Commit Graph

3301 Commits

Author SHA1 Message Date
Even Rouault
0356ea76ba
OJPEG: fix broken sanity check added in 4.1.0, and add two OJPEG test files 2019-11-11 23:07:57 +01:00
Even Rouault
f417f056c5
test/: add missing generated .sh files 2019-11-11 23:01:03 +01:00
Even Rouault
d0a8a3262c Merge branch 'fix-missing-checks-TIFFGetField-tiffcrop' into 'master'
adds missing checks on TIFFGetField in tiffcrop tool

Closes #170

See merge request libtiff/libtiff!96
2019-11-04 21:14:38 +00:00
Bug Checkers
47656ccb3f adds missing checks on TIFFGetField in tiffcrop tool (fixes #170) 2019-11-04 21:14:38 +00:00
Even Rouault
91d4a30dbc Merge branch 'adds-missing-TIFFClose-rgb2ycbcr' into 'master'
adds a missing TIFFClose in rgb2ycbcr tool

See merge request libtiff/libtiff!95
2019-11-04 20:04:20 +00:00
Mansour Ahmadi
f2f1289601 adds a missing TIFFClose in rgb2ycbcr tool 2019-11-04 14:48:13 -05:00
Bob Friesenhahn
e0d707dc15 libtiff 4.1.0 released 2019-11-03 14:15:37 -06:00
Bob Friesenhahn
9700cdfa77 ChangeLog updated with latest git commits. 2019-11-03 14:00:24 -06:00
Bob Friesenhahn
0cbdf1f903 Added a step for updating the legacy ChangeLog file. 2019-11-03 13:48:37 -06:00
Bob Friesenhahn
73975cbcb2 Ignore emacs temporary files (ending with tilde character). 2019-11-03 13:47:08 -06:00
Bob Friesenhahn
014441b770 Added release summary page for the 4.1.0 release. 2019-11-03 13:31:26 -06:00
Bob Friesenhahn
f18e1a2db5 Fix Cmake HAVE_GETOPT for systems which declare getopt in stdio.h.
Fix utility baked-in getopt prototype which appears when HAVE_GETOPT is not defined.
2019-11-03 11:21:26 -06:00
Bob Friesenhahn
aeb87392ad Fax2tiff.sh needs to remove its output file in advance. Syntax changes so that bash is not required. 2019-11-03 09:55:14 -06:00
Even Rouault
0219b01b54
tif_jpeg.c: extra cast to silence Coverity warning. GDAL CID 1406475 2019-10-26 22:45:36 +02:00
Even Rouault
8bf7b73703
tif_jpeg.c: fix warning added by previous commit (on 32bit builds) 2019-10-23 16:54:38 +02:00
Even Rouault
dc3eab1cdf Merge branch 'coverity-fixes' into 'master'
Coverity fixes

See merge request libtiff/libtiff!94
2019-10-23 13:20:38 +00:00
Timothy Lyanguzov
2105b48383 Use 64-bit calculations correctly 2019-10-23 11:43:43 +13:00
Timothy Lyanguzov
aa05cb1181 Fix size calculation to use 64-bit tmsize_t correctly 2019-10-23 11:20:34 +13:00
Timothy Lyanguzov
ec6f7c572d Make bytesperclumpline calculations using tmsize_t type 2019-10-23 10:40:50 +13:00
Even Rouault
43b0c984f0
tif_read: align code of TIFFReadRawStrip() and TIFFReadRawTile() that differed for non good reason. Non-functional change normally. (fixes GitLab #162) 2019-10-03 21:14:44 +02:00
Even Rouault
fb5fbc320b
HTML: update for GitLab issues 2019-10-01 21:27:46 +02:00
Even Rouault
19f6b70d63
html/v3.5.6-beta.html: redact URL of defunct web site 2019-09-29 18:20:11 +02:00
Even Rouault
4d8cc50973
Website: update links to mailing list 2019-09-29 18:14:38 +02:00
Even Rouault
e86d43caee
TIFFReadAndRealloc(): avoid too large memory allocation attempts. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17244 2019-09-18 01:21:17 +02:00
Even Rouault
3519ab6c7f
ByteCountLooksBad and EstimateStripByteCounts: avoid unsigned integer overflows. Fixes https://oss-fuzz.com/testcase-detail/5686156066291712 and https://oss-fuzz.com/testcase-detail/6332499206078464 2019-09-03 20:15:41 +02:00
Even Rouault
6de57f7e0f
tif_ojpeg.c: avoid relying on isTiled macro being wrapped in () 2019-09-02 16:22:10 +02:00
Even Rouault
7475a28508
tif_ojpeg.c: avoid use of uninitialized memory on edge/broken file. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16844 2019-09-02 16:21:02 +02:00
Even Rouault
4b2a343001
tiff_read_rgba_fuzzer.cc: add a -DSTANDALONE mode for easier reproduction of oss-fuzz reports 2019-09-02 15:33:46 +02:00
Even Rouault
760ecced1e
tif_dirread.c: allocChoppedUpStripArrays(). avoid unsigned integer overflow. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16846 2019-09-01 15:57:17 +02:00
Even Rouault
c22f319eb4
tif_ojpeg.c: avoid unsigned integer overflow. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16793 2019-08-27 10:58:21 +02:00
Even Rouault
9034afb440
TIFFReadDirEntryData(): rewrite to avoid unsigned integer overflow (not a bug). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16792 2019-08-27 00:02:29 +02:00
Even Rouault
244dfb46af
TIFFFetchDirectory(): fix invalid cast from uint64 to tmsize_t. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16784 2019-08-26 18:57:29 +02:00
Even Rouault
1a4efdd151
JPEG: avoid use of unintialized memory on corrupted files
Follow-up of cf3ce6fab8
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16602
Credit to OSS Fuzz
2019-08-25 14:54:26 +02:00
Even Rouault
804f40f3bf
_TIFFPartialReadStripArray(): avoid unsigned integer overflow. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16685 2019-08-24 00:37:17 +02:00
Even Rouault
7db298e3a8
OJPEGWriteHeaderInfo(): avoid unsigned integer overflow on strile dimensions close to UINT32_MAX. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16683 2019-08-23 23:03:15 +02:00
Even Rouault
67f7561e70
TIFFFillStrip(): avoid harmless unsigned integer overflow. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16653 2019-08-23 14:54:26 +02:00
Even Rouault
ea271d7434
EstimateStripByteCounts(): avoid unsigned integer overflow. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16643& 2019-08-23 13:03:44 +02:00
Even Rouault
5f6349d3f8
tif_ojpeg: avoid unsigned integer overflow (probably not a bug). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16635 2019-08-23 12:38:46 +02:00
Even Rouault
c9edebfdb0
tif_thunder: avoid unsigned integer overflow (not a bug). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16632 2019-08-23 12:28:25 +02:00
Even Rouault
f277541bd8
_TIFFMultiply32() / _TIFFMultiply64(): avoid relying on unsigned integer overflow (not a bug) 2019-08-22 13:02:07 +02:00
Even Rouault
c8f268ef1b
EstimateStripByteCounts(): avoid unsigned integer overflow 2019-08-22 10:19:44 +02:00
Even Rouault
761d50e34d
EstimateStripByteCounts(): avoid unsigned integer overflow 2019-08-21 17:59:15 +02:00
Even Rouault
324aa65c0d
EstimateStripByteCounts(): avoid harmless unsigned integer overflow 2019-08-20 18:09:46 +02:00
Even Rouault
dd50fedc2f
_TIFFPartialReadStripArray(): avoid triggering unsigned integer overflow with -fsanitize=unsigned-integer-overflow (not a bug, this is well defined by itself) 2019-08-20 15:29:06 +02:00
Even Rouault
b04da30e11
tiff2ps: fix use of wrong data type that caused issues (/Height being written as 0) on 64-bit big endian platforms 2019-08-18 10:52:45 +02:00
Even Rouault
1a11c9df6e
setByteArray(): fix previous commit 2019-08-16 19:59:18 +02:00
Even Rouault
1302ffb350
setByteArray(): avoid potential signed integer overflow. Pointed by Hendra Gunadi. No actual problem known (which does not mean there wouldn't be any. Particularly on 32bit builds) 2019-08-16 19:47:42 +02:00
Even Rouault
4bb584a35f
RGBA interface: fix integer overflow potentially causing write heap buffer overflow, especially on 32 bit builds. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443. Credit to OSS Fuzz 2019-08-15 15:05:28 +02:00
Even Rouault
2218055ca6 Merge branch 'fix_integer_overflow' into 'master'
Fix integer overflow in _TIFFCheckMalloc() and other implementation-defined behaviour (CVE-2019-14973)

See merge request libtiff/libtiff!90
2019-08-14 09:47:58 +00:00
Even Rouault
1b5e3b6a23
Fix integer overflow in _TIFFCheckMalloc() and other implementation-defined behaviour (CVE-2019-14973)
_TIFFCheckMalloc()/_TIFFCheckRealloc() used a unsafe way to detect overflow
in the multiplication of nmemb and elem_size (which are of type tmsize_t, thus
signed), which was especially easily triggered on 32-bit builds (with recent
enough compilers that assume that signed multiplication cannot overflow, since
this is undefined behaviour by the C standard). The original issue which lead to
this fix was trigged from tif_fax3.c

There were also unsafe (implementation defied), and broken in practice on 64bit
builds, ways of checking that a uint64 fits of a (signed) tmsize_t by doing
(uint64)(tmsize_t)uint64_var != uint64_var comparisons. Those have no known
at that time exploits, but are better to fix in a more bullet-proof way.
Or similarly use of (int64)uint64_var <= 0.
2019-08-13 10:40:08 +02:00