* libtiff/tif_dir.c: TIFFSetField(): refuse to set negative values for
TIFFTAG_XRESOLUTION and TIFFTAG_YRESOLUTION that cause asserts when writing
the directory
* libtiff/tif_dirread.c: TIFFReadDirectory(): refuse to read ColorMap or
TransferFunction if BitsPerSample has not yet been read, otherwise reading
it later will cause user code to crash if BitsPerSample > 1
* libtiff/tif_getimage.c: TIFFRGBAImageOK(): return FALSE if LOGLUV with
SamplesPerPixel != 3, or if CIELAB with SamplesPerPixel != 3 or BitsPerSample != 8
* libtiff/tif_next.c: in the "run mode", use tilewidth for tiled images
instead of imagewidth to avoid crash
* tools/bmp2tiff.c: fix crash due to int overflow related to input BMP dimensions
* tools/tiff2pdf.c: fix crash due to invalid tile count (should likely be checked by
libtiff too). Detect invalid settings of BitsPerSample/SamplesPerPixel for CIELAB / ITULAB
* tools/tiffcrop.c: fix crash due to invalid TileWidth/TileHeight
* tools/tiffdump.c: fix crash due to overflow of entry count.
tag can return one channel, with the other two channels set to
NULL. The tiff2pdf code was expecting that other two channels
were duplicate pointers in the case where there is only one
channel. Detect this condition in order to avoid a crash, and
presumably perform correctly with just one channel.
sp->dec_codetab in LZWPreDecode (bug #2459)
* libtiff/tif_read.c: in TIFFReadBufferSetup(), avoid passing -1 size
to TIFFmalloc() if passed user buffer size is 0 (bug #2459)
* libtiff/tif_ojpeg.c: make Coverity happier (not a bug, #2459)
* libtiff/tif_dir.c: in _TIFFVGetField() and _TIFFVSetField(), make
Coverity happier (not a bug, #2459)
* libtiff/tif_dirread.c: in TIFFFetchNormalTag(), make Coverity happier
(not a bug, #2459)
* tools/tiff2pdf.c: close PDF file (bug #2479)
* tools/fax2ps.c: check malloc()/realloc() result (bug #2470)
* tools/tiffdump.c: detect cycle in TIFF directory chaining (bug #2463)
and avoid passing a NULL pointer to read() if seek() failed before (bug #2459)
* tools/tiffcrop.c: fix segfault if bad value passed to -Z option
(bug #2459) and add missing va_end in dump_info (#2459)
* tools/gif2tif.c: apply patch for CVE-2013-4243 (#2451)
Date: Thu, 18 Jul 2013 14:36:47 -0400
Here's a patch to correct an issue with creating G4-compressed PDFs.
The issue is caused by == being used to compare bitfields when only
one bit is intended to be compared. Some of the tiffs I have had both
T2P_CS_ICCBASED and T2P_CS_BILEVEL set; therefore, the current code
will fail, producing certain pages that are inverted.
The patch follows, and is also attached.
--David
TIFF_UINT64_FORMAT appropriately for MinGW32.
* tools/tiffdump.c (ReadDirectory): MinGW32 needs to use WIN32
printf conventions for 64-bit types because it uses the WIN32 CRT.
* libtiff/{tif_dumpmode.c,tif_luv.c,tif_lzw.c,tif_print.c,
tif_read.c,tif_strip.c,tif_thunder.c}: MinGW32 needs to use WIN32
printf conventions for 64-bit types because it uses the WIN32 CRT.
* tools/tiff2pdf.c (t2p_write_pdf_string): Fix printf syntax not
understood by WIN32 CRT.
the JPEG TIFF as is is not required in order to prevent it from
being unused and filled with invalid data. (Leave it to be
generated by later activity.)
* tools/tiff2pdf.c: Write the JPEG SOI headers into the TIFF strip
data rather than skipping them. This fixes the ability to view in
Acrobat Reader, Evince, and Ghostscript.
for TIFFError(), TIFFErrorExt(), TIFFWarning(), and
TIFFWarningExt() in order to reveal bugs.
* Many fixes throughout to work better as a 64-bit build.
utility as per bug http://bugzilla.remotesensing.org/show_bug.cgi?id=1560
Now we don't need tiffiop.h in tiff2pdf anymore and will open output PDF file
using TIFFClientOpen() machinery as it is implemented by Leon Bottou.
