Even Rouault
ed881da0db
Merge branch 'issue-143-144' into 'master'
...
tiffdump: avoid unaligned memory access
Closes #144 et #143
See merge request libtiff/libtiff!133
2020-03-24 12:39:48 +00:00
Even Rouault
3c47638aaa
Merge branch 'issue-133' into 'master'
...
tiff2pdf: avoid divide by 0
Closes #133
See merge request libtiff/libtiff!126
2020-03-24 12:39:18 +00:00
Thomas Bernard
bd49c5810f
tiff2pdf: normalizePoint() macro to normalize the white point
2020-03-24 11:34:36 +01:00
Thomas Bernard
37121e1574
tiffdump: avoid unaligned memory access
...
fixes #143
fixes #144
2020-03-24 00:18:32 +01:00
Even Rouault
6c63f17749
Merge branch 'out-of-memory' into 'master'
...
tiffcp/tiff2pdf/tiff2ps: enforce maximum malloc size
Closes #153 , #84 , #116 et #115
See merge request libtiff/libtiff!130
2020-03-23 18:11:02 +00:00
Thomas Bernard
b738aaa834
tiffset: check memory allocation
...
fixes #157 / http://bugzilla.maptools.org/show_bug.cgi?id=2850
2020-03-23 17:17:17 +01:00
Thomas Bernard
dff30c4d5d
tiff2ps: enforce memory allocation limit
...
fixes #153 / http://bugzilla.maptools.org/show_bug.cgi?id=2845
2020-03-21 15:50:38 +01:00
Thomas Bernard
791046b3c6
tiff2pdf: enforce maximum data size
...
fixes #116 / http://bugzilla.maptools.org/show_bug.cgi?id=2756
fixes #84 / http://bugzilla.maptools.org/show_bug.cgi?id=2683
2020-03-21 15:30:43 +01:00
Thomas Bernard
035c1961d6
tiffcp.c: _TIFFmalloc() => limitMalloc()
2020-03-21 13:20:17 +01:00
Thomas Bernard
0a58e22b17
tiffcp: enforce maximum malloc size
...
default is 256MB. use -m option to change
fixes #115 / http://bugzilla.maptools.org/show_bug.cgi?id=2755
2020-03-21 13:20:12 +01:00
Thomas Bernard
f704878200
tiff2pdf: "" causes the relevant argument not to be written
...
fixes #44
2020-03-21 01:05:41 +01:00
Thomas Bernard
dbc90f9374
tiff2pdf: avoid divide by 0
...
fixes #133 http://bugzilla.maptools.org/show_bug.cgi?id=2796
2020-03-18 01:37:54 +01:00
Thomas Bernard
54ce8c5220
TIFFTAG_PREDICTOR is not supported for WebP
...
fixes #158
https://gitlab.com/libtiff/libtiff/-/issues/158
this bug was introduced by 9eacd59fec
merge request !32
2020-03-08 20:33:34 +01:00
Thomas Bernard
622492cb31
ppm2tiff: remove unused argument warning
2020-03-07 10:56:31 +01:00
Ludolf Holzheid
5582d0bfad
ppm2tiff: support any bps value from 1 to 16
...
fix #55
http://bugzilla.maptools.org/show_bug.cgi?id=2505
Patch originally submited by Ludolf Holzheid <ludolf.holzheid@gmx.de>
2020-03-07 10:56:31 +01:00
Even Rouault
06d6e36187
Merge branch 'division-by-zero' into 'master'
...
tools/tiffcp.c: fix potential division by zero
See merge request libtiff/libtiff!83
2020-02-26 21:37:54 +00:00
Even Rouault
2a4d9b4fab
Merge branch 'bug2839' into 'master'
...
raw2tiff: avoid divide by 0
Closes #151
See merge request libtiff/libtiff!103
2020-02-26 21:22:26 +00:00
Even Rouault
2832b9829f
Merge branch 'bug2669' into 'master'
...
tiff2pdf: palette bound check in t2p_sample_realize_palette()
Closes #82
See merge request libtiff/libtiff!104
2020-02-26 21:21:09 +00:00
Even Rouault
e9a124f52f
Merge branch 'int-shift' into 'master'
...
tiffcrop: fix asan runtime error caused by integer promotion
See merge request libtiff/libtiff!105
2020-02-26 21:20:10 +00:00
Thomas Bernard
bdcf1add10
raw2tiff: avoid divide by 0
...
fixes #151 / http://bugzilla.maptools.org/show_bug.cgi?id=2839
first memcmp() lines before computing corellation
and always avoid divide by 0 anyway
2020-02-16 19:20:37 +01:00
Thomas Bernard
4f168b7368
tiffcrop: fix asan runtime error caused by integer promotion
...
tiffcrop.c:4027:20: runtime error: left shift of 190 by 24 places cannot be represented in type 'int'
C treats (byte << 24) as an int expression.
casting explicitely to unsigned type uint32 avoids the problem.
the same issue has been fixed elsewhere with a242136916
I detected the bug with the test file of #86
2020-02-08 13:43:35 +01:00
Thomas Bernard
3107393354
tiff2pdf: palette bound check in t2p_sample_realize_palette()
...
fixes #82
2020-02-08 13:27:51 +01:00
Thomas Bernard
ebf0864306
tiff2ps: fix heap buffer read overflow in PSDataColorContig()
...
fixes #161 / http://bugzilla.maptools.org/show_bug.cgi?id=2855
in 05029fb7f1
I missed that 1 extra byte is read
in this loop.
2020-02-08 12:10:56 +01:00
Bob Friesenhahn
58b16f47a8
Add nmake build support for manually configuring the 'port' files to be
...
built based on MSVC features.
Include tif_config.h in tools/tiffset.c.
2020-01-25 14:11:05 -06:00
Bug Checkers
47656ccb3f
adds missing checks on TIFFGetField in tiffcrop tool ( fixes #170 )
2019-11-04 21:14:38 +00:00
Mansour Ahmadi
f2f1289601
adds a missing TIFFClose in rgb2ycbcr tool
2019-11-04 14:48:13 -05:00
Bob Friesenhahn
f18e1a2db5
Fix Cmake HAVE_GETOPT for systems which declare getopt in stdio.h.
...
Fix utility baked-in getopt prototype which appears when HAVE_GETOPT is not defined.
2019-11-03 11:21:26 -06:00
Even Rouault
b04da30e11
tiff2ps: fix use of wrong data type that caused issues (/Height being written as 0) on 64-bit big endian platforms
2019-08-18 10:52:45 +02:00
Nikola Forró
e897442344
tools/tiffcp.c: fix potential division by zero
...
Signed-off-by: Nikola Forró <nforro@redhat.com>
2019-06-12 12:23:33 +02:00
Even Rouault
b9b93f661e
Merge branch 'bug2799' into 'master'
...
fix fax2tiff
See merge request libtiff/libtiff!55
2019-05-08 08:36:34 +00:00
Even Rouault
3c0becb4aa
Merge branch 'bug_2844' into 'master'
...
tiff2ps.c: PSDataColorContig(): avoid heap buffer overrun
See merge request libtiff/libtiff!69
2019-04-25 09:39:01 +00:00
Thomas Bernard
ea2e933b17
tiff2pdf.c: don't call t2p_tile_collapse_left() when buffer size is wrong
...
see http://bugzilla.maptools.org/show_bug.cgi?id=2785
2019-02-28 13:44:49 +01:00
Thomas Bernard
b7d479cf8b
tiff2pdf.c: check colormap pointers
...
Avoid access to non initialized pointers
http://bugzilla.maptools.org/show_bug.cgi?id=2826
2019-02-28 13:05:19 +01:00
Thomas Bernard
05029fb7f1
PSDataColorContig(): avoid heap buffer overrun
...
fixes http://bugzilla.maptools.org/show_bug.cgi?id=2844
each iteration of the loop read nc bytes
2019-02-24 00:50:12 +01:00
Thomas Bernard
a242136916
tiff2ps.c: fix warning caused by integer promotion
...
uint8 value is promoted to int in (value << 24) so -fsanitize
yield runtime errors :
tiff2ps.c:2969:33: runtime error: left shift of 246 by 24 places cannot be represented in type 'int'
2019-02-22 16:23:33 +01:00
Even Rouault
27124e9148
Merge branch 'issue_2833' into 'master'
...
tiffcp.c: check that (Tile Width)*(Samples/Pixel) do no overflow
See merge request libtiff/libtiff!60
2019-02-19 14:39:26 +00:00
Thomas Bernard
9cfa5c4691
tiffcrop.c: fix invertImage() for bps 2 and 4
...
too much bytes were processed, causing a heap buffer overrun
http://bugzilla.maptools.org/show_bug.cgi?id=2831
the loop counter must be
for (col = 0; col < width; col += 8 / bps)
Also the values were not properly calculated. It should be
255-x, 15-x, 3-x for bps 8, 4, 2.
But anyway it is easyer to invert all bits as 255-x = ~x, etc.
(substracting from a binary number composed of all 1 is like inverting
the bits)
2019-02-11 23:08:25 +01:00
Thomas Bernard
7cc76e9bc4
tiffcp.c: use INT_MAX
2019-02-11 21:42:03 +01:00
Thomas Bernard
2b0d0e6997
check that (Tile Width)*(Samples/Pixel) do no overflow
...
fixes bug 2833
2019-02-11 10:05:33 +01:00
Even Rouault
ae0bed1fe5
Merge branch 'master' into 'master'
...
Fix for simple memory leak that was assigned CVE-2019-6128.
See merge request libtiff/libtiff!50
2019-02-02 14:46:05 +00:00
Even Rouault
933784a10a
Merge branch 'bug2835' into 'master'
...
tiff2ps: fix heap-buffer-overflow
See merge request libtiff/libtiff!53
2019-02-02 14:32:58 +00:00
Yuri Aksenov
88b410f800
fix fax2tiff
...
see http://bugzilla.maptools.org/show_bug.cgi?id=2799
fixes d9bc8472e7
2019-02-02 15:14:54 +01:00
Thomas Bernard
309bfd7f61
tiff2ps: fix heap-buffer-overflow
...
http://bugzilla.maptools.org/show_bug.cgi?id=2834
usually the test (i < byte_count) is OK because the byte_count is divisible by samplesperpixel.
But if that is not the case, (i + ncomps) < byte_count should be used, or
maybe (i + samplesperpixel) <= byte_count
2019-01-29 10:47:14 +01:00
Thomas Bernard
5c222ec96c
tiffcrop: shut up clang warnings
...
make the out filename building a bit more simple
and remove the use of strcat()
2019-01-28 16:10:28 +01:00
Scott Gayou
0c74a9f49b
Fix for simple memory leak that was assigned CVE-2019-6128.
...
pal2rgb failed to free memory on a few errors. This was reported
here: http://bugzilla.maptools.org/show_bug.cgi?id=2836 .
2019-01-23 15:09:59 -05:00
Bob Friesenhahn
a0e273fdca
Fix tiff2ps error regarding "Inconsistent value of es" by allowing es to be zero.
...
Problem was reported to the tiff mailing list by Julian H. Stacey on January 5, 2019.
2019-01-05 13:56:09 -06:00
Even Rouault
ae0325a1ab
Merge branch 'resource-leaks' into 'master'
...
Fix two resource leaks
See merge request libtiff/libtiff!43
2018-12-07 20:58:13 +00:00
Bob Friesenhahn
d6f7cf744c
tiffcrop.c: Avoid new clang warning about tools/tiffcrop.c "size argument in 'strncat' call appears to be size of the source".
2018-12-01 09:16:10 -06:00
Bob Friesenhahn
2480971bba
tiff2pdf: Eliminate compiler warning about snprintf output truncation when formatting pdf_datetime.
2018-11-03 13:27:20 -05:00
Bob Friesenhahn
ed624dfe48
tiffcrop.c: Eliminate compiler warning about snprintf output truncation when formatting filenum.
2018-11-03 10:00:11 -05:00