Even Rouault
e54eac223b
(CVE-2016-5321 / CVE-2016-5323 , bugzilla #2558 / #2559 )
2016-07-11 21:38:31 +00:00
Even Rouault
a1277756ad
* tools/tiffcrop.c: Avoid access outside of stack allocated array
...
on a tiled separate TIFF with more than 8 samples per pixel.
Reported by Kaixiang Zhang of the Cloud Security Team, Qihoo 360
(CVE-2016-5321, bugzilla #2558 )
2016-07-11 21:26:03 +00:00
Even Rouault
febda236ac
* libtiff/tif_read.c: Fix out-of-bounds read on
...
memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1()
when stripoffset is beyond tmsize_t max value (reported by
Mathias Svensson)
2016-07-10 18:00:20 +00:00
Even Rouault
292c431e5d
* tools/tiffdump.c: fix a few misaligned 64-bit reads warned
...
by -fsanitize
2016-07-10 15:34:06 +00:00
Even Rouault
234b8543a8
Fix typo in CVE number for CVE-2016-5875
2016-07-10 10:15:07 +00:00
Even Rouault
b46aa51809
* libtiff/tif_read.c: make TIFFReadEncodedStrip() and
...
TIFFReadEncodedTile() directly use user provided buffer when
no compression (and other conditions) to save a memcpy().
* libtiff/tif_write.c: make TIFFWriteEncodedStrip() and
TIFFWriteEncodedTile() directly use user provided buffer when
no compression to save a memcpy().
2016-07-03 16:02:17 +00:00
Even Rouault
33c391eff4
* libtiff/tif_luv.c: validate that for COMPRESSION_SGILOG and
...
PHOTOMETRIC_LOGL, there is only one sample per pixel. Avoid
potential invalid memory write on corrupted/unexpected images when
using the TIFFRGBAImageBegin() interface (reported by
Clay Wood)
(CVE-2016-587)
2016-07-01 11:06:04 +00:00
Even Rouault
bf5b698868
* libtiff/tif_pixarlog.c: fix potential buffer write overrun in
...
PixarLogDecode() on corrupted/unexpected images (reported by Mathias Svensson)
2016-06-28 15:12:19 +00:00
Bob Friesenhahn
c0eb1847f4
* libtiff/libtiff.def: Added _TIFFMultiply32 and _TIFFMultiply64
...
to libtiff.def
2016-06-15 13:28:11 +00:00
Bob Friesenhahn
30366c9f22
* tools/Makefile.am: The libtiff tools bmp2tiff, gif2tiff,
...
ras2tiff, sgi2tiff, sgisv, and ycbcr are completely removed from
the distribution. The libtiff tools rgb2ycbcr and thumbnail are
only built in the build tree for testing. Old files are put in
new 'archive' subdirectory of the source repository, but not in
distribution archives. These changes are made in order to lessen
the maintenance burden.
2016-06-05 19:53:59 +00:00
Bob Friesenhahn
01c8ca66b3
* libtiff/tif_config.vc.h (HAVE_SNPRINTF): Add a '1' to the
...
HAVE_SNPRINTF definition.'
2016-05-10 13:04:48 +00:00
Bob Friesenhahn
d7aa10673b
* libtiff/tif_config.vc.h (HAVE_SNPRINTF): Applied patch by Edward
...
Lam to define HAVE_SNPRINTF for Visual Studio 2015.
2016-05-10 01:01:09 +00:00
Even Rouault
958d9b5a8d
* libtiff/tif_dirread.c: when compiled with DEFER_STRILE_LOAD,
...
fix regression, introduced on 2014-12-23, when reading a one-strip
file without a StripByteCounts tag. GDAL #6490
2016-04-27 11:38:00 +00:00
Bob Friesenhahn
c7ff695d1b
* html/bugs.html: Replace Andrey Kiselev with Bob Friesenhahn for
...
purposes of security issue reporting.
2016-04-08 02:34:00 +00:00
Even Rouault
caf986e723
* libtiff/*: upstream typo fixes (mostly contributed by Kurt Schwehr)
...
coming from GDAL internal libtiff
2016-01-23 21:20:34 +00:00
Even Rouault
eb52becbb9
* libtiff/tif_fax3.h: make Param member of TIFFFaxTabEnt structure
...
a uint16 to reduce size of the binary.
2016-01-09 22:19:21 +00:00
Even Rouault
2794a67c27
* libtiff/tif_read.c, tif_dirread.c: fix indentation issues raised
...
by GCC 6 -Wmisleading-indentation
2016-01-03 10:01:25 +00:00
Even Rouault
62382d0653
* libtiff/tif_pixarlog.c: avoid zlib error messages to pass a NULL
...
string to %s formatter, which is undefined behaviour in sprintf().
2015-12-27 20:14:11 +00:00
Even Rouault
a1506aa413
* libtiff/tif_next.c: fix potential out-of-bound write in NeXTDecode()
...
triggered by http://lcamtuf.coredump.cx/afl/vulns/libtiff5.tif
(bugzilla #2508 )
2015-12-27 16:55:20 +00:00
Even Rouault
13963114dd
* libtiff/tif_luv.c: fix potential out-of-bound writes in decode
...
functions in non debug builds by replacing assert()s by regular if
checks (bugzilla #2522 ).
Fix potential out-of-bound reads in case of short input data.
2015-12-27 16:25:11 +00:00
Even Rouault
b7cc3e5902
* libtiff/tif_getimage.c: fix out-of-bound reads in TIFFRGBAImage
...
interface in case of unsupported values of SamplesPerPixel/ExtraSamples
for LogLUV / CIELab. Add explicit call to TIFFRGBAImageOK() in
TIFFRGBAImageBegin(). Fix CVE-2015-8665 reported by limingxing and
CVE-2015-8683 reported by zzf of Alibaba.
2015-12-26 17:32:03 +00:00
Even Rouault
212816f6e4
* libtiff/tif_dirread.c: workaround false positive warning of Clang Static
...
Analyzer about null pointer dereference in TIFFCheckDirOffset().
2015-12-20 23:18:51 +00:00
Even Rouault
a292bc2d27
* libtiff/tif_fax3.c: remove dead assignment in Fax3PutEOLgdal(). Found
...
by Clang Static Analyzer
2015-12-19 21:50:51 +00:00
Even Rouault
22ee4bcd8d
offsets on a even offset (affects BigTIFF). This was a regression of the
...
changeset of 2015-10-19.
2015-12-18 14:08:11 +00:00
Even Rouault
56ae8c1ee3
* libtiff/tif_dirwrite.c: fix truncation to 32 bit of file offsets in
...
TIFFLinkDirectory() and TIFFWriteDirectorySec() when aligning directory
offsets on a even offset (affects BigTIFF)
2015-12-18 11:11:00 +00:00
Even Rouault
845ee2f85b
* libtiff/tif_write.c: TIFFWriteEncodedStrip() and TIFFWriteEncodedTile()
...
should return -1 in case of failure of tif_encodestrip() as documented
* libtiff/tif_dumpmode.c: DumpModeEncode() should return 0 in case of
failure so that the above mentionned functions detect the error.
2015-12-12 18:04:26 +00:00
Even Rouault
b452d9b91c
* libtiff/uvcode.h: const'ify uv_code array
2015-12-07 00:12:33 +00:00
Even Rouault
5b64b34dc9
* libtiff/tif_dirinfo.c: const'ify tiffFields, exifFields,
...
tiffFieldArray and exifFieldArray arrays
2015-12-06 23:51:44 +00:00
Even Rouault
fdda780a4b
* libtiff/tif_print.c: constify photoNames and orientNames arrays
2015-12-06 22:19:56 +00:00
Even Rouault
e4df80bf75
* libtiff/tif_close.c, libtiff/tif_extension.c : rename link
...
variable to avoid -Wshadow warnings
2015-12-06 11:13:43 +00:00
Even Rouault
142a8a8d4e
* libtiff/tif_close.c: rename variable to avoid -Wshadow warning
2015-12-06 10:51:14 +00:00
Even Rouault
f238db387f
* libtiff/*.c: fix typos in comments (patch by Kurt Schwehr)
2015-11-22 22:37:27 +00:00
Even Rouault
1c9ef8f17c
* libtiff/*.c: fix MSVC warnings related to cast shortening and
...
assignment within conditional expression
2015-11-22 15:31:03 +00:00
Even Rouault
87f02eaced
* libtiff/*.c: fix clang -Wshorten-64-to-32 warnings
2015-11-18 20:35:07 +00:00
Even Rouault
7cf3e7efeb
* libtiff/tif_dirread.c: initialize double* data at line 3693 to NULL
...
to please MSVC 2013
2015-11-18 18:26:03 +00:00
Even Rouault
1784d0edf7
* libtiff/tif_dirread.c: prevent reading ColorMap or TransferFunction
...
if BitsPerPixel > 24, so as to avoid huge memory allocation and file
read attempts
2015-11-17 12:17:31 +00:00
Even Rouault
d91cba049c
* libtiff/tif_dirread.c: remove duplicated assignment (reported by
...
Clang static analyzer)
2015-11-02 09:52:08 +00:00
Even Rouault
1874d4e8c8
* libtiff/tif_dir.c, libtiff/tif_dirinfo.c, libtiff/tif_compress.c,
...
libtiff/tif_jpeg_12.c: suppress warnings about 'no previous
declaration/prototype'
2015-10-28 19:10:20 +00:00
Even Rouault
aefadd720c
* libtiff/tiffiop.h, libtiff/tif_dirwrite.c: suffix constants by U to fix
...
'warning: negative integer implicitly converted to unsigned type' warning
(part of -Wconversion)
2015-10-19 12:04:23 +00:00
Even Rouault
ecc78ef4c1
* libtiff/tif_dir.c, libtiff/tif_dirread.c, libtiff/tif_getimage.c,
...
libtiff/tif_print.c: fix -Wshadow warnings (only in libtiff/)
2015-10-17 10:13:14 +00:00
Bob Friesenhahn
20dc498028
* libtiff 4.0.6 released.
2015-09-12 19:46:23 +00:00
Bob Friesenhahn
e2f860d2f4
* html/v4.0.6.html: Added release notes for 4.0.6.
2015-09-12 19:29:47 +00:00
Bob Friesenhahn
d1fabc4db1
* tools/tiffgt.c: Silence glut API deprecation warnings on MacOS
...
X. Patch by Roger Leigh.
2015-09-06 20:42:20 +00:00
Bob Friesenhahn
897af013fb
* Makefile.am: Added a 'coverity' rule to assist with Coverity
...
submissions.
2015-09-06 19:34:06 +00:00
Bob Friesenhahn
7bc7b77e78
* tools/tiff2pdf.c: Fix compiler warning about unused function
...
when JPEG is not available.
* tools/fax2ps.c (main): Detect failure to write to temporary
file.
2015-09-06 18:24:27 +00:00
Bob Friesenhahn
2c7bbbc163
(TIFF_UINT32_MAX): Avoid use of platform-specific large constants.
2015-09-05 20:31:41 +00:00
Bob Friesenhahn
6fcb0cfb03
(TIFF_INT64_MAX): Avoid use of platform-specific large constants.
2015-09-05 20:22:45 +00:00
Bob Friesenhahn
54de96d2b8
* libtiff/tif_dirread.c (TIFFReadDirEntryCheckRangeSlongSlong8):
...
Change implementation so that it does not sometimes overflow the
range of a 32-bit int and to avoid a signed vs unsigned compare
compiler warning.
2015-09-05 20:15:57 +00:00
Bob Friesenhahn
a9afad2a9f
* Makefile.am (distcheck-hook), configure.ac: Applied patches by
...
Roger Leigh (via tiff mailing list on 2015-09-01) to fix issue
with BSD make and to make use of cmake in 'distcheck' target
conditional on if cmake is available.
2015-09-01 19:23:16 +00:00
Bob Friesenhahn
e762ba3de9
* CMakeLists.txt, Makefile.am, configure.ac: Applied patches by
...
Roger Leigh (via tiff mailing list on 2015-09-01).
CMake build is now included in 'distcheck' target.
Builds with CMake 2.8.9 and newer.
Tar is now resquested to use POSIX PAX format.
2015-09-01 15:38:01 +00:00