cheng/libtiff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,019 Commits 1 Branch 0 Tags 11 MiB
40c6649483
Commit Graph

3019 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Even Rouault
a71b62bcff * libtiff/tif_pixarlog.c: Fix write buffer overflow in PixarLogEncode 
if more input samples are provided than expected by PixarLogSetupEncode.
Idea based on libtiff-CVE-2016-3990.patch from
libtiff-4.0.3-25.el7_2.src.rpm by Nikola Forro, but with different and
simpler check. (bugzilla #2544)


invalid tests that rejected valid files. (bugzilla #2545)
 2016-08-15 20:49:48 +00:00
Even Rouault
01bac25a5a * tools/tiff2rgba.c: Fix integer overflow in size of allocated 
buffer, when -b mode is enabled, that could result in out-of-bounds
write. Based initially on patch tiff-CVE-2016-3945.patch from
libtiff-4.0.3-25.el7_2.src.rpm by Nikola Forro, with correction for
invalid tests that rejected valid files.
 2016-08-15 20:06:40 +00:00
Even Rouault
e54eac223b (CVE-2016-5321 / CVE-2016-5323 , bugzilla #2558 / #2559) 2016-07-11 21:38:31 +00:00
Even Rouault
a1277756ad * tools/tiffcrop.c: Avoid access outside of stack allocated array 
on a tiled separate TIFF with more than 8 samples per pixel.
Reported by Kaixiang Zhang of the Cloud Security Team, Qihoo 360
(CVE-2016-5321, bugzilla #2558)
 2016-07-11 21:26:03 +00:00
Even Rouault
febda236ac * libtiff/tif_read.c: Fix out-of-bounds read on 
memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1()
when stripoffset is beyond tmsize_t max value (reported by
Mathias Svensson)
 2016-07-10 18:00:20 +00:00
Even Rouault
a0faaf8910 Fix build failure due to previous commit 2016-07-10 16:56:18 +00:00
Even Rouault
292c431e5d * tools/tiffdump.c: fix a few misaligned 64-bit reads warned 
by -fsanitize
 2016-07-10 15:34:06 +00:00
Even Rouault
234b8543a8 Fix typo in CVE number for CVE-2016-5875 2016-07-10 10:15:07 +00:00
Even Rouault
b46aa51809 * libtiff/tif_read.c: make TIFFReadEncodedStrip() and 
TIFFReadEncodedTile() directly use user provided buffer when
no compression (and other conditions) to save a memcpy().

* libtiff/tif_write.c: make TIFFWriteEncodedStrip() and
TIFFWriteEncodedTile() directly use user provided buffer when
no compression to save a memcpy().
 2016-07-03 16:02:17 +00:00
Even Rouault
33c391eff4 * libtiff/tif_luv.c: validate that for COMPRESSION_SGILOG and 
PHOTOMETRIC_LOGL, there is only one sample per pixel. Avoid
potential invalid memory write on corrupted/unexpected images when
using the TIFFRGBAImageBegin() interface (reported by
Clay Wood)

(CVE-2016-587)
 2016-07-01 11:06:04 +00:00
Even Rouault
f8b7c3de4d Fix warning about unsigned vs signed comparison 2016-06-28 15:37:33 +00:00
Even Rouault
bf5b698868 * libtiff/tif_pixarlog.c: fix potential buffer write overrun in 
PixarLogDecode() on corrupted/unexpected images (reported by Mathias Svensson)
 2016-06-28 15:12:19 +00:00
Bob Friesenhahn
c0eb1847f4 * libtiff/libtiff.def: Added _TIFFMultiply32 and _TIFFMultiply64 
to libtiff.def
 2016-06-15 13:28:11 +00:00
Bob Friesenhahn
30366c9f22 * tools/Makefile.am: The libtiff tools bmp2tiff, gif2tiff, 
ras2tiff, sgi2tiff, sgisv, and ycbcr are completely removed from
the distribution.  The libtiff tools rgb2ycbcr and thumbnail are
only built in the build tree for testing.  Old files are put in
new 'archive' subdirectory of the source repository, but not in
distribution archives.  These changes are made in order to lessen
the maintenance burden.
 2016-06-05 19:53:59 +00:00
Bob Friesenhahn
01c8ca66b3 * libtiff/tif_config.vc.h (HAVE_SNPRINTF): Add a '1' to the 
HAVE_SNPRINTF definition.'
 2016-05-10 13:04:48 +00:00
Bob Friesenhahn
d7aa10673b * libtiff/tif_config.vc.h (HAVE_SNPRINTF): Applied patch by Edward 
Lam to define HAVE_SNPRINTF for Visual Studio 2015.
 2016-05-10 01:01:09 +00:00
Even Rouault
958d9b5a8d * libtiff/tif_dirread.c: when compiled with DEFER_STRILE_LOAD, 
fix regression, introduced on 2014-12-23, when reading a one-strip
file without a StripByteCounts tag. GDAL #6490
 2016-04-27 11:38:00 +00:00
Bob Friesenhahn
c7ff695d1b * html/bugs.html: Replace Andrey Kiselev with Bob Friesenhahn for 
purposes of security issue reporting.
 2016-04-08 02:34:00 +00:00
Even Rouault
caf986e723 * libtiff/*: upstream typo fixes (mostly contributed by Kurt Schwehr) 
coming from GDAL internal libtiff
 2016-01-23 21:20:34 +00:00
Even Rouault
eb52becbb9 * libtiff/tif_fax3.h: make Param member of TIFFFaxTabEnt structure 
a uint16 to reduce size of the binary.
 2016-01-09 22:19:21 +00:00
Even Rouault
2794a67c27 * libtiff/tif_read.c, tif_dirread.c: fix indentation issues raised 
by GCC 6 -Wmisleading-indentation
 2016-01-03 10:01:25 +00:00
Even Rouault
62382d0653 * libtiff/tif_pixarlog.c: avoid zlib error messages to pass a NULL 
string to %s formatter, which is undefined behaviour in sprintf().
 2015-12-27 20:14:11 +00:00
Even Rouault
7dfc35c299 Fix MSVC breakage in previous commit 2015-12-27 17:14:52 +00:00
Even Rouault
a1506aa413 * libtiff/tif_next.c: fix potential out-of-bound write in NeXTDecode() 
triggered by http://lcamtuf.coredump.cx/afl/vulns/libtiff5.tif
(bugzilla #2508)
 2015-12-27 16:55:20 +00:00
Even Rouault
13963114dd * libtiff/tif_luv.c: fix potential out-of-bound writes in decode 
functions in non debug builds by replacing assert()s by regular if
checks (bugzilla #2522).
Fix potential out-of-bound reads in case of short input data.
 2015-12-27 16:25:11 +00:00
Even Rouault
b7cc3e5902 * libtiff/tif_getimage.c: fix out-of-bound reads in TIFFRGBAImage 
interface in case of unsupported values of SamplesPerPixel/ExtraSamples
for LogLUV / CIELab. Add explicit call to TIFFRGBAImageOK() in
TIFFRGBAImageBegin(). Fix CVE-2015-8665 reported by limingxing and
CVE-2015-8683 reported by zzf of Alibaba.
 2015-12-26 17:32:03 +00:00
Even Rouault
212816f6e4 * libtiff/tif_dirread.c: workaround false positive warning of Clang Static 
Analyzer about null pointer dereference in TIFFCheckDirOffset().
 2015-12-20 23:18:51 +00:00
Even Rouault
a292bc2d27 * libtiff/tif_fax3.c: remove dead assignment in Fax3PutEOLgdal(). Found 
by Clang Static Analyzer
 2015-12-19 21:50:51 +00:00
Even Rouault
22ee4bcd8d offsets on a even offset (affects BigTIFF). This was a regression of the 
changeset of 2015-10-19.
 2015-12-18 14:08:11 +00:00
Even Rouault
56ae8c1ee3 * libtiff/tif_dirwrite.c: fix truncation to 32 bit of file offsets in 
TIFFLinkDirectory() and TIFFWriteDirectorySec() when aligning directory
offsets on a even offset (affects BigTIFF)
 2015-12-18 11:11:00 +00:00
Even Rouault
845ee2f85b * libtiff/tif_write.c: TIFFWriteEncodedStrip() and TIFFWriteEncodedTile() 
should return -1 in case of failure of tif_encodestrip() as documented
* libtiff/tif_dumpmode.c: DumpModeEncode() should return 0 in case of
failure so that the above mentionned functions detect the error.
 2015-12-12 18:04:26 +00:00
Even Rouault
b452d9b91c * libtiff/uvcode.h: const'ify uv_code array 2015-12-07 00:12:33 +00:00
Even Rouault
5b64b34dc9 * libtiff/tif_dirinfo.c: const'ify tiffFields, exifFields, 
tiffFieldArray and exifFieldArray arrays
 2015-12-06 23:51:44 +00:00
Even Rouault
fdda780a4b * libtiff/tif_print.c: constify photoNames and orientNames arrays 2015-12-06 22:19:56 +00:00
Even Rouault
e4df80bf75 * libtiff/tif_close.c, libtiff/tif_extension.c : rename link 
variable to avoid -Wshadow warnings
 2015-12-06 11:13:43 +00:00
Even Rouault
142a8a8d4e * libtiff/tif_close.c: rename variable to avoid -Wshadow warning 2015-12-06 10:51:14 +00:00
Even Rouault
f238db387f * libtiff/*.c: fix typos in comments (patch by Kurt Schwehr) 2015-11-22 22:37:27 +00:00
Even Rouault
3ba1a57e00 tif_ojpec.c: modify previous change to be compatible with all MSVC versions 2015-11-22 16:40:43 +00:00
Even Rouault
1c9ef8f17c * libtiff/*.c: fix MSVC warnings related to cast shortening and 
assignment within conditional expression
 2015-11-22 15:31:03 +00:00
Even Rouault
87f02eaced * libtiff/*.c: fix clang -Wshorten-64-to-32 warnings 2015-11-18 20:35:07 +00:00
Even Rouault
7cf3e7efeb * libtiff/tif_dirread.c: initialize double* data at line 3693 to NULL 
to please MSVC 2013
 2015-11-18 18:26:03 +00:00
Even Rouault
1dacfe503f Fix previous commit 2015-11-17 16:21:02 +00:00
Even Rouault
1784d0edf7 * libtiff/tif_dirread.c: prevent reading ColorMap or TransferFunction 
if BitsPerPixel > 24, so as to avoid huge memory allocation and file
read attempts
 2015-11-17 12:17:31 +00:00
Even Rouault
d91cba049c * libtiff/tif_dirread.c: remove duplicated assignment (reported by 
Clang static analyzer)
 2015-11-02 09:52:08 +00:00
Even Rouault
1874d4e8c8 * libtiff/tif_dir.c, libtiff/tif_dirinfo.c, libtiff/tif_compress.c, 
libtiff/tif_jpeg_12.c: suppress warnings about 'no previous
declaration/prototype'
 2015-10-28 19:10:20 +00:00
Even Rouault
aefadd720c * libtiff/tiffiop.h, libtiff/tif_dirwrite.c: suffix constants by U to fix 
'warning: negative integer implicitly converted to unsigned type' warning
(part of -Wconversion)
 2015-10-19 12:04:23 +00:00
Even Rouault
ecc78ef4c1 * libtiff/tif_dir.c, libtiff/tif_dirread.c, libtiff/tif_getimage.c, 
libtiff/tif_print.c: fix -Wshadow warnings (only in libtiff/)
 2015-10-17 10:13:14 +00:00
Bob Friesenhahn
5612707c08 Fix failure to update libtiff version in AC_INIT. 2015-09-12 19:50:39 +00:00
Bob Friesenhahn
20dc498028 * libtiff 4.0.6 released. 2015-09-12 19:46:23 +00:00
Bob Friesenhahn
e2f860d2f4 * html/v4.0.6.html: Added release notes for 4.0.6. 2015-09-12 19:29:47 +00:00