Even Rouault
06d6e36187
Merge branch 'division-by-zero' into 'master'
...
tools/tiffcp.c: fix potential division by zero
See merge request libtiff/libtiff!83
2020-02-26 21:37:54 +00:00
Even Rouault
2a4d9b4fab
Merge branch 'bug2839' into 'master'
...
raw2tiff: avoid divide by 0
Closes #151
See merge request libtiff/libtiff!103
2020-02-26 21:22:26 +00:00
Even Rouault
2832b9829f
Merge branch 'bug2669' into 'master'
...
tiff2pdf: palette bound check in t2p_sample_realize_palette()
Closes #82
See merge request libtiff/libtiff!104
2020-02-26 21:21:09 +00:00
Even Rouault
e9a124f52f
Merge branch 'int-shift' into 'master'
...
tiffcrop: fix asan runtime error caused by integer promotion
See merge request libtiff/libtiff!105
2020-02-26 21:20:10 +00:00
Thomas Bernard
bdcf1add10
raw2tiff: avoid divide by 0
...
fixes #151 / http://bugzilla.maptools.org/show_bug.cgi?id=2839
first memcmp() lines before computing corellation
and always avoid divide by 0 anyway
2020-02-16 19:20:37 +01:00
Thomas Bernard
4f168b7368
tiffcrop: fix asan runtime error caused by integer promotion
...
tiffcrop.c:4027:20: runtime error: left shift of 190 by 24 places cannot be represented in type 'int'
C treats (byte << 24) as an int expression.
casting explicitely to unsigned type uint32 avoids the problem.
the same issue has been fixed elsewhere with a242136916
I detected the bug with the test file of #86
2020-02-08 13:43:35 +01:00
Thomas Bernard
3107393354
tiff2pdf: palette bound check in t2p_sample_realize_palette()
...
fixes #82
2020-02-08 13:27:51 +01:00
Thomas Bernard
ebf0864306
tiff2ps: fix heap buffer read overflow in PSDataColorContig()
...
fixes #161 / http://bugzilla.maptools.org/show_bug.cgi?id=2855
in 05029fb7f1
I missed that 1 extra byte is read
in this loop.
2020-02-08 12:10:56 +01:00
Bob Friesenhahn
58b16f47a8
Add nmake build support for manually configuring the 'port' files to be
...
built based on MSVC features.
Include tif_config.h in tools/tiffset.c.
2020-01-25 14:11:05 -06:00
Bug Checkers
47656ccb3f
adds missing checks on TIFFGetField in tiffcrop tool ( fixes #170 )
2019-11-04 21:14:38 +00:00
Mansour Ahmadi
f2f1289601
adds a missing TIFFClose in rgb2ycbcr tool
2019-11-04 14:48:13 -05:00
Bob Friesenhahn
f18e1a2db5
Fix Cmake HAVE_GETOPT for systems which declare getopt in stdio.h.
...
Fix utility baked-in getopt prototype which appears when HAVE_GETOPT is not defined.
2019-11-03 11:21:26 -06:00
Even Rouault
b04da30e11
tiff2ps: fix use of wrong data type that caused issues (/Height being written as 0) on 64-bit big endian platforms
2019-08-18 10:52:45 +02:00
Nikola Forró
e897442344
tools/tiffcp.c: fix potential division by zero
...
Signed-off-by: Nikola Forró <nforro@redhat.com>
2019-06-12 12:23:33 +02:00
Even Rouault
b9b93f661e
Merge branch 'bug2799' into 'master'
...
fix fax2tiff
See merge request libtiff/libtiff!55
2019-05-08 08:36:34 +00:00
Even Rouault
3c0becb4aa
Merge branch 'bug_2844' into 'master'
...
tiff2ps.c: PSDataColorContig(): avoid heap buffer overrun
See merge request libtiff/libtiff!69
2019-04-25 09:39:01 +00:00
Thomas Bernard
ea2e933b17
tiff2pdf.c: don't call t2p_tile_collapse_left() when buffer size is wrong
...
see http://bugzilla.maptools.org/show_bug.cgi?id=2785
2019-02-28 13:44:49 +01:00
Thomas Bernard
b7d479cf8b
tiff2pdf.c: check colormap pointers
...
Avoid access to non initialized pointers
http://bugzilla.maptools.org/show_bug.cgi?id=2826
2019-02-28 13:05:19 +01:00
Thomas Bernard
05029fb7f1
PSDataColorContig(): avoid heap buffer overrun
...
fixes http://bugzilla.maptools.org/show_bug.cgi?id=2844
each iteration of the loop read nc bytes
2019-02-24 00:50:12 +01:00
Thomas Bernard
a242136916
tiff2ps.c: fix warning caused by integer promotion
...
uint8 value is promoted to int in (value << 24) so -fsanitize
yield runtime errors :
tiff2ps.c:2969:33: runtime error: left shift of 246 by 24 places cannot be represented in type 'int'
2019-02-22 16:23:33 +01:00
Even Rouault
27124e9148
Merge branch 'issue_2833' into 'master'
...
tiffcp.c: check that (Tile Width)*(Samples/Pixel) do no overflow
See merge request libtiff/libtiff!60
2019-02-19 14:39:26 +00:00
Thomas Bernard
9cfa5c4691
tiffcrop.c: fix invertImage() for bps 2 and 4
...
too much bytes were processed, causing a heap buffer overrun
http://bugzilla.maptools.org/show_bug.cgi?id=2831
the loop counter must be
for (col = 0; col < width; col += 8 / bps)
Also the values were not properly calculated. It should be
255-x, 15-x, 3-x for bps 8, 4, 2.
But anyway it is easyer to invert all bits as 255-x = ~x, etc.
(substracting from a binary number composed of all 1 is like inverting
the bits)
2019-02-11 23:08:25 +01:00
Thomas Bernard
7cc76e9bc4
tiffcp.c: use INT_MAX
2019-02-11 21:42:03 +01:00
Thomas Bernard
2b0d0e6997
check that (Tile Width)*(Samples/Pixel) do no overflow
...
fixes bug 2833
2019-02-11 10:05:33 +01:00
Even Rouault
ae0bed1fe5
Merge branch 'master' into 'master'
...
Fix for simple memory leak that was assigned CVE-2019-6128.
See merge request libtiff/libtiff!50
2019-02-02 14:46:05 +00:00
Even Rouault
933784a10a
Merge branch 'bug2835' into 'master'
...
tiff2ps: fix heap-buffer-overflow
See merge request libtiff/libtiff!53
2019-02-02 14:32:58 +00:00
Yuri Aksenov
88b410f800
fix fax2tiff
...
see http://bugzilla.maptools.org/show_bug.cgi?id=2799
fixes d9bc8472e7
2019-02-02 15:14:54 +01:00
Thomas Bernard
309bfd7f61
tiff2ps: fix heap-buffer-overflow
...
http://bugzilla.maptools.org/show_bug.cgi?id=2834
usually the test (i < byte_count) is OK because the byte_count is divisible by samplesperpixel.
But if that is not the case, (i + ncomps) < byte_count should be used, or
maybe (i + samplesperpixel) <= byte_count
2019-01-29 10:47:14 +01:00
Thomas Bernard
5c222ec96c
tiffcrop: shut up clang warnings
...
make the out filename building a bit more simple
and remove the use of strcat()
2019-01-28 16:10:28 +01:00
Scott Gayou
0c74a9f49b
Fix for simple memory leak that was assigned CVE-2019-6128.
...
pal2rgb failed to free memory on a few errors. This was reported
here: http://bugzilla.maptools.org/show_bug.cgi?id=2836 .
2019-01-23 15:09:59 -05:00
Bob Friesenhahn
a0e273fdca
Fix tiff2ps error regarding "Inconsistent value of es" by allowing es to be zero.
...
Problem was reported to the tiff mailing list by Julian H. Stacey on January 5, 2019.
2019-01-05 13:56:09 -06:00
Even Rouault
ae0325a1ab
Merge branch 'resource-leaks' into 'master'
...
Fix two resource leaks
See merge request libtiff/libtiff!43
2018-12-07 20:58:13 +00:00
Bob Friesenhahn
d6f7cf744c
tiffcrop.c: Avoid new clang warning about tools/tiffcrop.c "size argument in 'strncat' call appears to be size of the source".
2018-12-01 09:16:10 -06:00
Bob Friesenhahn
2480971bba
tiff2pdf: Eliminate compiler warning about snprintf output truncation when formatting pdf_datetime.
2018-11-03 13:27:20 -05:00
Bob Friesenhahn
ed624dfe48
tiffcrop.c: Eliminate compiler warning about snprintf output truncation when formatting filenum.
2018-11-03 10:00:11 -05:00
Bob Friesenhahn
34b5be5a2e
Eliminate compiler warnings about duplicate definitions of streq/strneq macros.
2018-11-03 09:35:19 -05:00
Nikola Forró
2f694198f1
Fix two resource leaks
...
Signed-off-by: Nikola Forró <nforro@redhat.com>
2018-10-31 11:50:48 +01:00
Even Rouault
99b10edde9
tiff2bw: avoid null pointer dereference in case of out of memory situation. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2819 / CVE-2018-18661
2018-10-30 18:50:27 +01:00
Even Rouault
1a926533b8
Merge branch 'tif_webp' into 'master'
...
webp support
See merge request libtiff/libtiff!32
2018-10-05 19:41:16 +00:00
Norman Barker
9eacd59fec
webp in tiff
2018-10-05 11:21:17 -05:00
Young_X
97c95667f6
fix out-of-bound read on some tiled images.
2018-09-08 15:07:53 +08:00
Young_X
6da1fb3f64
avoid potential int32 overflows in multiply_ms()
2018-09-08 14:46:27 +08:00
Young_X
f1b94e8a3b
only read/write TIFFTAG_GROUP3OPTIONS or TIFFTAG_GROUP4OPTIONS if compression is COMPRESSION_CCITTFAX3 or COMPRESSION_CCITTFAX4
2018-09-08 14:36:12 +08:00
Roger Leigh
43586d4105
tiffset: Add support for LONG8, SLONG8 and IFD8 field types
2018-03-23 22:11:17 +00:00
Stefan Weil
642b8f998e
Fix some typos
...
Most of them were found by codespell.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
2018-02-24 21:47:52 +01:00
Even Rouault
442fa64e41
Merge branch 'zstd'
2018-02-14 15:41:04 +01:00
Nathan Baker
473851d211
Fix for bug 2772
...
It is possible to craft a TIFF document where the IFD list is circular,
leading to an infinite loop while traversing the chain. The libtiff
directory reader has a failsafe that will break out of this loop after
reading 65535 directory entries, but it will continue processing,
consuming time and resources to process what is essentially a bogus TIFF
document.
This change fixes the above behavior by breaking out of processing when
a TIFF document has >= 65535 directories and terminating with an error.
2018-02-12 09:43:34 -05:00
Nathan Baker
e9fa4baf1d
Fix all compiler warnings for default build
2018-02-04 23:54:17 +00:00
Even Rouault
c4d31e9b06
Merge branch 'patch-1' into 'master'
...
Update CMakeLists.txt for build fix on Windows
See merge request libtiff/libtiff!14
2018-01-27 11:22:09 +00:00
Even Rouault
fb0489937c
Merge branch 'patch-2' into 'master'
...
Update tiffgt.c for build fix on Windows
See merge request libtiff/libtiff!13
2018-01-27 11:20:46 +00:00