Upstream patch for tiff2ps core dump noted in bug #460322.  (Note that
the tiffcmp crash mentioned there is really a different bug.)
Now also incorporating Adam Goode's patch for bug #552360.  See
http://bugzilla.maptools.org/show_bug.cgi?id=1936


diff -Naur tiff-3.9.2.orig/libtiff/tif_dir.c tiff-3.9.2/libtiff/tif_dir.c
--- tiff-3.9.2.orig/libtiff/tif_dir.c	2008-12-31 19:10:43.000000000 -0500
+++ tiff-3.9.2/libtiff/tif_dir.c	2010-01-05 19:59:12.000000000 -0500
@@ -1100,6 +1100,13 @@
 	 */
 	tif->tif_flags &= ~TIFF_ISTILED;
 
+	/*
+	 * Clear other directory-specific fields.
+	 */
+	tif->tif_tilesize = 0;
+	tif->tif_scanlinesize = 0;
+	
+
 	return (1);
 }
 
diff -Naur tiff-3.9.2.orig/libtiff/tif_jpeg.c tiff-3.9.2/libtiff/tif_jpeg.c
--- tiff-3.9.2.orig/libtiff/tif_jpeg.c	2009-08-30 12:21:46.000000000 -0400
+++ tiff-3.9.2/libtiff/tif_jpeg.c	2010-01-05 19:59:12.000000000 -0500
@@ -1613,7 +1613,11 @@
 	 * Must recalculate cached tile size in case sampling state changed.
 	 * Should we really be doing this now if image size isn't set? 
 	 */
-	tif->tif_tilesize = isTiled(tif) ? TIFFTileSize(tif) : (tsize_t) -1;
+        if( tif->tif_tilesize > 0 )
+            tif->tif_tilesize = isTiled(tif) ? TIFFTileSize(tif) : (tsize_t) -1;
+
+        if(tif->tif_scanlinesize > 0 )
+            tif->tif_scanlinesize = TIFFScanlineSize(tif); 
 }
 
 static int
@@ -1741,13 +1745,21 @@
 			return;
     }
     else
-	{
+    {
         if( !TIFFFillStrip( tif, 0 ) )
             return;
     }
 
     TIFFSetField( tif, TIFFTAG_YCBCRSUBSAMPLING, 
                   (uint16) sp->h_sampling, (uint16) sp->v_sampling );
+
+    /*
+    ** We want to clear the loaded strip so the application has time
+    ** to set JPEGCOLORMODE or other behavior modifiers.  This essentially
+    ** undoes the JPEGPreDecode triggers by TIFFFileStrip().  (#1936)
+    */
+    tif->tif_curstrip = -1;
+
 #endif /* CHECK_JPEG_YCBCR_SUBSAMPLING */
 }