| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
have gone with eaeca6274ae71cdfaeb9f673b6fb0f3cfc0e6ce5) (master only)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
... and add per-strile offset/bytecount loading capabilities.
Part of this commit makes the behaviour that was previously met when
libtiff was compiled with -DDEFER_STRILE_LOAD available for default builds
when specifying the new 'D' (Deferred) TIFFOpen() flag. In that mode, the [Tile/Strip][ByteCounts/Offsets]
arrays are only loaded when first accessed. This can speed-up the opening
of files stored on the network when just metadata retrieval is needed.
This mode has been used for years by the GDAL library when compiled with
its embeded libtiff copy.
To avoid potential out-of-tree code (typically codecs) that would use
the td_stripbytecount and td_stripoffset array inconditionnaly assuming they
have been loaded, those have been suffixed with _p (for protected). The
use of the new functions mentionned below is then recommended.
Another addition of this commit is the capability of loading only the
values of the offset/bytecount of the strile of interest instead of the
whole array. This is enabled with the new 'O' (Ondemand) flag of TIFFOpen()
(which implies 'D'). That behaviour has also been used by GDAL, which hacked
into the td_stripoffset/td_stripbytecount arrays directly. The new code
added in the _TIFFFetchStrileValue() and _TIFFPartialReadStripArray() internal
functions is mostly a port of what was in GDAL GTiff driver previously.
Related to that, the public TIFFGetStrileOffset[WithErr]() and TIFFGetStrileByteCount[WithErr]()
functions have been added to API. They are of particular interest when
using sparse files (with offset == bytecount == 0) and you want to detect
if a strile is present or not without decompressing the data, or updating
an existing sparse file.
They will also be used to enable a future enhancement where client code can entirely
skip bytecount loading in some situtations
A new test/defer_strile_loading.c test has been added to test the above
capabilities.
|
|
|
|
|
|
|
|
| |
Fixes https://github.com/OSGeo/gdal/issues/1439
When rewriting a LZW tile/strip whose existing size is very close to a multiple of
1024 bytes (and larger than 8192 bytes) with compressed data that is larger,
the new data was not placed at the end of the file, causing corruption.
|
|
|
|
| |
large number of strips. Probably relates to http://bugzilla.maptools.org/show_bug.cgi?id=2788 / CVE-2018-10779
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
in heap or stack allocated buffers. Reported as MSVR 35093,
MSVR 35096 and MSVR 35097. Discovered by Axel Souchet and Vishal
Chauhan from the MSRC Vulnerabilities & Mitigations team.
* tools/tiff2pdf.c: fix out-of-bounds write vulnerabilities in
heap allocate buffer in t2p_process_jpeg_strip(). Reported as MSVR
35098. Discovered by Axel Souchet and Vishal Chauhan from the MSRC
Vulnerabilities & Mitigations team.
* libtiff/tif_pixarlog.c: fix out-of-bounds write vulnerabilities
in heap allocated buffers. Reported as MSVR 35094. Discovered by
Axel Souchet and Vishal Chauhan from the MSRC Vulnerabilities &
Mitigations team.
* libtiff/tif_write.c: fix issue in error code path of TIFFFlushData1()
that didn't reset the tif_rawcc and tif_rawcp members. I'm not
completely sure if that could happen in practice outside of the odd
behaviour of t2p_seekproc() of tiff2pdf). The report points that a
better fix could be to check the return value of TIFFFlushData1() in
places where it isn't done currently, but it seems this patch is enough.
Reported as MSVR 35095. Discovered by Axel Souchet & Vishal Chauhan &
Suha Can from the MSRC Vulnerabilities & Mitigations team.
|
|
|
|
|
|
|
|
|
| |
TIFFReadEncodedTile() directly use user provided buffer when
no compression (and other conditions) to save a memcpy().
* libtiff/tif_write.c: make TIFFWriteEncodedStrip() and
TIFFWriteEncodedTile() directly use user provided buffer when
no compression to save a memcpy().
|
|
|
|
|
|
| |
should return -1 in case of failure of tif_encodestrip() as documented
* libtiff/tif_dumpmode.c: DumpModeEncode() should return 0 in case of
failure so that the above mentionned functions detect the error.
|
|
|
|
| |
zero".
|
|
|
|
| |
zero".
|
|
|
|
| |
or modulo by zero".
|
|
|
|
|
| |
* libtiff/tif_read.c (TIFFStartTile): Fix Coverity 715973 and
715974 "Division or modulo by zero".
|
| |
|
| |
|
| |
|
|
|
|
|
| |
that it is clearly a memory allocation error message, and also
includes the size of the allocation request.
|
| |
|
|
|
|
| |
TIFFClientOpen() callback and other external function definitions.
|
|
|
|
|
|
|
|
|
|
|
|
| |
that the strip offset/size values are dirty but nothing else about the
directory is dirty. In flush handle "just stripmaps dirty" as a special
case that just rewrites these values without otherwise modifying the
directory on disk using TIFFRewriteField().
We also modify logic so that in update mode the directory is not
marked dirty on read, but only when something is changed. This
means we need to keep track of updates to the stripmap stuff in
TIFFAppendToStrip().
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
http://bugzilla.remotesensing.org/show_bug.cgi?id=1081.
|
| |
|
| |
|
|
|
|
| |
case of single band images (as per TIFF spec).
|
|
|
|
| |
http://bugzilla.remotesensing.org/show_bug.cgi?id=660
|
| |
|
|
|
|
| |
(Dmitry V. Levin).
|
| |
|
| |
|
| |
|
|
|
|
|
| |
all codecs). For details see GDAL bug
http://bugzilla.remotesensing.org/show_bug.cgi?id=534
|
|
|
|
|
| |
TIFFWriteBufferSetup(). As per bug
http://bugzilla.remotesensing.org/show_bug.cgi?id=460
|
| |
|
| |
|
|
|
|
| |
incrementing it, in case the codec has been fooling with it.
|
| |
|
| |
|
| |
|
|
|
|
| |
setup flag is set. TIFFWriteCheck() is now public.
|