Even Rouault
0356ea76ba
OJPEG: fix broken sanity check added in 4.1.0, and add two OJPEG test files
2019-11-11 23:07:57 +01:00
Even Rouault
f417f056c5
test/: add missing generated .sh files
2019-11-11 23:01:03 +01:00
Even Rouault
d0a8a3262c
Merge branch 'fix-missing-checks-TIFFGetField-tiffcrop' into 'master'
...
adds missing checks on TIFFGetField in tiffcrop tool
Closes #170
See merge request libtiff/libtiff!96
2019-11-04 21:14:38 +00:00
Bug Checkers
47656ccb3f
adds missing checks on TIFFGetField in tiffcrop tool ( fixes #170 )
2019-11-04 21:14:38 +00:00
Even Rouault
91d4a30dbc
Merge branch 'adds-missing-TIFFClose-rgb2ycbcr' into 'master'
...
adds a missing TIFFClose in rgb2ycbcr tool
See merge request libtiff/libtiff!95
2019-11-04 20:04:20 +00:00
Mansour Ahmadi
f2f1289601
adds a missing TIFFClose in rgb2ycbcr tool
2019-11-04 14:48:13 -05:00
Bob Friesenhahn
e0d707dc15
libtiff 4.1.0 released
2019-11-03 14:15:37 -06:00
Bob Friesenhahn
9700cdfa77
ChangeLog updated with latest git commits.
2019-11-03 14:00:24 -06:00
Bob Friesenhahn
0cbdf1f903
Added a step for updating the legacy ChangeLog file.
2019-11-03 13:48:37 -06:00
Bob Friesenhahn
73975cbcb2
Ignore emacs temporary files (ending with tilde character).
2019-11-03 13:47:08 -06:00
Bob Friesenhahn
014441b770
Added release summary page for the 4.1.0 release.
2019-11-03 13:31:26 -06:00
Bob Friesenhahn
f18e1a2db5
Fix Cmake HAVE_GETOPT for systems which declare getopt in stdio.h.
...
Fix utility baked-in getopt prototype which appears when HAVE_GETOPT is not defined.
2019-11-03 11:21:26 -06:00
Bob Friesenhahn
aeb87392ad
Fax2tiff.sh needs to remove its output file in advance. Syntax changes so that bash is not required.
2019-11-03 09:55:14 -06:00
Even Rouault
0219b01b54
tif_jpeg.c: extra cast to silence Coverity warning. GDAL CID 1406475
2019-10-26 22:45:36 +02:00
Even Rouault
8bf7b73703
tif_jpeg.c: fix warning added by previous commit (on 32bit builds)
2019-10-23 16:54:38 +02:00
Even Rouault
dc3eab1cdf
Merge branch 'coverity-fixes' into 'master'
...
Coverity fixes
See merge request libtiff/libtiff!94
2019-10-23 13:20:38 +00:00
Timothy Lyanguzov
2105b48383
Use 64-bit calculations correctly
2019-10-23 11:43:43 +13:00
Timothy Lyanguzov
aa05cb1181
Fix size calculation to use 64-bit tmsize_t correctly
2019-10-23 11:20:34 +13:00
Timothy Lyanguzov
ec6f7c572d
Make bytesperclumpline calculations using tmsize_t type
2019-10-23 10:40:50 +13:00
Even Rouault
43b0c984f0
tif_read: align code of TIFFReadRawStrip() and TIFFReadRawTile() that differed for non good reason. Non-functional change normally. (fixes GitLab #162 )
2019-10-03 21:14:44 +02:00
Even Rouault
fb5fbc320b
HTML: update for GitLab issues
2019-10-01 21:27:46 +02:00
Even Rouault
19f6b70d63
html/v3.5.6-beta.html: redact URL of defunct web site
2019-09-29 18:20:11 +02:00
Even Rouault
4d8cc50973
Website: update links to mailing list
2019-09-29 18:14:38 +02:00
Even Rouault
e86d43caee
TIFFReadAndRealloc(): avoid too large memory allocation attempts. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17244
2019-09-18 01:21:17 +02:00
Even Rouault
3519ab6c7f
ByteCountLooksBad and EstimateStripByteCounts: avoid unsigned integer overflows. Fixes https://oss-fuzz.com/testcase-detail/5686156066291712 and https://oss-fuzz.com/testcase-detail/6332499206078464
2019-09-03 20:15:41 +02:00
Even Rouault
6de57f7e0f
tif_ojpeg.c: avoid relying on isTiled macro being wrapped in ()
2019-09-02 16:22:10 +02:00
Even Rouault
7475a28508
tif_ojpeg.c: avoid use of uninitialized memory on edge/broken file. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16844
2019-09-02 16:21:02 +02:00
Even Rouault
4b2a343001
tiff_read_rgba_fuzzer.cc: add a -DSTANDALONE mode for easier reproduction of oss-fuzz reports
2019-09-02 15:33:46 +02:00
Even Rouault
760ecced1e
tif_dirread.c: allocChoppedUpStripArrays(). avoid unsigned integer overflow. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16846
2019-09-01 15:57:17 +02:00
Even Rouault
c22f319eb4
tif_ojpeg.c: avoid unsigned integer overflow. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16793
2019-08-27 10:58:21 +02:00
Even Rouault
9034afb440
TIFFReadDirEntryData(): rewrite to avoid unsigned integer overflow (not a bug). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16792
2019-08-27 00:02:29 +02:00
Even Rouault
244dfb46af
TIFFFetchDirectory(): fix invalid cast from uint64 to tmsize_t. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16784
2019-08-26 18:57:29 +02:00
Even Rouault
1a4efdd151
JPEG: avoid use of unintialized memory on corrupted files
...
Follow-up of cf3ce6fab8
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16602
Credit to OSS Fuzz
2019-08-25 14:54:26 +02:00
Even Rouault
804f40f3bf
_TIFFPartialReadStripArray(): avoid unsigned integer overflow. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16685
2019-08-24 00:37:17 +02:00
Even Rouault
7db298e3a8
OJPEGWriteHeaderInfo(): avoid unsigned integer overflow on strile dimensions close to UINT32_MAX. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16683
2019-08-23 23:03:15 +02:00
Even Rouault
67f7561e70
TIFFFillStrip(): avoid harmless unsigned integer overflow. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16653
2019-08-23 14:54:26 +02:00
Even Rouault
ea271d7434
EstimateStripByteCounts(): avoid unsigned integer overflow. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16643&
2019-08-23 13:03:44 +02:00
Even Rouault
5f6349d3f8
tif_ojpeg: avoid unsigned integer overflow (probably not a bug). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16635
2019-08-23 12:38:46 +02:00
Even Rouault
c9edebfdb0
tif_thunder: avoid unsigned integer overflow (not a bug). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16632
2019-08-23 12:28:25 +02:00
Even Rouault
f277541bd8
_TIFFMultiply32() / _TIFFMultiply64(): avoid relying on unsigned integer overflow (not a bug)
2019-08-22 13:02:07 +02:00
Even Rouault
c8f268ef1b
EstimateStripByteCounts(): avoid unsigned integer overflow
2019-08-22 10:19:44 +02:00
Even Rouault
761d50e34d
EstimateStripByteCounts(): avoid unsigned integer overflow
2019-08-21 17:59:15 +02:00
Even Rouault
324aa65c0d
EstimateStripByteCounts(): avoid harmless unsigned integer overflow
2019-08-20 18:09:46 +02:00
Even Rouault
dd50fedc2f
_TIFFPartialReadStripArray(): avoid triggering unsigned integer overflow with -fsanitize=unsigned-integer-overflow (not a bug, this is well defined by itself)
2019-08-20 15:29:06 +02:00
Even Rouault
b04da30e11
tiff2ps: fix use of wrong data type that caused issues (/Height being written as 0) on 64-bit big endian platforms
2019-08-18 10:52:45 +02:00
Even Rouault
1a11c9df6e
setByteArray(): fix previous commit
2019-08-16 19:59:18 +02:00
Even Rouault
1302ffb350
setByteArray(): avoid potential signed integer overflow. Pointed by Hendra Gunadi. No actual problem known (which does not mean there wouldn't be any. Particularly on 32bit builds)
2019-08-16 19:47:42 +02:00
Even Rouault
4bb584a35f
RGBA interface: fix integer overflow potentially causing write heap buffer overflow, especially on 32 bit builds. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443 . Credit to OSS Fuzz
2019-08-15 15:05:28 +02:00
Even Rouault
2218055ca6
Merge branch 'fix_integer_overflow' into 'master'
...
Fix integer overflow in _TIFFCheckMalloc() and other implementation-defined behaviour (CVE-2019-14973)
See merge request libtiff/libtiff!90
2019-08-14 09:47:58 +00:00
Even Rouault
1b5e3b6a23
Fix integer overflow in _TIFFCheckMalloc() and other implementation-defined behaviour (CVE-2019-14973)
...
_TIFFCheckMalloc()/_TIFFCheckRealloc() used a unsafe way to detect overflow
in the multiplication of nmemb and elem_size (which are of type tmsize_t, thus
signed), which was especially easily triggered on 32-bit builds (with recent
enough compilers that assume that signed multiplication cannot overflow, since
this is undefined behaviour by the C standard). The original issue which lead to
this fix was trigged from tif_fax3.c
There were also unsafe (implementation defied), and broken in practice on 64bit
builds, ways of checking that a uint64 fits of a (signed) tmsize_t by doing
(uint64)(tmsize_t)uint64_var != uint64_var comparisons. Those have no known
at that time exploits, but are better to fix in a more bullet-proof way.
Or similarly use of (int64)uint64_var <= 0.
2019-08-13 10:40:08 +02:00