SEGV: Out-of-bounds Read in libpano13

[pola lemu]

The problem occurred In the latest version libpano13-2.9.20,  with the tool PTtiffdump i tryed .

```

./bin/PTtiffdump libpano_segv_01  1                                                            

PTuncrop Version 2.9.20 , by Daniel M German

OJPEGSetupDecode: Warning, Deprecated and troublesome old-style JPEG compression mode, please convert to new-style JPEG compression and notify vendor of writing software.

[1]    780461 segmentation fault  ./bin/PTtiffdump libpano_segv_01

```

I tried to debug it

here is the backtrace

── source:tif_color.c+191 ────

         // ycbcr=0x00007fffffffc9e8  →  [...]  →  0xff000000ff000000

 →  191 i = ycbcr->Y_tab[Y] + ycbcr->Cr_r_tab[Cr];

    192 *r = CLAMP(i, 0, 255);

    193 i = ycbcr->Y_tab[Y]

    194     + (int)((ycbcr->Cb_g_tab[Cb] + ycbcr->Cr_g_tab[Cr]) >> SHIFT);

    195 *g = CLAMP(i, 0, 255);

    196 i = ycbcr->Y_tab[Y] + ycbcr->Cb_b_tab[Cb];

──── threads ────

[#0] Id 1, Name: "PTtiffdump", stopped 0x7ffff7bdc4a3 in TIFFYCbCrtoRGB (), reason: SIGSEGV

────── trace ────

[#0] 0x7ffff7bdc4a3 → TIFFYCbCrtoRGB(ycbcr=0x555555568590, Y=0x4, Cb=0x0, Cr=0xff, r=0x7fffffffca50, g=0x7fffffffca54, b=0x7fffffffca58)

[#1] 0x7ffff7c11b85 → putcontig8bitYCbCr22tile(img=0x7fffffffcbf0, cp=0x555555568818, x=0x9a, y=0x9f, w=0xa0, h=0x52, fromskew=0x0, toskew=0xfffffec0, pp=0x5555555748c2 "")

[#2] 0x7ffff7c0b0e5 → gtStripContig(img=0x7fffffffcbf0, raster=0x55555555bd80, w=0xa0, h=0xa0)

[#3] 0x7ffff7c09a47 → TIFFRGBAImageGet(img=0x7fffffffcbf0, raster=0x55555555bd80, w=0xa0, h=0xa0)

[#4] 0x7ffff7c09b58 → TIFFReadRGBAImageOriented(tif=0x555555559740, rwidth=0xa0, rheight=0xa0, raster=0x55555555bd80, orientation=0x4, stop=0x1)

[#5] 0x7ffff7c09c13 → TIFFReadRGBAImage(tif=0x555555559740, rwidth=0xa0, rheight=0xa0, raster=0x55555555bd80, stop=0x1)

[#6] 0x7ffff7fa2b9f → panoTiffReadData(im=0x7fffffffd1c0, tif=0x5555555596b0)

[#7] 0x7ffff7fa3296 → panoTiffRead(im=0x7fffffffd1c0, fileName=0x7fffffffe793 "./libpano_segv_01")

[#8] 0x55555555542a → main(argc=0x4, argv=0x7fffffffe528)

────────────  

gef➤  p ycbcr->Y_tab[Y]

$3 = 0xff9c4200

gef➤  p  ycbcr->Cr_r_tab[Cr]

Cannot access memory at address 0x5555ff0003fc

In function panoTiffReadData() in tiff.c at line 1328, it call the tiff function TIFFReadRGBAImage and the crash happened.

```

if (TIFFReadRGBAImage(tif->tiff, (uint32) panoTiffImageWidth(tif),

(uint32) panoTiffImageHeight(tif),

(uint32 *) * (im->data), 1)) {

```

Seems the error is in libtiff , but  I wrote a wrapper  of TIFFReadRGBAImage and  it works fine without error .   

Now I didn't know what's the root cause ,so i post here. If the bug belong to libtiff, then I will send these info to libtiff's team.

PTtiff2psd also crash  for the call of TIFFReadRGBAImage.

env: ubuntu20.04 x86_64   gcc 9.3.0

libtiff : 4.1.0 and 4.3.0 tested

poc file:   

https://drive.google.com/file/d/1bDIs22u2UwlpZ8I1X4X0TlDDOa_9c5GE/view?usp=sharing