Commit Graph

3181 Commits

Author SHA1 Message Date
Even Rouault
e3d738277b Merge branch 'bug_2826' into 'master'
tiff2pdf.c: check colormap pointers when loading CMYK with colormap

See merge request libtiff/libtiff!65
2019-02-28 12:30:20 +00:00
Thomas Bernard
b7d479cf8b
tiff2pdf.c: check colormap pointers
Avoid access to non initialized pointers
http://bugzilla.maptools.org/show_bug.cgi?id=2826
2019-02-28 13:05:19 +01:00
Even Rouault
621b54a0b5 Merge branch 'fix_warnings' into 'master'
tiff2ps.c: fix warning caused by integer promotion

See merge request libtiff/libtiff!68
2019-02-27 21:00:33 +00:00
Thomas Bernard
a242136916
tiff2ps.c: fix warning caused by integer promotion
uint8 value is promoted to int in (value << 24) so -fsanitize
yield runtime errors :
tiff2ps.c:2969:33: runtime error: left shift of 246 by 24 places cannot be represented in type 'int'
2019-02-22 16:23:33 +01:00
Even Rouault
3c792f726b Merge branch 'large_strile_improvements' into 'master'
Large strile support improvements

See merge request libtiff/libtiff!63
2019-02-22 10:48:51 +00:00
Even Rouault
c8b6bdc680 Merge branch 'gitlab-pages' into 'master'
ci: Add pages job

See merge request libtiff/libtiff!45
2019-02-21 18:26:06 +00:00
Even Rouault
27124e9148 Merge branch 'issue_2833' into 'master'
tiffcp.c: check that (Tile Width)*(Samples/Pixel) do no overflow

See merge request libtiff/libtiff!60
2019-02-19 14:39:26 +00:00
Even Rouault
6947b21a4f Merge branch 'issue_2831' into 'master'
tiffcrop.c: fix invertImage() for bps 2 and 4

See merge request libtiff/libtiff!61
2019-02-19 14:36:59 +00:00
Even Rouault
0224f7d4f2 Merge branch 'issue_2842' into 'master'
move _TIFFClampDoubleToFloat() to tif_aux.c

See merge request libtiff/libtiff!62
2019-02-19 14:31:35 +00:00
Even Rouault
2ff9c01bd9
tif_zip.c: allow reading and writing strips/tiles with more than 4 GB of compressed or uncompressed data 2019-02-19 15:10:36 +01:00
Even Rouault
0489f1f879
tif_dirread.c: when strip chopping is enabled, extend this mechanism to multi-strip uncompressed files with strips larger than 2GB to expose them as strips of ~500 MB 2019-02-19 15:10:00 +01:00
Even Rouault
28f67ba4bd Merge branch 'size_t_typo' into 'master'
CMakeLists.txt: fix TIFF_SIZE_T

See merge request libtiff/libtiff!59
2019-02-19 13:56:12 +00:00
Thomas Bernard
8420a31e8c
move _TIFFClampDoubleToFloat() to tif_aux.c
the same function was declared in tif_dir.c and tif_dirwrite.c

see http://bugzilla.maptools.org/show_bug.cgi?id=2842
2019-02-12 16:04:28 +01:00
Thomas Bernard
9cfa5c4691 tiffcrop.c: fix invertImage() for bps 2 and 4
too much bytes were processed, causing a heap buffer overrun
    http://bugzilla.maptools.org/show_bug.cgi?id=2831
the loop counter must be
    for (col = 0; col < width; col += 8 / bps)

Also the values were not properly calculated. It should be
255-x, 15-x, 3-x for bps 8, 4, 2.

But anyway it is easyer to invert all bits as 255-x = ~x, etc.
(substracting from a binary number composed of all 1 is like inverting
the bits)
2019-02-11 23:08:25 +01:00
Thomas Bernard
7cc76e9bc4 tiffcp.c: use INT_MAX 2019-02-11 21:42:03 +01:00
Thomas Bernard
2b0d0e6997 check that (Tile Width)*(Samples/Pixel) do no overflow
fixes bug 2833
2019-02-11 10:05:33 +01:00
Thomas Bernard
2201714e88
CMakeLists.txt: fix TIFF_SIZE_T 2019-02-03 14:13:54 +01:00
Even Rouault
ae0bed1fe5 Merge branch 'master' into 'master'
Fix for simple memory leak that was assigned CVE-2019-6128.

See merge request libtiff/libtiff!50
2019-02-02 14:46:05 +00:00
Even Rouault
933784a10a Merge branch 'bug2835' into 'master'
tiff2ps: fix heap-buffer-overflow

See merge request libtiff/libtiff!53
2019-02-02 14:32:58 +00:00
Even Rouault
38ede78b13
Fix warning (use of uninitialized value) added per d0a842c5db (fixes https://gitlab.com/libtiff/libtiff/merge_requests/54#note_137742985) 2019-02-02 15:30:14 +01:00
Even Rouault
cee7c07789 Merge branch 'tiffcrop' into 'master'
tiffcrop: shut up clang warnings

See merge request libtiff/libtiff!52
2019-02-02 12:11:01 +00:00
Even Rouault
329433af90 Merge branch 'bug2833' into 'master'
TIFFWriteDirectoryTagTransferfunction() : fix NULL dereferencing

See merge request libtiff/libtiff!54
2019-02-01 20:31:04 +00:00
Even Rouault
8d966dfbe2 Merge branch 'gitignore' into 'master'
add test/ files to .gitignore

See merge request libtiff/libtiff!56
2019-02-01 20:28:46 +00:00
Even Rouault
1edeee44c8 Merge branch 'master' into 'master'
tif_dir: unset transferfunction field if necessary (CVE-2018-19210)

See merge request libtiff/libtiff!47
2019-02-01 20:21:02 +00:00
Thomas Bernard
578f3f4600
add test/ files to .gitignore 2019-01-29 16:37:09 +01:00
Thomas Bernard
802d3cbf30
TIFFWriteDirectoryTagTransferfunction() : fix NULL dereferencing
http://bugzilla.maptools.org/show_bug.cgi?id=2833

we must check the pointer is not NULL before memcmp() the memory
2019-01-29 11:21:47 +01:00
Thomas Bernard
309bfd7f61
tiff2ps: fix heap-buffer-overflow
http://bugzilla.maptools.org/show_bug.cgi?id=2834

usually the test (i < byte_count) is OK because the byte_count is divisible by samplesperpixel.
But if that is not the case, (i + ncomps) < byte_count should be used, or
maybe (i + samplesperpixel) <= byte_count
2019-01-29 10:47:14 +01:00
Thomas Bernard
5c222ec96c
tiffcrop: shut up clang warnings
make the out filename building a bit more simple
and remove the use of strcat()
2019-01-28 16:10:28 +01:00
Scott Gayou
0c74a9f49b Fix for simple memory leak that was assigned CVE-2019-6128.
pal2rgb failed to free memory on a few errors. This was reported
here: http://bugzilla.maptools.org/show_bug.cgi?id=2836.
2019-01-23 15:09:59 -05:00
Bob Friesenhahn
a0e273fdca Fix tiff2ps error regarding "Inconsistent value of es" by allowing es to be zero.
Problem was reported to the tiff mailing list by Julian H. Stacey on January 5, 2019.
2019-01-05 13:56:09 -06:00
Hugo Lefeuvre
d0a842c5db tif_dir: unset transferfunction field if necessary
The number of entries in the transfer table is determined as following:

(td->td_samplesperpixel - td->td_extrasamples) > 1 ? 3 : 1

This means that whenever td->td_samplesperpixel or td->td_extrasamples are
modified we also need to make sure that the number of required entries in
the transfer table didn't change.

If it changed and the number of entries is higher than before we should
invalidate the transfer table field and free previously allocated values.
In the other case there's nothing to do, additional tf entries won't harm
and properly written code will just ignore them since spp - es < 1.

For instance this situation might happen when reading an OJPEG compressed
image with missing SamplesPerPixel tag. In this case the SamplesPerPixel
field might be updated after setting the transfer table.

see http://bugzilla.maptools.org/show_bug.cgi?id=2500

This commit addresses CVE-2018-19210.
2018-12-14 06:19:04 +01:00
Bob Friesenhahn
56a1976e92 Do not attempt to re-sync zip stream after reported data error from inflate(). 2018-12-08 15:36:14 -06:00
Even Rouault
ae0325a1ab Merge branch 'resource-leaks' into 'master'
Fix two resource leaks

See merge request libtiff/libtiff!43
2018-12-07 20:58:13 +00:00
Even Rouault
15d01b63a9 Merge branch 'build-jbig' into 'master'
add jbig support to the fuzzer

See merge request libtiff/libtiff!42
2018-12-07 20:56:22 +00:00
Bob Friesenhahn
d6f7cf744c tiffcrop.c: Avoid new clang warning about tools/tiffcrop.c "size argument in 'strncat' call appears to be size of the source". 2018-12-01 09:16:10 -06:00
Even Rouault
5bcf0cb3c1 Merge branch 'webp_memleak' into 'master'
fixed mem leak in webp compression

See merge request libtiff/libtiff!48
2018-11-28 21:54:25 +00:00
Norman Barker
9323b7b139 fixed mem leak in webp compression 2018-11-28 15:45:39 -06:00
Even Rouault
4e3faaf6f5 Merge branch 'lossless_webp' into 'master'
fixed lossless webp compression config

See merge request libtiff/libtiff!46
2018-11-20 19:32:10 +00:00
Norman Barker
c7774df9a7 fixed lossless webp compression config 2018-11-20 11:54:01 -06:00
Bob Friesenhahn
6b7fc9f116 snprintf porting fix for Visual Studio 2003 2018-11-18 20:25:17 -06:00
Roger Leigh
8addf2c1f7 ci: Add pages job 2018-11-18 10:37:37 +00:00
Bob Friesenhahn
2f79874c30 Change references from defunct ftp site to https site. 2018-11-10 14:38:21 -06:00
Bob Friesenhahn
64b6f939bf Change download URL from ftp to https protocol. 2018-11-10 13:46:14 -06:00
Bob Friesenhahn
6c3e4801bd HOWTO-RELEASE: Add GPG release file signing procedure. 2018-11-10 13:43:05 -06:00
Bob Friesenhahn
b8eac98dd0 libtiff 4.0.10 released. 2018-11-10 09:33:11 -06:00
Bob Friesenhahn
126a949736 Change COMPRESSION_ZSTD to 50000 and COMPRESSION_WEBP to 50001. 2018-11-10 08:58:18 -06:00
Bob Friesenhahn
779e54ca32 Added preliminary release notes for release 4.0.10 2018-11-04 14:14:25 -06:00
Bob Friesenhahn
2480971bba tiff2pdf: Eliminate compiler warning about snprintf output truncation when formatting pdf_datetime. 2018-11-03 13:27:20 -05:00
Olivier Paquet
2d25c90327 Merge branch 'no_tif_platform_console' into 'master'
Remove builtin support for GUI warning and error message boxes

See merge request libtiff/libtiff!24
2018-11-03 16:51:41 +00:00
Bob Friesenhahn
ed624dfe48 tiffcrop.c: Eliminate compiler warning about snprintf output truncation when formatting filenum. 2018-11-03 10:00:11 -05:00