) at ../libtiff/tif_unix.c:129 #5 0xb7fc67d5 in TIFFOpen (name=0xbffff99a "/tmp/bug18289/FemBusiness28mei2005.tif", mode=0x8049c96 "rc") at ../libtiff/tif_unix.c:170 #6 0x08048efe in main (argc=2, argv=0xbffff834) at ../tools/tiffinfo.c:113 (gdb) libtiff/tif_strip.c: /* * Packed YCbCr data contain one Cb+Cr for every * HorizontalSampling*VerticalSampling Y values. * Must also roundup width and height when calculating * since images that are not a multiple of the * horizontal/vertical subsampling area include * YCbCr data for the extended image. */ uint16 ycbcrsubsampling[2]; tsize_t w, scanline, samplingarea; TIFFGetField( tif, TIFFTAG_YCBCRSUBSAMPLING, ycbcrsubsampling + 0, ycbcrsubsampling + 1 ); w = TIFFroundup(td->td_imagewidth, ycbcrsubsampling[0]); scanline = TIFFhowmany8(multiply(tif, w, td->td_bitspersample, "TIFFVStripSize")); samplingarea = ycbcrsubsampling[0]*ycbcrsubsampling[1]; 133: nrows = TIFFroundup(nrows, ycbcrsubsampling[1]); It's a `division by zero', I think. (gdb) p nrows $1 = 2338 (gdb) p ycbcrsubsampling $2 = {2338, 0} Parameter `y' to TIFFroundup is 0. #define TIFFhowmany(x, y) ((((uint32)(x))+(((uint32)(y))-1))/((uint32)(y))) #define TIFFroundup(x, y) (TIFFhowmany(x,y)*(y)) Even if the TIFF image is corrupt in some way, libtiff should guard against ycbcrsubsampling[1] being 0.