| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| |
| |
| |
| |
| | |
Fix 484 TIFFDirectory td_fieldsset uses unsigned long which can be 32 or 64 bits.
Closes #484
See merge request libtiff/libtiff!471
|
| | |
| |
| |
| |
| |
| | |
bits.
Closes #484
|
| |/ |
|
| |
|
|
| |
TIFFUnlinkDirectory(): use tdir_t that is now a uint32_t, and raise limit of IFDs to 1048576
|
| | |
|
| | |
|
| |\
| |
| |
| |
| |
| |
| | |
Revised handling of TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value (fixes #149, #150, #152, #168, #250, #269, #398 and #456)
Closes #474, #463, #387, #456, #398, #269, #250, #168, #152, #150 et #149
See merge request libtiff/libtiff!385
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In order to solve the buffer overflow issues related to TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value, a revised handling of those tags within LibTiff is proposed:
Behaviour for writing:
`NumberOfInks` MUST fit to the number of inks in the `InkNames` string.
`NumberOfInks` is automatically set when `InkNames` is set.
If `NumberOfInks` is different to the number of inks within `InkNames` string, that will be corrected and a warning is issued.
If `NumberOfInks` is not equal to samplesperpixel only a warning will be issued.
Behaviour for reading:
When reading `InkNames` from a TIFF file, the `NumberOfInks` will be set automatically to the number of inks in `InkNames` string.
If `NumberOfInks` is different to the number of inks within `InkNames` string, that will be corrected and a warning is issued.
If `NumberOfInks` is not equal to samplesperpixel only a warning will be issued.
This allows the safe use of the NumberOfInks value to read out the InkNames without buffer overflow
This MR will close the following issues: #149, #150, #152, #168 (to be checked), #250, #269, #398 and #456.
It also fixes the old bug at http://bugzilla.maptools.org/show_bug.cgi?id=2599, for which the limitation of `NumberOfInks = SPP` was introduced, which is in my opinion not necessary and does not solve the general issue.
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
IFD infinite looping was not fixed by MR 20 (see #455).
An improved IFD loop handling is proposed.
Basic approach:
- The order in the entire chain must be checked, and not only whether an offset has already been read once.
- To do this, pairs of directory number and offset are stored and checked.
- The offset of a directory number can change.
- TIFFAdvanceDirectory() must also perform an IFD loop check.
- TIFFCheckDirOffset() is replaced by _TIFFCheckDirNumberAndOffset().
Rules for the check:
- If an offset is already in the list, it must have the same IFD number. Otherwise it is an IDF loop.
- If the offset is not in the list and the IFD number is greater than there are list entries, a new list entry is added.
- Otherwise, the offset of the IFD number is updated.
Reference is also made to old bugzilla bug 2772 and MR 20, which did not solve the general issue.
This MR closes #455
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Existing EXIF field definition of tags is upgraded to EXIF version 2.3.2
- EXIF-GPS structure, tags and access functions are added as special CustomDirectory (like it was done for EXIF).
- Test program custom_dir_EXIF_231.c added to test writing/reading of EXID IFD and GPS IFD tags
and to highlight some quirks of IFD-handling and peculiarities of reading/writing the different data types.
- Reading error for FileSource and SceneType tags corrected.
- EXIF_GPS_upgrade rebased onto c8c5309b765ef4ff097d2aaffbdb8f403db8967d (Merge branch 'Rational2DoublePrecision_correction' into 'master')
and adapted:
- tif_dirinfo.c: All rational tags set to TIFF_SETGET_FLOAT but only the GPSTAG_ tags set to TIFF_SETGET_DOUBLE.
- custom_dir_EXIF_231.c: Editorials amended and gcc warnigs fixed.
- CMakeLists.txt: add_test(NAME "custom_dir_EXIF_231" COMMAND "custom_dir_EXIF_231") added.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
IGNORE placeholder in tif_dirread.c is now replaced by a field dir_ignore in the TIFFDirEntry structure
Currently, in tif_dirread.c a special IGNORE value for the tif tags is defined
in order to flag status preventing already processed tags from further processing.
This irrational behaviour prevents reading of custom tags with id code 0 - like tag GPSVERSIONID from EXIF 2.31 definition.
An additional field 'tdir_ignore' is now added to the TIFFDirEntry structure and code is changed
to allow tags with id code 0 to be read correctly.
This change was already proposed as pending improvement in tif_dirread.c around line 32.
Reference is also made to:
- Discussion in https://gitlab.com/libtiff/libtiff/merge_requests/39
- http://bugzilla.maptools.org/show_bug.cgi?id=2540
Comments and indention adapted.
Preparation to rebase onto master
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Those advanced writing functions must be used in a particular sequence
to make their intended effect. Their aim is to control when/where
the [Strip/Tile][Offsets/ByteCounts] arrays are written into the file.
The purpose of this is to generate 'cloud-optimized geotiff' files where
the first KB of the file only contain the IFD entries without the potentially
large strile arrays. Those are written afterwards.
The typical sequence of calls is:
TIFFOpen()
[ TIFFCreateDirectory(tif) ]
Set fields with calls to TIFFSetField(tif, ...)
TIFFDeferStrileArrayWriting(tif)
TIFFWriteCheck(tif, ...)
TIFFWriteDirectory(tif)
... potentially create other directories and come back to the above directory
TIFFForceStrileArrayWriting(tif): emit the arrays at the end of file
See test/defer_strile_writing.c for a practical example.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
... and add per-strile offset/bytecount loading capabilities.
Part of this commit makes the behaviour that was previously met when
libtiff was compiled with -DDEFER_STRILE_LOAD available for default builds
when specifying the new 'D' (Deferred) TIFFOpen() flag. In that mode, the [Tile/Strip][ByteCounts/Offsets]
arrays are only loaded when first accessed. This can speed-up the opening
of files stored on the network when just metadata retrieval is needed.
This mode has been used for years by the GDAL library when compiled with
its embeded libtiff copy.
To avoid potential out-of-tree code (typically codecs) that would use
the td_stripbytecount and td_stripoffset array inconditionnaly assuming they
have been loaded, those have been suffixed with _p (for protected). The
use of the new functions mentionned below is then recommended.
Another addition of this commit is the capability of loading only the
values of the offset/bytecount of the strile of interest instead of the
whole array. This is enabled with the new 'O' (Ondemand) flag of TIFFOpen()
(which implies 'D'). That behaviour has also been used by GDAL, which hacked
into the td_stripoffset/td_stripbytecount arrays directly. The new code
added in the _TIFFFetchStrileValue() and _TIFFPartialReadStripArray() internal
functions is mostly a port of what was in GDAL GTiff driver previously.
Related to that, the public TIFFGetStrileOffset[WithErr]() and TIFFGetStrileByteCount[WithErr]()
functions have been added to API. They are of particular interest when
using sparse files (with offset == bytecount == 0) and you want to detect
if a strile is present or not without decompressing the data, or updating
an existing sparse file.
They will also be used to enable a future enhancement where client code can entirely
skip bytecount loading in some situtations
A new test/defer_strile_loading.c test has been added to test the above
capabilities.
|
| |
|
|
|
| |
This allows compilers that can do header stand alone header parsing
to process libtiff.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and use it in TIFFReadDirectory() so as to ignore fields whose tag is a
codec-specified tag but this codec is not enabled. This avoids TIFFGetField()
to behave differently depending on whether the codec is enabled or not, and
thus can avoid stack based buffer overflows in a number of TIFF utilities
such as tiffsplit, tiffcmp, thumbnail, etc.
Patch derived from 0063-Handle-properly-CODEC-specific-tags.patch
(http://bugzilla.maptools.org/show_bug.cgi?id=2580) by Raphaël Hertzog.
Fixes:
http://bugzilla.maptools.org/show_bug.cgi?id=2580
http://bugzilla.maptools.org/show_bug.cgi?id=2693
http://bugzilla.maptools.org/show_bug.cgi?id=2625 (CVE-2016-10095)
http://bugzilla.maptools.org/show_bug.cgi?id=2564 (CVE-2015-7554)
http://bugzilla.maptools.org/show_bug.cgi?id=2561 (CVE-2016-5318)
http://bugzilla.maptools.org/show_bug.cgi?id=2499 (CVE-2014-8128)
http://bugzilla.maptools.org/show_bug.cgi?id=2441
http://bugzilla.maptools.org/show_bug.cgi?id=2433
|
| | |
|
| |
|
|
|
|
|
| |
different values for each sample. Presents the min/max of all samples by
default for compatibility. TIFFSetField/TIFFGetField can be made to handle
those tags as arrays by changing the new TIFFTAG_PERSAMPLE pseudo tag.
http://www.asmail.be/msg0055458208.html
|
| |
|
|
|
| |
that it is clearly a memory allocation error message, and also
includes the size of the allocation request.
|
| |
|
|
|
| |
directory instead of as a custom(generic) field to avoid a potential
reentrancy problem (#2125)
|
| | |
|
| | |
|
| |
|
|
|
| |
structure renamed into tif_fields to be consistent with the new function
names.
|
| | |
|
| | |
|
| |
|
|
| |
retained for the backward compatibility.
|
| | |
|
| |
|
|
| |
workarounds
|
| |
|
|
| |
handling plans
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
introducing _TIFFMergeFieldInfo() returning integer error status instead of
void in case of problems with field merging (e.g., if the field with such a tag
already registered). TIFFMergeFieldInfo() in public API remains void. Use
_TIFFMergeFieldInfo() everywhere and check returned value.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
tif_dirinfo.c; added _TIFFGetFieldInfo() and _TIFFGetExifFieldInfo() private
functions to retrieve FieldInfo arrays.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
