Commit Graph

2817 Commits

Author SHA1 Message Date
Even Rouault
e54eac223b (CVE-2016-5321 / CVE-2016-5323 , bugzilla #2558 / #2559) 2016-07-11 21:38:31 +00:00
Even Rouault
a1277756ad * tools/tiffcrop.c: Avoid access outside of stack allocated array
on a tiled separate TIFF with more than 8 samples per pixel.
Reported by Kaixiang Zhang of the Cloud Security Team, Qihoo 360
(CVE-2016-5321, bugzilla #2558)
2016-07-11 21:26:03 +00:00
Even Rouault
febda236ac * libtiff/tif_read.c: Fix out-of-bounds read on
memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1()
when stripoffset is beyond tmsize_t max value (reported by
Mathias Svensson)
2016-07-10 18:00:20 +00:00
Even Rouault
a0faaf8910 Fix build failure due to previous commit 2016-07-10 16:56:18 +00:00
Even Rouault
292c431e5d * tools/tiffdump.c: fix a few misaligned 64-bit reads warned
by -fsanitize
2016-07-10 15:34:06 +00:00
Even Rouault
234b8543a8 Fix typo in CVE number for CVE-2016-5875 2016-07-10 10:15:07 +00:00
Even Rouault
b46aa51809 * libtiff/tif_read.c: make TIFFReadEncodedStrip() and
TIFFReadEncodedTile() directly use user provided buffer when
no compression (and other conditions) to save a memcpy().

* libtiff/tif_write.c: make TIFFWriteEncodedStrip() and
TIFFWriteEncodedTile() directly use user provided buffer when
no compression to save a memcpy().
2016-07-03 16:02:17 +00:00
Even Rouault
33c391eff4 * libtiff/tif_luv.c: validate that for COMPRESSION_SGILOG and
PHOTOMETRIC_LOGL, there is only one sample per pixel. Avoid
potential invalid memory write on corrupted/unexpected images when
using the TIFFRGBAImageBegin() interface (reported by
Clay Wood)

(CVE-2016-587)
2016-07-01 11:06:04 +00:00
Even Rouault
f8b7c3de4d Fix warning about unsigned vs signed comparison 2016-06-28 15:37:33 +00:00
Even Rouault
bf5b698868 * libtiff/tif_pixarlog.c: fix potential buffer write overrun in
PixarLogDecode() on corrupted/unexpected images (reported by Mathias Svensson)
2016-06-28 15:12:19 +00:00
Bob Friesenhahn
c0eb1847f4 * libtiff/libtiff.def: Added _TIFFMultiply32 and _TIFFMultiply64
to libtiff.def
2016-06-15 13:28:11 +00:00
Bob Friesenhahn
30366c9f22 * tools/Makefile.am: The libtiff tools bmp2tiff, gif2tiff,
ras2tiff, sgi2tiff, sgisv, and ycbcr are completely removed from
the distribution.  The libtiff tools rgb2ycbcr and thumbnail are
only built in the build tree for testing.  Old files are put in
new 'archive' subdirectory of the source repository, but not in
distribution archives.  These changes are made in order to lessen
the maintenance burden.
2016-06-05 19:53:59 +00:00
Bob Friesenhahn
01c8ca66b3 * libtiff/tif_config.vc.h (HAVE_SNPRINTF): Add a '1' to the
HAVE_SNPRINTF definition.'
2016-05-10 13:04:48 +00:00
Bob Friesenhahn
d7aa10673b * libtiff/tif_config.vc.h (HAVE_SNPRINTF): Applied patch by Edward
Lam to define HAVE_SNPRINTF for Visual Studio 2015.
2016-05-10 01:01:09 +00:00
Even Rouault
958d9b5a8d * libtiff/tif_dirread.c: when compiled with DEFER_STRILE_LOAD,
fix regression, introduced on 2014-12-23, when reading a one-strip
file without a StripByteCounts tag. GDAL #6490
2016-04-27 11:38:00 +00:00
Bob Friesenhahn
c7ff695d1b * html/bugs.html: Replace Andrey Kiselev with Bob Friesenhahn for
purposes of security issue reporting.
2016-04-08 02:34:00 +00:00
Even Rouault
caf986e723 * libtiff/*: upstream typo fixes (mostly contributed by Kurt Schwehr)
coming from GDAL internal libtiff
2016-01-23 21:20:34 +00:00
Even Rouault
eb52becbb9 * libtiff/tif_fax3.h: make Param member of TIFFFaxTabEnt structure
a uint16 to reduce size of the binary.
2016-01-09 22:19:21 +00:00
Even Rouault
2794a67c27 * libtiff/tif_read.c, tif_dirread.c: fix indentation issues raised
by GCC 6 -Wmisleading-indentation
2016-01-03 10:01:25 +00:00
Even Rouault
62382d0653 * libtiff/tif_pixarlog.c: avoid zlib error messages to pass a NULL
string to %s formatter, which is undefined behaviour in sprintf().
2015-12-27 20:14:11 +00:00
Even Rouault
7dfc35c299 Fix MSVC breakage in previous commit 2015-12-27 17:14:52 +00:00
Even Rouault
a1506aa413 * libtiff/tif_next.c: fix potential out-of-bound write in NeXTDecode()
triggered by http://lcamtuf.coredump.cx/afl/vulns/libtiff5.tif
(bugzilla #2508)
2015-12-27 16:55:20 +00:00
Even Rouault
13963114dd * libtiff/tif_luv.c: fix potential out-of-bound writes in decode
functions in non debug builds by replacing assert()s by regular if
checks (bugzilla #2522).
Fix potential out-of-bound reads in case of short input data.
2015-12-27 16:25:11 +00:00
Even Rouault
b7cc3e5902 * libtiff/tif_getimage.c: fix out-of-bound reads in TIFFRGBAImage
interface in case of unsupported values of SamplesPerPixel/ExtraSamples
for LogLUV / CIELab. Add explicit call to TIFFRGBAImageOK() in
TIFFRGBAImageBegin(). Fix CVE-2015-8665 reported by limingxing and
CVE-2015-8683 reported by zzf of Alibaba.
2015-12-26 17:32:03 +00:00
Even Rouault
212816f6e4 * libtiff/tif_dirread.c: workaround false positive warning of Clang Static
Analyzer about null pointer dereference in TIFFCheckDirOffset().
2015-12-20 23:18:51 +00:00
Even Rouault
a292bc2d27 * libtiff/tif_fax3.c: remove dead assignment in Fax3PutEOLgdal(). Found
by Clang Static Analyzer
2015-12-19 21:50:51 +00:00
Even Rouault
22ee4bcd8d offsets on a even offset (affects BigTIFF). This was a regression of the
changeset of 2015-10-19.
2015-12-18 14:08:11 +00:00
Even Rouault
56ae8c1ee3 * libtiff/tif_dirwrite.c: fix truncation to 32 bit of file offsets in
TIFFLinkDirectory() and TIFFWriteDirectorySec() when aligning directory
offsets on a even offset (affects BigTIFF)
2015-12-18 11:11:00 +00:00
Even Rouault
845ee2f85b * libtiff/tif_write.c: TIFFWriteEncodedStrip() and TIFFWriteEncodedTile()
should return -1 in case of failure of tif_encodestrip() as documented
* libtiff/tif_dumpmode.c: DumpModeEncode() should return 0 in case of
failure so that the above mentionned functions detect the error.
2015-12-12 18:04:26 +00:00
Even Rouault
b452d9b91c * libtiff/uvcode.h: const'ify uv_code array 2015-12-07 00:12:33 +00:00
Even Rouault
5b64b34dc9 * libtiff/tif_dirinfo.c: const'ify tiffFields, exifFields,
tiffFieldArray and exifFieldArray arrays
2015-12-06 23:51:44 +00:00
Even Rouault
fdda780a4b * libtiff/tif_print.c: constify photoNames and orientNames arrays 2015-12-06 22:19:56 +00:00
Even Rouault
e4df80bf75 * libtiff/tif_close.c, libtiff/tif_extension.c : rename link
variable to avoid -Wshadow warnings
2015-12-06 11:13:43 +00:00
Even Rouault
142a8a8d4e * libtiff/tif_close.c: rename variable to avoid -Wshadow warning 2015-12-06 10:51:14 +00:00
Even Rouault
f238db387f * libtiff/*.c: fix typos in comments (patch by Kurt Schwehr) 2015-11-22 22:37:27 +00:00
Even Rouault
3ba1a57e00 tif_ojpec.c: modify previous change to be compatible with all MSVC versions 2015-11-22 16:40:43 +00:00
Even Rouault
1c9ef8f17c * libtiff/*.c: fix MSVC warnings related to cast shortening and
assignment within conditional expression
2015-11-22 15:31:03 +00:00
Even Rouault
87f02eaced * libtiff/*.c: fix clang -Wshorten-64-to-32 warnings 2015-11-18 20:35:07 +00:00
Even Rouault
7cf3e7efeb * libtiff/tif_dirread.c: initialize double* data at line 3693 to NULL
to please MSVC 2013
2015-11-18 18:26:03 +00:00
Even Rouault
1dacfe503f Fix previous commit 2015-11-17 16:21:02 +00:00
Even Rouault
1784d0edf7 * libtiff/tif_dirread.c: prevent reading ColorMap or TransferFunction
if BitsPerPixel > 24, so as to avoid huge memory allocation and file
read attempts
2015-11-17 12:17:31 +00:00
Even Rouault
d91cba049c * libtiff/tif_dirread.c: remove duplicated assignment (reported by
Clang static analyzer)
2015-11-02 09:52:08 +00:00
Even Rouault
1874d4e8c8 * libtiff/tif_dir.c, libtiff/tif_dirinfo.c, libtiff/tif_compress.c,
libtiff/tif_jpeg_12.c: suppress warnings about 'no previous
declaration/prototype'
2015-10-28 19:10:20 +00:00
Even Rouault
aefadd720c * libtiff/tiffiop.h, libtiff/tif_dirwrite.c: suffix constants by U to fix
'warning: negative integer implicitly converted to unsigned type' warning
(part of -Wconversion)
2015-10-19 12:04:23 +00:00
Even Rouault
ecc78ef4c1 * libtiff/tif_dir.c, libtiff/tif_dirread.c, libtiff/tif_getimage.c,
libtiff/tif_print.c: fix -Wshadow warnings (only in libtiff/)
2015-10-17 10:13:14 +00:00
Bob Friesenhahn
5612707c08 Fix failure to update libtiff version in AC_INIT. 2015-09-12 19:50:39 +00:00
Bob Friesenhahn
20dc498028 * libtiff 4.0.6 released. 2015-09-12 19:46:23 +00:00
Bob Friesenhahn
e2f860d2f4 * html/v4.0.6.html: Added release notes for 4.0.6. 2015-09-12 19:29:47 +00:00
Bob Friesenhahn
d1fabc4db1 * tools/tiffgt.c: Silence glut API deprecation warnings on MacOS
X.  Patch by Roger Leigh.
2015-09-06 20:42:20 +00:00
Bob Friesenhahn
897af013fb * Makefile.am: Added a 'coverity' rule to assist with Coverity
submissions.
2015-09-06 19:34:06 +00:00