Upstream fix for bug #603024 is incomplete, tif_ojpeg.c should guard against

missing strip byte counts too.  Testing shows that tiffsplit.c has an issue

too.

Filed upstream at http://bugzilla.maptools.org/show_bug.cgi?id=1996

diff -Naur tiff-3.9.4.orig/libtiff/tif_ojpeg.c tiff-3.9.4/libtiff/tif_ojpeg.c

--- tiff-3.9.4.orig/libtiff/tif_ojpeg.c	2010-06-08 19:29:51.000000000 -0400

+++ tiff-3.9.4/libtiff/tif_ojpeg.c	2010-06-22 11:25:17.579807706 -0400

@@ -1920,6 +1920,10 @@

 							sp->in_buffer_file_pos=0;

 						else

 						{

+							if (sp->tif->tif_dir.td_stripbytecount == 0) {

+								TIFFErrorExt(sp->tif->tif_clientdata,sp->tif->tif_name,"Strip byte counts are missing");

+								return(0);

+							}

 							sp->in_buffer_file_togo=sp->tif->tif_dir.td_stripbytecount[sp->in_buffer_next_strile];  

 							if (sp->in_buffer_file_togo==0)

 								sp->in_buffer_file_pos=0;

diff -Naur tiff-3.9.4.orig/tools/tiffsplit.c tiff-3.9.4/tools/tiffsplit.c

--- tiff-3.9.4.orig/tools/tiffsplit.c	2010-06-08 14:50:44.000000000 -0400

+++ tiff-3.9.4/tools/tiffsplit.c	2010-06-22 12:23:23.258823151 -0400

@@ -237,7 +237,10 @@

 		tstrip_t s, ns = TIFFNumberOfStrips(in);

 		uint32 *bytecounts;

-		TIFFGetField(in, TIFFTAG_STRIPBYTECOUNTS, &bytecounts);

+		if (!TIFFGetField(in, TIFFTAG_STRIPBYTECOUNTS, &bytecounts)) {

+			fprintf(stderr, "tiffsplit: strip byte counts are missing\n");

+			return (0);

+		}

 		for (s = 0; s < ns; s++) {

 			if (bytecounts[s] > (uint32)bufsize) {

 				buf = (unsigned char *)_TIFFrealloc(buf, bytecounts[s]);

@@ -267,7 +270,10 @@

 		ttile_t t, nt = TIFFNumberOfTiles(in);

 		uint32 *bytecounts;

-		TIFFGetField(in, TIFFTAG_TILEBYTECOUNTS, &bytecounts);

+		if (!TIFFGetField(in, TIFFTAG_TILEBYTECOUNTS, &bytecounts)) {

+			fprintf(stderr, "tiffsplit: tile byte counts are missing\n");

+			return (0);

+		}

 		for (t = 0; t < nt; t++) {

 			if (bytecounts[t] > (uint32) bufsize) {

 				buf = (unsigned char *)_TIFFrealloc(buf, bytecounts[t]);