summaryrefslogtreecommitdiff
path: root/libtiff
Commit message (Collapse)AuthorAgeFilesLines
* OJPEG: fix broken sanity check added in 4.1.0, and add two OJPEG test filesEven Rouault2019-11-111-30/+23
|
* libtiff 4.1.0 releasedv4.1.0Bob Friesenhahn2019-11-031-2/+2
|
* Fix Cmake HAVE_GETOPT for systems which declare getopt in stdio.h.Bob Friesenhahn2019-11-031-1/+1
| | | | Fix utility baked-in getopt prototype which appears when HAVE_GETOPT is not defined.
* tif_jpeg.c: extra cast to silence Coverity warning. GDAL CID 1406475Even Rouault2019-10-261-1/+1
|
* tif_jpeg.c: fix warning added by previous commit (on 32bit builds)Even Rouault2019-10-231-1/+1
|
* Use 64-bit calculations correctlyTimothy Lyanguzov2019-10-231-1/+1
|
* Fix size calculation to use 64-bit tmsize_t correctlyTimothy Lyanguzov2019-10-231-1/+1
|
* Make bytesperclumpline calculations using tmsize_t typeTimothy Lyanguzov2019-10-231-1/+1
|
* tif_read: align code of TIFFReadRawStrip() and TIFFReadRawTile() that ↵Even Rouault2019-10-031-10/+12
| | | | differed for non good reason. Non-functional change normally. (fixes GitLab #162)
* TIFFReadAndRealloc(): avoid too large memory allocation attempts. Fixes ↵Even Rouault2019-09-181-0/+16
| | | | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17244
* ByteCountLooksBad and EstimateStripByteCounts: avoid unsigned integer ↵Even Rouault2019-09-031-3/+13
| | | | overflows. Fixes https://oss-fuzz.com/testcase-detail/5686156066291712 and https://oss-fuzz.com/testcase-detail/6332499206078464
* tif_ojpeg.c: avoid relying on isTiled macro being wrapped in ()Even Rouault2019-09-021-2/+2
|
* tif_ojpeg.c: avoid use of uninitialized memory on edge/broken file. Fixes ↵Even Rouault2019-09-021-1/+7
| | | | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16844
* tif_dirread.c: allocChoppedUpStripArrays(). avoid unsigned integer overflow. ↵Even Rouault2019-09-011-8/+21
| | | | Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16846
* tif_ojpeg.c: avoid unsigned integer overflow. Fixes ↵Even Rouault2019-08-271-1/+3
| | | | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16793
* TIFFReadDirEntryData(): rewrite to avoid unsigned integer overflow (not a ↵Even Rouault2019-08-271-6/+6
| | | | bug). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16792
* TIFFFetchDirectory(): fix invalid cast from uint64 to tmsize_t. Fixes ↵Even Rouault2019-08-261-2/+3
| | | | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16784
* JPEG: avoid use of unintialized memory on corrupted filesEven Rouault2019-08-251-0/+14
| | | | | | Follow-up of cf3ce6fab894414a336546f62adc57f02590a22c Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16602 Credit to OSS Fuzz
* _TIFFPartialReadStripArray(): avoid unsigned integer overflow. Fixes ↵Even Rouault2019-08-241-0/+8
| | | | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16685
* OJPEGWriteHeaderInfo(): avoid unsigned integer overflow on strile dimensions ↵Even Rouault2019-08-231-2/+2
| | | | close to UINT32_MAX. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16683
* TIFFFillStrip(): avoid harmless unsigned integer overflow. Fixes ↵Even Rouault2019-08-231-2/+8
| | | | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16653
* EstimateStripByteCounts(): avoid unsigned integer overflow. Fixes ↵Even Rouault2019-08-231-1/+5
| | | | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16643&
* tif_ojpeg: avoid unsigned integer overflow (probably not a bug). Fixes ↵Even Rouault2019-08-231-1/+2
| | | | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16635
* tif_thunder: avoid unsigned integer overflow (not a bug). Fixes ↵Even Rouault2019-08-231-5/+5
| | | | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16632
* _TIFFMultiply32() / _TIFFMultiply64(): avoid relying on unsigned integer ↵Even Rouault2019-08-223-20/+16
| | | | overflow (not a bug)
* EstimateStripByteCounts(): avoid unsigned integer overflowEven Rouault2019-08-221-0/+2
|
* EstimateStripByteCounts(): avoid unsigned integer overflowEven Rouault2019-08-211-14/+17
|
* EstimateStripByteCounts(): avoid harmless unsigned integer overflowEven Rouault2019-08-201-2/+8
|
* _TIFFPartialReadStripArray(): avoid triggering unsigned integer overflow ↵Even Rouault2019-08-201-1/+8
| | | | with -fsanitize=unsigned-integer-overflow (not a bug, this is well defined by itself)
* setByteArray(): fix previous commitEven Rouault2019-08-161-1/+1
|
* setByteArray(): avoid potential signed integer overflow. Pointed by Hendra ↵Even Rouault2019-08-161-2/+2
| | | | Gunadi. No actual problem known (which does not mean there wouldn't be any. Particularly on 32bit builds)
* RGBA interface: fix integer overflow potentially causing write heap buffer ↵Even Rouault2019-08-151-6/+20
| | | | overflow, especially on 32 bit builds. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443. Credit to OSS Fuzz
* Merge branch 'fix_integer_overflow' into 'master'Even Rouault2019-08-148-107/+71
|\ | | | | | | | | Fix integer overflow in _TIFFCheckMalloc() and other implementation-defined behaviour (CVE-2019-14973) See merge request libtiff/libtiff!90
| * Fix integer overflow in _TIFFCheckMalloc() and other implementation-defined ↵Even Rouault2019-08-138-107/+71
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | behaviour (CVE-2019-14973) _TIFFCheckMalloc()/_TIFFCheckRealloc() used a unsafe way to detect overflow in the multiplication of nmemb and elem_size (which are of type tmsize_t, thus signed), which was especially easily triggered on 32-bit builds (with recent enough compilers that assume that signed multiplication cannot overflow, since this is undefined behaviour by the C standard). The original issue which lead to this fix was trigged from tif_fax3.c There were also unsafe (implementation defied), and broken in practice on 64bit builds, ways of checking that a uint64 fits of a (signed) tmsize_t by doing (uint64)(tmsize_t)uint64_var != uint64_var comparisons. Those have no known at that time exploits, but are better to fix in a more bullet-proof way. Or similarly use of (int64)uint64_var <= 0.
* | TIFFClientOpen(): fix memory leak if one of the required callbacks is not ↵Even Rouault2019-08-121-0/+1
| | | | | | | | provided. Fixed Coverity GDAL CID 1404110
* | OJPEGReadBufferFill(): avoid very long processing time on corrupted files. ↵Even Rouault2019-08-121-2/+7
| | | | | | | | Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16400. master only
* | OJPEG: fix integer division by zero on corrupted subsampling factors. Fixes ↵Even Rouault2019-08-101-0/+6
|/ | | | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15824. Credit to OSS Fuzz
* Reading of Tiff tags with ID = 0 (like GPSVERSIONID) corrected.Su Laus2019-08-042-184/+183
| | | | | | | | | | | | | | | | | | | | | IGNORE placeholder in tif_dirread.c is now replaced by a field dir_ignore in the TIFFDirEntry structure Currently, in tif_dirread.c a special IGNORE value for the tif tags is defined in order to flag status preventing already processed tags from further processing. This irrational behaviour prevents reading of custom tags with id code 0 - like tag GPSVERSIONID from EXIF 2.31 definition. An additional field 'tdir_ignore' is now added to the TIFFDirEntry structure and code is changed to allow tags with id code 0 to be read correctly. This change was already proposed as pending improvement in tif_dirread.c around line 32. Reference is also made to: - Discussion in https://gitlab.com/libtiff/libtiff/merge_requests/39 - http://bugzilla.maptools.org/show_bug.cgi?id=2540 Comments and indention adapted. Preparation to rebase onto master
* TIFFWriteCheck(): call TIFFForceStrileArrayWriting() when needed (should ↵Even Rouault2019-07-091-0/+14
| | | | have gone with eaeca6274ae71cdfaeb9f673b6fb0f3cfc0e6ce5) (master only)
* OJPEG: avoid use of unintialized memory on corrupted filesEven Rouault2019-07-051-0/+26
| | | | | Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=925269 Patch from Lei Zhang with little adaptations.
* Return infinite distance when denominator is zero.Dirk Lemstra2019-06-291-1/+1
|
* Merge branch 'defer_strile_writing' into 'master'Even Rouault2019-05-296-57/+252
|\ | | | | | | | | Add TIFFDeferStrileArrayWriting() and TIFFForceStrileArrayWriting() See merge request libtiff/libtiff!82
| * Add TIFFDeferStrileArrayWriting() and TIFFForceStrileArrayWriting()Even Rouault2019-05-256-57/+252
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Those advanced writing functions must be used in a particular sequence to make their intended effect. Their aim is to control when/where the [Strip/Tile][Offsets/ByteCounts] arrays are written into the file. The purpose of this is to generate 'cloud-optimized geotiff' files where the first KB of the file only contain the IFD entries without the potentially large strile arrays. Those are written afterwards. The typical sequence of calls is: TIFFOpen() [ TIFFCreateDirectory(tif) ] Set fields with calls to TIFFSetField(tif, ...) TIFFDeferStrileArrayWriting(tif) TIFFWriteCheck(tif, ...) TIFFWriteDirectory(tif) ... potentially create other directories and come back to the above directory TIFFForceStrileArrayWriting(tif): emit the arrays at the end of file See test/defer_strile_writing.c for a practical example.
* | Merge branch 'TIFFReadFromUserBuffer' into 'master'Even Rouault2019-05-293-0/+91
|\ \ | | | | | | | | | | | | Add TIFFReadFromUserBuffer() See merge request libtiff/libtiff!81
| * | Add TIFFReadFromUserBuffer()Even Rouault2019-05-233-0/+91
| | | | | | | | | | | | | | | | | | | | | This function replaces the use of TIFFReadEncodedStrip()/TIFFReadEncodedTile() when the user can provide the buffer for the input data, for example when he wants to avoid libtiff to read the strile offset/count values from the [Strip|Tile][Offsets/ByteCounts] array.
* | | Fix vulnerability in 'D' (DeferStrileLoad) mode (master only) (fixes ↵Even Rouault2019-05-261-1/+3
| | | | | | | | | | | | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14908)
* | | Replace 'stripped' by 'striped' in error messagesEven Rouault2019-05-254-4/+4
| |/ |/|
* | Fix vulnerability introduced by defer strile loading (master only)Even Rouault2019-05-242-3/+6
| | | | | | | | | | | | | | | | Found on GDAL with https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14894 Disabling the TIFF_DEFERSTRILELOAD bit in ChopupStripArray() was a bad idea since when using TIFFReadDirectory() to reload the directory again would lead to a different value of td_rowsperstrip, which could confuse readers if they relied on the value found initially.
* | Fix typo in error message (master only)Even Rouault2019-05-241-1/+1
|/
* libtiff.def: add missing new symbolsEven Rouault2019-05-221-0/+4
|
View Lorry Controller Status