Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | libtiff 4.1.0 releasedv4.1.0 | Bob Friesenhahn | 2019-11-03 | 7 | -12/+15 |
| | |||||
* | ChangeLog updated with latest git commits. | Bob Friesenhahn | 2019-11-03 | 1 | -0/+882 |
| | |||||
* | Added a step for updating the legacy ChangeLog file. | Bob Friesenhahn | 2019-11-03 | 1 | -21/+33 |
| | |||||
* | Ignore emacs temporary files (ending with tilde character). | Bob Friesenhahn | 2019-11-03 | 1 | -0/+1 |
| | |||||
* | Added release summary page for the 4.1.0 release. | Bob Friesenhahn | 2019-11-03 | 1 | -0/+198 |
| | |||||
* | Fix Cmake HAVE_GETOPT for systems which declare getopt in stdio.h. | Bob Friesenhahn | 2019-11-03 | 11 | -11/+11 |
| | | | | Fix utility baked-in getopt prototype which appears when HAVE_GETOPT is not defined. | ||||
* | Fax2tiff.sh needs to remove its output file in advance. Syntax changes so ↵ | Bob Friesenhahn | 2019-11-03 | 1 | -1/+2 |
| | | | | that bash is not required. | ||||
* | tif_jpeg.c: extra cast to silence Coverity warning. GDAL CID 1406475 | Even Rouault | 2019-10-26 | 1 | -1/+1 |
| | |||||
* | tif_jpeg.c: fix warning added by previous commit (on 32bit builds) | Even Rouault | 2019-10-23 | 1 | -1/+1 |
| | |||||
* | Merge branch 'coverity-fixes' into 'master' | Even Rouault | 2019-10-23 | 2 | -3/+3 |
|\ | | | | | | | | | Coverity fixes See merge request libtiff/libtiff!94 | ||||
| * | Use 64-bit calculations correctly | Timothy Lyanguzov | 2019-10-23 | 1 | -1/+1 |
| | | |||||
| * | Fix size calculation to use 64-bit tmsize_t correctly | Timothy Lyanguzov | 2019-10-23 | 1 | -1/+1 |
| | | |||||
| * | Make bytesperclumpline calculations using tmsize_t type | Timothy Lyanguzov | 2019-10-23 | 1 | -1/+1 |
|/ | |||||
* | tif_read: align code of TIFFReadRawStrip() and TIFFReadRawTile() that ↵ | Even Rouault | 2019-10-03 | 1 | -10/+12 |
| | | | | differed for non good reason. Non-functional change normally. (fixes GitLab #162) | ||||
* | HTML: update for GitLab issues | Even Rouault | 2019-10-01 | 3 | -11/+15 |
| | |||||
* | html/v3.5.6-beta.html: redact URL of defunct web site | Even Rouault | 2019-09-29 | 1 | -1/+1 |
| | |||||
* | Website: update links to mailing list | Even Rouault | 2019-09-29 | 1 | -5/+5 |
| | |||||
* | TIFFReadAndRealloc(): avoid too large memory allocation attempts. Fixes ↵ | Even Rouault | 2019-09-18 | 1 | -0/+16 |
| | | | | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17244 | ||||
* | ByteCountLooksBad and EstimateStripByteCounts: avoid unsigned integer ↵ | Even Rouault | 2019-09-03 | 1 | -3/+13 |
| | | | | overflows. Fixes https://oss-fuzz.com/testcase-detail/5686156066291712 and https://oss-fuzz.com/testcase-detail/6332499206078464 | ||||
* | tif_ojpeg.c: avoid relying on isTiled macro being wrapped in () | Even Rouault | 2019-09-02 | 1 | -2/+2 |
| | |||||
* | tif_ojpeg.c: avoid use of uninitialized memory on edge/broken file. Fixes ↵ | Even Rouault | 2019-09-02 | 1 | -1/+7 |
| | | | | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16844 | ||||
* | tiff_read_rgba_fuzzer.cc: add a -DSTANDALONE mode for easier reproduction of ↵ | Even Rouault | 2019-09-02 | 1 | -0/+82 |
| | | | | oss-fuzz reports | ||||
* | tif_dirread.c: allocChoppedUpStripArrays(). avoid unsigned integer overflow. ↵ | Even Rouault | 2019-09-01 | 1 | -8/+21 |
| | | | | Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16846 | ||||
* | tif_ojpeg.c: avoid unsigned integer overflow. Fixes ↵ | Even Rouault | 2019-08-27 | 1 | -1/+3 |
| | | | | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16793 | ||||
* | TIFFReadDirEntryData(): rewrite to avoid unsigned integer overflow (not a ↵ | Even Rouault | 2019-08-27 | 1 | -6/+6 |
| | | | | bug). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16792 | ||||
* | TIFFFetchDirectory(): fix invalid cast from uint64 to tmsize_t. Fixes ↵ | Even Rouault | 2019-08-26 | 1 | -2/+3 |
| | | | | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16784 | ||||
* | JPEG: avoid use of unintialized memory on corrupted files | Even Rouault | 2019-08-25 | 1 | -0/+14 |
| | | | | | | Follow-up of cf3ce6fab894414a336546f62adc57f02590a22c Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16602 Credit to OSS Fuzz | ||||
* | _TIFFPartialReadStripArray(): avoid unsigned integer overflow. Fixes ↵ | Even Rouault | 2019-08-24 | 1 | -0/+8 |
| | | | | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16685 | ||||
* | OJPEGWriteHeaderInfo(): avoid unsigned integer overflow on strile dimensions ↵ | Even Rouault | 2019-08-23 | 1 | -2/+2 |
| | | | | close to UINT32_MAX. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16683 | ||||
* | TIFFFillStrip(): avoid harmless unsigned integer overflow. Fixes ↵ | Even Rouault | 2019-08-23 | 1 | -2/+8 |
| | | | | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16653 | ||||
* | EstimateStripByteCounts(): avoid unsigned integer overflow. Fixes ↵ | Even Rouault | 2019-08-23 | 1 | -1/+5 |
| | | | | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16643& | ||||
* | tif_ojpeg: avoid unsigned integer overflow (probably not a bug). Fixes ↵ | Even Rouault | 2019-08-23 | 1 | -1/+2 |
| | | | | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16635 | ||||
* | tif_thunder: avoid unsigned integer overflow (not a bug). Fixes ↵ | Even Rouault | 2019-08-23 | 1 | -5/+5 |
| | | | | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16632 | ||||
* | _TIFFMultiply32() / _TIFFMultiply64(): avoid relying on unsigned integer ↵ | Even Rouault | 2019-08-22 | 3 | -20/+16 |
| | | | | overflow (not a bug) | ||||
* | EstimateStripByteCounts(): avoid unsigned integer overflow | Even Rouault | 2019-08-22 | 1 | -0/+2 |
| | |||||
* | EstimateStripByteCounts(): avoid unsigned integer overflow | Even Rouault | 2019-08-21 | 1 | -14/+17 |
| | |||||
* | EstimateStripByteCounts(): avoid harmless unsigned integer overflow | Even Rouault | 2019-08-20 | 1 | -2/+8 |
| | |||||
* | _TIFFPartialReadStripArray(): avoid triggering unsigned integer overflow ↵ | Even Rouault | 2019-08-20 | 1 | -1/+8 |
| | | | | with -fsanitize=unsigned-integer-overflow (not a bug, this is well defined by itself) | ||||
* | tiff2ps: fix use of wrong data type that caused issues (/Height being ↵ | Even Rouault | 2019-08-18 | 1 | -6/+6 |
| | | | | written as 0) on 64-bit big endian platforms | ||||
* | setByteArray(): fix previous commit | Even Rouault | 2019-08-16 | 1 | -1/+1 |
| | |||||
* | setByteArray(): avoid potential signed integer overflow. Pointed by Hendra ↵ | Even Rouault | 2019-08-16 | 1 | -2/+2 |
| | | | | Gunadi. No actual problem known (which does not mean there wouldn't be any. Particularly on 32bit builds) | ||||
* | RGBA interface: fix integer overflow potentially causing write heap buffer ↵ | Even Rouault | 2019-08-15 | 1 | -6/+20 |
| | | | | overflow, especially on 32 bit builds. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443. Credit to OSS Fuzz | ||||
* | Merge branch 'fix_integer_overflow' into 'master' | Even Rouault | 2019-08-14 | 8 | -107/+71 |
|\ | | | | | | | | | Fix integer overflow in _TIFFCheckMalloc() and other implementation-defined behaviour (CVE-2019-14973) See merge request libtiff/libtiff!90 | ||||
| * | Fix integer overflow in _TIFFCheckMalloc() and other implementation-defined ↵ | Even Rouault | 2019-08-13 | 8 | -107/+71 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | behaviour (CVE-2019-14973) _TIFFCheckMalloc()/_TIFFCheckRealloc() used a unsafe way to detect overflow in the multiplication of nmemb and elem_size (which are of type tmsize_t, thus signed), which was especially easily triggered on 32-bit builds (with recent enough compilers that assume that signed multiplication cannot overflow, since this is undefined behaviour by the C standard). The original issue which lead to this fix was trigged from tif_fax3.c There were also unsafe (implementation defied), and broken in practice on 64bit builds, ways of checking that a uint64 fits of a (signed) tmsize_t by doing (uint64)(tmsize_t)uint64_var != uint64_var comparisons. Those have no known at that time exploits, but are better to fix in a more bullet-proof way. Or similarly use of (int64)uint64_var <= 0. | ||||
* | | TIFFClientOpen(): fix memory leak if one of the required callbacks is not ↵ | Even Rouault | 2019-08-12 | 1 | -0/+1 |
| | | | | | | | | provided. Fixed Coverity GDAL CID 1404110 | ||||
* | | OJPEGReadBufferFill(): avoid very long processing time on corrupted files. ↵ | Even Rouault | 2019-08-12 | 1 | -2/+7 |
| | | | | | | | | Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16400. master only | ||||
* | | oss-fuzz/tiff_read_rgba_fuzzer.cc: fix wrong env variable value in previous ↵ | Even Rouault | 2019-08-11 | 1 | -1/+1 |
| | | | | | | | | commit | ||||
* | | oss-fuzz/tiff_read_rgba_fuzzer.cc: avoid issue with libjpeg-turbo and MSAN | Even Rouault | 2019-08-11 | 1 | -0/+9 |
| | | |||||
* | | OJPEG: fix integer division by zero on corrupted subsampling factors. Fixes ↵ | Even Rouault | 2019-08-10 | 1 | -0/+6 |
| | | | | | | | | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15824. Credit to OSS Fuzz | ||||
* | | Merge branch 'ossfuzz_i386' | Even Rouault | 2019-08-10 | 1 | -2/+9 |
|\ \ |