summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Change default user id in HOWTO-RELEASE to mine.HEADoriginmasterbfriesen2017-11-181-1/+1
|
* * configure.ac: libtiff 4.0.9 released.Release-v4-0-9bfriesen2017-11-188-26/+29
|
* * html/v4.0.9.html: Add HTML file to document changes in libtiffbfriesen2017-11-184-3/+382
| | | | v4.0.9.
* * libtiff/tif_aux.c, tif_getimage.c, tif_read.c: typo fixes inerouault2017-11-174-9/+14
| | | | comments.
* List Frank Warmerdam and Andrey Kiselev as past maintainers since they have ↵bfriesen2017-11-071-5/+7
| | | | not been active in years.
* * test/Makefile.am: Add some tests for tiff2bw.bfriesen2017-11-026-4/+102
|
* * tools/tiff2bw.c (main): Free memory allocated in the tiff2bwbfriesen2017-11-012-12/+35
| | | | | | program. This is in response to the report associated with CVE-2017-16232 but does not solve the extremely high memory usage with the associated POC file.
* tiff2pdf.c: Fix possible overflow in bounds check computation and eliminate ↵bfriesen2017-10-292-3/+11
| | | | signed/unsigned comparison.
* fax2tiff: Pass the FAX_Client_Data struct as client databfriesen2017-10-2924-44/+18
|
* * libtiff/tif_getimage.c: avoid floating point division by zero inerouault2017-10-232-2/+15
| | | | | | initCIELabConversion() Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3733 Credit to OSS Fuzz
* * libtiff/tif_jpeg.c: add compatibility with libjpeg-turbo 1.5.2 thaterouault2017-10-172-7/+23
| | | | | honours max_memory_to_use > 0. Cf https://github.com/libjpeg-turbo/libjpeg-turbo/issues/162
* * nmake.opt: support a DEBUG=1 option, so as to adjust OPTFLAGS and useerouault2017-10-102-1/+17
| | | | /MDd runtime in debug mode.
* * tools/tiffset.c: fix setting a single value for the ExtraSamples tagerouault2017-10-012-2/+9
| | | | | | (and other tags with variable number of values). So 'tiffset -s ExtraSamples 1 X'. This only worked when setting 2 or more values, but not just one.
* * libtiff/libtiff.def: add TIFFReadRGBAStripExt and TIFFReadRGBATileExterouault2017-09-292-0/+7
| | | | Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2735
* dummy commit to check CVS is workingerouault2017-09-221-1/+1
|
* * libtiff/tif_dirread.c: add NULL check to avoid likely false positiveerouault2017-09-092-3/+8
| | | | null-pointer dereference warning by CLang Static Analyzer.
* * libtiff/tiffiop.h, tif_aux.c: redirect SeekOK() macro to a _TIFFSeekoK()erouault2017-09-073-4/+20
| | | | | | | | function that checks if the offset is not bigger than INT64_MAX, so as to avoid a -1 error return code of TIFFSeekFile() to match a required seek to UINT64_MAX/-1. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2726 Adapted from proposal by Nicolas Ruff.
* Fix signed vs unsigned comparisonerouault2017-08-291-2/+2
|
* * libtiff/tif_jpeg.c: accept reading the last strip of a JPEG compressederouault2017-08-292-5/+38
| | | | | | | | | file if the codestream height is larger than the truncated height of the strip. Emit a warning in this situation since this is non compliant. * test/Makefile.am: add missing reference to images/quad-lzw-compat.tiff to fix "make distcheck". Patch by Roger Leigh
* * test/Makefile.am: add missing reference to images/quad-lzw-compat.tifferouault2017-08-282-2/+4
| | | | to fix "make distcheck". Patch by Roger Leigh
* * libtiff/tif_dirwrite.c: replace assertion to tag value not fittingerouault2017-08-232-3/+18
| | | | | | | | | | on uint32 when selecting the value of SubIFD tag by runtime check (in TIFFWriteDirectoryTagSubifd()). Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2728 Reported by team OWL337 SubIFD tag by runtime check (in TIFFWriteDirectorySec())
* * libtiff/tif_dirwrite.c: replace assertion related to not finding theerouault2017-08-232-2/+14
| | | | | | SubIFD tag by runtime check. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2727 Reported by team OWL337
* * libtiff/tif_luv.c: further reduce memory requirements for temporaryerouault2017-07-242-3/+11
| | | | | | | buffer when RowsPerStrip >= image_length in LogLuvInitState() and LogL16InitState(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2700 Credit to OSS Fuzz
* * libtiff/tif_getimage.c: fix fromskew computation when to-be-skippederouault2017-07-242-8/+20
| | | | | | | | | | | pixel number is not a multiple of the horizontal subsampling, and also in some other cases. Impact putcontig8bitYCbCr44tile, putcontig8bitYCbCr42tile, putcontig8bitYCbCr41tile, putcontig8bitYCbCr21tile and putcontig8bitYCbCr12tile Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2637 (discovered by Agostino Sarubbo) and https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2691 (credit to OSS Fuzz)
* * libtiff/tif_getimage.c: gtTileContig() and gtTileSeparate():erouault2017-07-242-3/+9
| | | | | properly break from loops on error when stoponerr is set, instead of going on iterating on row based loop.
* * libtiff/tif_luv.c: LogLuvInitState(): avoid excessive memoryerouault2017-07-182-2/+11
| | | | | | allocation when RowsPerStrip tag is missing. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2683 Credit to OSS-Fuzz
* Fix warning with x86_64-w64-mingw32-g++erouault2017-07-151-2/+2
|
* Fix signed vs unsigned comparison warning on Windowserouault2017-07-151-2/+2
|
* * libtiff/tif_read.c: add protection against excessive memoryerouault2017-07-152-6/+93
| | | | | | | allocation attempts in TIFFReadDirEntryArray() on short files. Effective for mmap'ed case. And non-mmap'ed case, but restricted to 64bit builds. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2675
* * libtiff/tif_read.c: in TIFFFetchStripThing(), only grow theerouault2017-07-152-1/+30
| | | | | | | | | | | arrays that hold StripOffsets/StripByteCounts, when they are smaller than the expected number of striles, up to 1 million striles, and error out beyond. Can be tweaked by setting the environment variable LIBTIFF_STRILE_ARRAY_MAX_RESIZE_COUNT. This partially goes against a change added on 2002-12-17 to accept those arrays of wrong sizes, but is needed to avoid denial of services. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2350 Credit to OSS Fuzz
* * libtiff/tif_read.c: TIFFFillStrip() / TIFFFillTile().erouault2017-07-152-35/+49
| | | | | | Complementary fix for http://bugzilla.maptools.org/show_bug.cgi?id=2708 in the isMapped() case, so as to avoid excessive memory allocation when we need a temporary buffer but the file is truncated.
* * tools/tiff2pdf.c: prevent heap buffer overflow write in "Raw"erouault2017-07-152-2/+14
| | | | | | mode on PlanarConfig=Contig input images. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2715 Reported by team OWL337
* * libtiff/tif_dir.c: avoid potential null pointer dereference inerouault2017-07-112-1/+9
| | | | | _TIFFVGetField() on corrupted TIFFTAG_NUMBEROFINKS tag instance. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2713
* * libtiff/tif_lzw.c: fix potential out-of-buffer read on 1-byte LZWerouault2017-07-112-2/+11
| | | | | | | strips. Crashing issue only on memory mapped files, where the strip offset is the last byte of the file, and the file size is a multiple of one page size on the CPU architecture (typically 4096). Credit to myself :-)
* * test/tiffcp-lzw-compat.sh, test/images/quad-lzw-compat.tiff: new fileserouault2017-07-117-25/+30
| | | | | to test old-style LZW decompression * test/common.sh, Makefile.am, CMakeList.txt: updated with above
* * refresh autoconf/make stuff with what is on Ubuntu 16.04 (minor changes)erouault2017-07-1125-160/+177
|
* * libtiff/tif_lzw.c: fix 4.0.8 regression in the decoding of old-style LZWerouault2017-07-112-1/+10
| | | | compressed files.
* * libtiff/tif_pixarlog.c: avoid excessive memory allocation on decodingerouault2017-07-102-2/+14
| | | | | | when RowsPerStrip tag is not defined (and thus td_rowsperstrip == UINT_MAX) Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2554 Credit to OSS Fuzz
* Commit files that should have gone with previous commiterouault2017-07-043-28/+122
|
* * libtiff/tif_read.c, tiffiop.h: add a _TIFFReadEncodedTileAndAllocBuffer()erouault2017-07-041-0/+11
| | | | | | | | | | and _TIFFReadTileAndAllocBuffer() variants of TIFFReadEncodedTile() and TIFFReadTile() that allocates the decoded buffer only after a first successful TIFFFillTile(). This avoids excessive memory allocation on corrupted files. * libtiff/tif_getimage.c: use _TIFFReadTileAndAllocBuffer(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2470 Credit to OSS Fuzz.
* * libtiff/tif_error.c, tif_warning.c: correctly use va_list when botherouault2017-07-043-18/+40
| | | | | an old-style and new-style warning/error handlers are installed. Patch by Paavo Helde (sent on the mailing list)
* * libtiff/tif_read.c: TIFFStartTile(): set tif_rawcc toerouault2017-07-022-2/+15
| | | | | | | | | tif_rawdataloaded when it is set. Similarly to TIFFStartStrip(). This issue was revealed by the change of 2017-06-30 in TIFFFileTile(), limiting the number of bytes read. But it could probably have been hit too in CHUNKY_STRIP_READ_SUPPORT mode previously ? Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2454 Credit to OSS Fuzz
* * man: update documentation regarding SubIFD tag anderouault2017-06-304-6/+13
| | | | | | TIFFSetSubDirectory() data type. Patch by Eric Piel Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2671
* Fix module names in error messageerouault2017-06-301-4/+4
|
* * libtiff/tif_dirwrite.c: in TIFFWriteDirectoryTagCheckedXXXX()erouault2017-06-302-5/+25
| | | | | | | functions associated with LONG8/SLONG8 data type, replace assertion that the file is BigTIFF, by a non-fatal error. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2712 Reported by team OWL337
* * libtiff/tif_read.c, tiffiop.h: add a _TIFFReadEncodedStripAndAllocBuffer()erouault2017-06-304-38/+121
| | | | | | | | | | function, variant of TIFFReadEncodedStrip() that allocates the decoded buffer only after a first successful TIFFFillStrip(). This avoids excessive memory allocation on corrupted files. * libtiff/tif_getimage.c: use _TIFFReadEncodedStripAndAllocBuffer(). Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2708 and https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2433 . Credit to OSS Fuzz
* * libtiff/tif_read.c: TIFFFillTile(): add limitation to the numbererouault2017-06-302-1/+41
| | | | | | of bytes read in case td_stripbytecount[strip] is bigger than reasonable, so as to avoid excessive memory allocation (similarly to what was done for TIFFFileStrip() on 2017-05-10)
* * libtiff/tiffiop.h, libtiff/tif_jpeg.c, libtiff/tif_jpeg_12.c,erouault2017-06-295-15/+88
| | | | | | | | libtiff/tif_read.c: make TIFFReadScanline() works in CHUNKY_STRIP_READ_SUPPORT mode with JPEG stream with multiple scans. Also make configurable through a LIBTIFF_JPEG_MAX_ALLOWED_SCAN_NUMBER environment variable the maximum number of scans allowed. Defaults to 100.
* * libtiff/tif_dirread.c: in TIFFReadDirEntryFloat(), check that aerouault2017-06-272-1/+8
| | | | double value can fit in a float before casting. Patch by Nicolas RUFF
* * libtiff/tif_jbig.c: fix memory leak in error code path of JBIGDecode()erouault2017-06-262-2/+9
| | | | | | | Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2706 Reported by team OWL337 * libtiff/tif_jpeg.c: error out at decoding time if anticipated libjpeg
View Lorry Controller Status