Commit Graph

3221 Commits

Author SHA1 Message Date
Even Rouault
28f67ba4bd Merge branch 'size_t_typo' into 'master'
CMakeLists.txt: fix TIFF_SIZE_T

See merge request libtiff/libtiff!59
2019-02-19 13:56:12 +00:00
Thomas Bernard
8420a31e8c
move _TIFFClampDoubleToFloat() to tif_aux.c
the same function was declared in tif_dir.c and tif_dirwrite.c

see http://bugzilla.maptools.org/show_bug.cgi?id=2842
2019-02-12 16:04:28 +01:00
Thomas Bernard
9cfa5c4691 tiffcrop.c: fix invertImage() for bps 2 and 4
too much bytes were processed, causing a heap buffer overrun
    http://bugzilla.maptools.org/show_bug.cgi?id=2831
the loop counter must be
    for (col = 0; col < width; col += 8 / bps)

Also the values were not properly calculated. It should be
255-x, 15-x, 3-x for bps 8, 4, 2.

But anyway it is easyer to invert all bits as 255-x = ~x, etc.
(substracting from a binary number composed of all 1 is like inverting
the bits)
2019-02-11 23:08:25 +01:00
Thomas Bernard
7cc76e9bc4 tiffcp.c: use INT_MAX 2019-02-11 21:42:03 +01:00
Thomas Bernard
2b0d0e6997 check that (Tile Width)*(Samples/Pixel) do no overflow
fixes bug 2833
2019-02-11 10:05:33 +01:00
Thomas Bernard
2201714e88
CMakeLists.txt: fix TIFF_SIZE_T 2019-02-03 14:13:54 +01:00
Even Rouault
ae0bed1fe5 Merge branch 'master' into 'master'
Fix for simple memory leak that was assigned CVE-2019-6128.

See merge request libtiff/libtiff!50
2019-02-02 14:46:05 +00:00
Even Rouault
933784a10a Merge branch 'bug2835' into 'master'
tiff2ps: fix heap-buffer-overflow

See merge request libtiff/libtiff!53
2019-02-02 14:32:58 +00:00
Even Rouault
38ede78b13
Fix warning (use of uninitialized value) added per d0a842c5db (fixes https://gitlab.com/libtiff/libtiff/merge_requests/54#note_137742985) 2019-02-02 15:30:14 +01:00
Yuri Aksenov
88b410f800
fix fax2tiff
see http://bugzilla.maptools.org/show_bug.cgi?id=2799
fixes d9bc8472e7
2019-02-02 15:14:54 +01:00
Even Rouault
cee7c07789 Merge branch 'tiffcrop' into 'master'
tiffcrop: shut up clang warnings

See merge request libtiff/libtiff!52
2019-02-02 12:11:01 +00:00
Even Rouault
329433af90 Merge branch 'bug2833' into 'master'
TIFFWriteDirectoryTagTransferfunction() : fix NULL dereferencing

See merge request libtiff/libtiff!54
2019-02-01 20:31:04 +00:00
Even Rouault
8d966dfbe2 Merge branch 'gitignore' into 'master'
add test/ files to .gitignore

See merge request libtiff/libtiff!56
2019-02-01 20:28:46 +00:00
Even Rouault
1edeee44c8 Merge branch 'master' into 'master'
tif_dir: unset transferfunction field if necessary (CVE-2018-19210)

See merge request libtiff/libtiff!47
2019-02-01 20:21:02 +00:00
Thomas Bernard
578f3f4600
add test/ files to .gitignore 2019-01-29 16:37:09 +01:00
Thomas Bernard
802d3cbf30
TIFFWriteDirectoryTagTransferfunction() : fix NULL dereferencing
http://bugzilla.maptools.org/show_bug.cgi?id=2833

we must check the pointer is not NULL before memcmp() the memory
2019-01-29 11:21:47 +01:00
Thomas Bernard
309bfd7f61
tiff2ps: fix heap-buffer-overflow
http://bugzilla.maptools.org/show_bug.cgi?id=2834

usually the test (i < byte_count) is OK because the byte_count is divisible by samplesperpixel.
But if that is not the case, (i + ncomps) < byte_count should be used, or
maybe (i + samplesperpixel) <= byte_count
2019-01-29 10:47:14 +01:00
Thomas Bernard
5c222ec96c
tiffcrop: shut up clang warnings
make the out filename building a bit more simple
and remove the use of strcat()
2019-01-28 16:10:28 +01:00
Scott Gayou
0c74a9f49b Fix for simple memory leak that was assigned CVE-2019-6128.
pal2rgb failed to free memory on a few errors. This was reported
here: http://bugzilla.maptools.org/show_bug.cgi?id=2836.
2019-01-23 15:09:59 -05:00
Bob Friesenhahn
a0e273fdca Fix tiff2ps error regarding "Inconsistent value of es" by allowing es to be zero.
Problem was reported to the tiff mailing list by Julian H. Stacey on January 5, 2019.
2019-01-05 13:56:09 -06:00
Hugo Lefeuvre
d0a842c5db tif_dir: unset transferfunction field if necessary
The number of entries in the transfer table is determined as following:

(td->td_samplesperpixel - td->td_extrasamples) > 1 ? 3 : 1

This means that whenever td->td_samplesperpixel or td->td_extrasamples are
modified we also need to make sure that the number of required entries in
the transfer table didn't change.

If it changed and the number of entries is higher than before we should
invalidate the transfer table field and free previously allocated values.
In the other case there's nothing to do, additional tf entries won't harm
and properly written code will just ignore them since spp - es < 1.

For instance this situation might happen when reading an OJPEG compressed
image with missing SamplesPerPixel tag. In this case the SamplesPerPixel
field might be updated after setting the transfer table.

see http://bugzilla.maptools.org/show_bug.cgi?id=2500

This commit addresses CVE-2018-19210.
2018-12-14 06:19:04 +01:00
Bob Friesenhahn
56a1976e92 Do not attempt to re-sync zip stream after reported data error from inflate(). 2018-12-08 15:36:14 -06:00
Even Rouault
ae0325a1ab Merge branch 'resource-leaks' into 'master'
Fix two resource leaks

See merge request libtiff/libtiff!43
2018-12-07 20:58:13 +00:00
Even Rouault
15d01b63a9 Merge branch 'build-jbig' into 'master'
add jbig support to the fuzzer

See merge request libtiff/libtiff!42
2018-12-07 20:56:22 +00:00
Bob Friesenhahn
d6f7cf744c tiffcrop.c: Avoid new clang warning about tools/tiffcrop.c "size argument in 'strncat' call appears to be size of the source". 2018-12-01 09:16:10 -06:00
Even Rouault
5bcf0cb3c1 Merge branch 'webp_memleak' into 'master'
fixed mem leak in webp compression

See merge request libtiff/libtiff!48
2018-11-28 21:54:25 +00:00
Norman Barker
9323b7b139 fixed mem leak in webp compression 2018-11-28 15:45:39 -06:00
Even Rouault
4e3faaf6f5 Merge branch 'lossless_webp' into 'master'
fixed lossless webp compression config

See merge request libtiff/libtiff!46
2018-11-20 19:32:10 +00:00
Norman Barker
c7774df9a7 fixed lossless webp compression config 2018-11-20 11:54:01 -06:00
Bob Friesenhahn
6b7fc9f116 snprintf porting fix for Visual Studio 2003 2018-11-18 20:25:17 -06:00
Roger Leigh
8addf2c1f7 ci: Add pages job 2018-11-18 10:37:37 +00:00
Bob Friesenhahn
2f79874c30 Change references from defunct ftp site to https site. 2018-11-10 14:38:21 -06:00
Bob Friesenhahn
64b6f939bf Change download URL from ftp to https protocol. 2018-11-10 13:46:14 -06:00
Bob Friesenhahn
6c3e4801bd HOWTO-RELEASE: Add GPG release file signing procedure. 2018-11-10 13:43:05 -06:00
Bob Friesenhahn
b8eac98dd0 libtiff 4.0.10 released. 2018-11-10 09:33:11 -06:00
Bob Friesenhahn
126a949736 Change COMPRESSION_ZSTD to 50000 and COMPRESSION_WEBP to 50001. 2018-11-10 08:58:18 -06:00
Bob Friesenhahn
779e54ca32 Added preliminary release notes for release 4.0.10 2018-11-04 14:14:25 -06:00
Bob Friesenhahn
2480971bba tiff2pdf: Eliminate compiler warning about snprintf output truncation when formatting pdf_datetime. 2018-11-03 13:27:20 -05:00
Olivier Paquet
2d25c90327 Merge branch 'no_tif_platform_console' into 'master'
Remove builtin support for GUI warning and error message boxes

See merge request libtiff/libtiff!24
2018-11-03 16:51:41 +00:00
Bob Friesenhahn
ed624dfe48 tiffcrop.c: Eliminate compiler warning about snprintf output truncation when formatting filenum. 2018-11-03 10:00:11 -05:00
Bob Friesenhahn
d1b5834dfe TWebPVGetField(): Add apparently missing break statement impacting TIFFTAG_WEBP_LOSSLESS. 2018-11-03 09:41:15 -05:00
Bob Friesenhahn
34b5be5a2e Eliminate compiler warnings about duplicate definitions of streq/strneq macros. 2018-11-03 09:35:19 -05:00
Bob Friesenhahn
64ee065f13 Ignore generated files 2018-11-03 09:34:52 -05:00
Bob Friesenhahn
b72c756c43 Remove and ignore files which are a product of autogen.sh 2018-11-03 09:22:11 -05:00
Bob Friesenhahn
90771bcd56 Fix TIFFErrorExt() formatting of size_t type for 32-bit compiles.
o
2018-11-02 07:34:22 -05:00
Nikola Forró
2f694198f1 Fix two resource leaks
Signed-off-by: Nikola Forró <nforro@redhat.com>
2018-10-31 11:50:48 +01:00
Even Rouault
99b10edde9
tiff2bw: avoid null pointer dereference in case of out of memory situation. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2819 / CVE-2018-18661 2018-10-30 18:50:27 +01:00
Even Rouault
67b755b334
tiffio.h: fix comment 2018-10-30 18:49:53 +01:00
Paul Kehrer
2d32b100aa add jbig support to the fuzzer 2018-10-29 11:36:13 +08:00
Even Rouault
7030e8acbc Merge branch 'header2' into 'master'
Fix 725279bd: Standalone tif_predict.h: tiff.h should be tiffiop.h

See merge request libtiff/libtiff!41
2018-10-26 17:55:49 +00:00