Commit Graph

651 Commits

Author SHA1 Message Date
Even Rouault
ed881da0db Merge branch 'issue-143-144' into 'master'
tiffdump: avoid unaligned memory access

Closes #144 et #143

See merge request libtiff/libtiff!133
2020-03-24 12:39:48 +00:00
Even Rouault
3c47638aaa Merge branch 'issue-133' into 'master'
tiff2pdf: avoid divide by 0

Closes #133

See merge request libtiff/libtiff!126
2020-03-24 12:39:18 +00:00
Thomas Bernard
bd49c5810f
tiff2pdf: normalizePoint() macro to normalize the white point 2020-03-24 11:34:36 +01:00
Thomas Bernard
37121e1574
tiffdump: avoid unaligned memory access
fixes #143
fixes #144
2020-03-24 00:18:32 +01:00
Even Rouault
6c63f17749 Merge branch 'out-of-memory' into 'master'
tiffcp/tiff2pdf/tiff2ps: enforce maximum malloc size

Closes #153, #84, #116 et #115

See merge request libtiff/libtiff!130
2020-03-23 18:11:02 +00:00
Thomas Bernard
b738aaa834
tiffset: check memory allocation
fixes #157 / http://bugzilla.maptools.org/show_bug.cgi?id=2850
2020-03-23 17:17:17 +01:00
Thomas Bernard
dff30c4d5d
tiff2ps: enforce memory allocation limit
fixes #153 / http://bugzilla.maptools.org/show_bug.cgi?id=2845
2020-03-21 15:50:38 +01:00
Thomas Bernard
791046b3c6
tiff2pdf: enforce maximum data size
fixes #116 / http://bugzilla.maptools.org/show_bug.cgi?id=2756
fixes #84 / http://bugzilla.maptools.org/show_bug.cgi?id=2683
2020-03-21 15:30:43 +01:00
Thomas Bernard
035c1961d6
tiffcp.c: _TIFFmalloc() => limitMalloc() 2020-03-21 13:20:17 +01:00
Thomas Bernard
0a58e22b17
tiffcp: enforce maximum malloc size
default is 256MB. use -m option to change

fixes #115 / http://bugzilla.maptools.org/show_bug.cgi?id=2755
2020-03-21 13:20:12 +01:00
Thomas Bernard
f704878200
tiff2pdf: "" causes the relevant argument not to be written
fixes #44
2020-03-21 01:05:41 +01:00
Thomas Bernard
dbc90f9374
tiff2pdf: avoid divide by 0
fixes #133 http://bugzilla.maptools.org/show_bug.cgi?id=2796
2020-03-18 01:37:54 +01:00
Thomas Bernard
54ce8c5220
TIFFTAG_PREDICTOR is not supported for WebP
fixes #158
https://gitlab.com/libtiff/libtiff/-/issues/158

this bug was introduced by 9eacd59fec
merge request !32
2020-03-08 20:33:34 +01:00
Thomas Bernard
622492cb31
ppm2tiff: remove unused argument warning 2020-03-07 10:56:31 +01:00
Ludolf Holzheid
5582d0bfad
ppm2tiff: support any bps value from 1 to 16
fix #55
http://bugzilla.maptools.org/show_bug.cgi?id=2505

Patch originally submited by Ludolf Holzheid <ludolf.holzheid@gmx.de>
2020-03-07 10:56:31 +01:00
Even Rouault
06d6e36187 Merge branch 'division-by-zero' into 'master'
tools/tiffcp.c: fix potential division by zero

See merge request libtiff/libtiff!83
2020-02-26 21:37:54 +00:00
Even Rouault
2a4d9b4fab Merge branch 'bug2839' into 'master'
raw2tiff: avoid divide by 0

Closes #151

See merge request libtiff/libtiff!103
2020-02-26 21:22:26 +00:00
Even Rouault
2832b9829f Merge branch 'bug2669' into 'master'
tiff2pdf: palette bound check in t2p_sample_realize_palette()

Closes #82

See merge request libtiff/libtiff!104
2020-02-26 21:21:09 +00:00
Even Rouault
e9a124f52f Merge branch 'int-shift' into 'master'
tiffcrop: fix asan runtime error caused by integer promotion

See merge request libtiff/libtiff!105
2020-02-26 21:20:10 +00:00
Thomas Bernard
bdcf1add10
raw2tiff: avoid divide by 0
fixes #151 / http://bugzilla.maptools.org/show_bug.cgi?id=2839

first memcmp() lines before computing corellation
and always avoid divide by 0 anyway
2020-02-16 19:20:37 +01:00
Thomas Bernard
4f168b7368
tiffcrop: fix asan runtime error caused by integer promotion
tiffcrop.c:4027:20: runtime error: left shift of 190 by 24 places cannot be represented in type 'int'

C treats (byte << 24) as an int expression.
casting explicitely to unsigned type uint32 avoids the problem.

the same issue has been fixed elsewhere with a242136916

I detected the bug with the test file of #86
2020-02-08 13:43:35 +01:00
Thomas Bernard
3107393354
tiff2pdf: palette bound check in t2p_sample_realize_palette()
fixes #82
2020-02-08 13:27:51 +01:00
Thomas Bernard
ebf0864306
tiff2ps: fix heap buffer read overflow in PSDataColorContig()
fixes #161 / http://bugzilla.maptools.org/show_bug.cgi?id=2855

in 05029fb7f1 I missed that 1 extra byte is read
in this loop.
2020-02-08 12:10:56 +01:00
Bob Friesenhahn
58b16f47a8 Add nmake build support for manually configuring the 'port' files to be
built based on MSVC features.
Include tif_config.h in tools/tiffset.c.
2020-01-25 14:11:05 -06:00
Bug Checkers
47656ccb3f adds missing checks on TIFFGetField in tiffcrop tool (fixes #170) 2019-11-04 21:14:38 +00:00
Mansour Ahmadi
f2f1289601 adds a missing TIFFClose in rgb2ycbcr tool 2019-11-04 14:48:13 -05:00
Bob Friesenhahn
f18e1a2db5 Fix Cmake HAVE_GETOPT for systems which declare getopt in stdio.h.
Fix utility baked-in getopt prototype which appears when HAVE_GETOPT is not defined.
2019-11-03 11:21:26 -06:00
Even Rouault
b04da30e11
tiff2ps: fix use of wrong data type that caused issues (/Height being written as 0) on 64-bit big endian platforms 2019-08-18 10:52:45 +02:00
Nikola Forró
e897442344 tools/tiffcp.c: fix potential division by zero
Signed-off-by: Nikola Forró <nforro@redhat.com>
2019-06-12 12:23:33 +02:00
Even Rouault
b9b93f661e Merge branch 'bug2799' into 'master'
fix fax2tiff

See merge request libtiff/libtiff!55
2019-05-08 08:36:34 +00:00
Even Rouault
3c0becb4aa Merge branch 'bug_2844' into 'master'
tiff2ps.c: PSDataColorContig(): avoid heap buffer overrun

See merge request libtiff/libtiff!69
2019-04-25 09:39:01 +00:00
Thomas Bernard
ea2e933b17
tiff2pdf.c: don't call t2p_tile_collapse_left() when buffer size is wrong
see http://bugzilla.maptools.org/show_bug.cgi?id=2785
2019-02-28 13:44:49 +01:00
Thomas Bernard
b7d479cf8b
tiff2pdf.c: check colormap pointers
Avoid access to non initialized pointers
http://bugzilla.maptools.org/show_bug.cgi?id=2826
2019-02-28 13:05:19 +01:00
Thomas Bernard
05029fb7f1
PSDataColorContig(): avoid heap buffer overrun
fixes http://bugzilla.maptools.org/show_bug.cgi?id=2844
each iteration of the loop read nc bytes
2019-02-24 00:50:12 +01:00
Thomas Bernard
a242136916
tiff2ps.c: fix warning caused by integer promotion
uint8 value is promoted to int in (value << 24) so -fsanitize
yield runtime errors :
tiff2ps.c:2969:33: runtime error: left shift of 246 by 24 places cannot be represented in type 'int'
2019-02-22 16:23:33 +01:00
Even Rouault
27124e9148 Merge branch 'issue_2833' into 'master'
tiffcp.c: check that (Tile Width)*(Samples/Pixel) do no overflow

See merge request libtiff/libtiff!60
2019-02-19 14:39:26 +00:00
Thomas Bernard
9cfa5c4691 tiffcrop.c: fix invertImage() for bps 2 and 4
too much bytes were processed, causing a heap buffer overrun
    http://bugzilla.maptools.org/show_bug.cgi?id=2831
the loop counter must be
    for (col = 0; col < width; col += 8 / bps)

Also the values were not properly calculated. It should be
255-x, 15-x, 3-x for bps 8, 4, 2.

But anyway it is easyer to invert all bits as 255-x = ~x, etc.
(substracting from a binary number composed of all 1 is like inverting
the bits)
2019-02-11 23:08:25 +01:00
Thomas Bernard
7cc76e9bc4 tiffcp.c: use INT_MAX 2019-02-11 21:42:03 +01:00
Thomas Bernard
2b0d0e6997 check that (Tile Width)*(Samples/Pixel) do no overflow
fixes bug 2833
2019-02-11 10:05:33 +01:00
Even Rouault
ae0bed1fe5 Merge branch 'master' into 'master'
Fix for simple memory leak that was assigned CVE-2019-6128.

See merge request libtiff/libtiff!50
2019-02-02 14:46:05 +00:00
Even Rouault
933784a10a Merge branch 'bug2835' into 'master'
tiff2ps: fix heap-buffer-overflow

See merge request libtiff/libtiff!53
2019-02-02 14:32:58 +00:00
Yuri Aksenov
88b410f800
fix fax2tiff
see http://bugzilla.maptools.org/show_bug.cgi?id=2799
fixes d9bc8472e7
2019-02-02 15:14:54 +01:00
Thomas Bernard
309bfd7f61
tiff2ps: fix heap-buffer-overflow
http://bugzilla.maptools.org/show_bug.cgi?id=2834

usually the test (i < byte_count) is OK because the byte_count is divisible by samplesperpixel.
But if that is not the case, (i + ncomps) < byte_count should be used, or
maybe (i + samplesperpixel) <= byte_count
2019-01-29 10:47:14 +01:00
Thomas Bernard
5c222ec96c
tiffcrop: shut up clang warnings
make the out filename building a bit more simple
and remove the use of strcat()
2019-01-28 16:10:28 +01:00
Scott Gayou
0c74a9f49b Fix for simple memory leak that was assigned CVE-2019-6128.
pal2rgb failed to free memory on a few errors. This was reported
here: http://bugzilla.maptools.org/show_bug.cgi?id=2836.
2019-01-23 15:09:59 -05:00
Bob Friesenhahn
a0e273fdca Fix tiff2ps error regarding "Inconsistent value of es" by allowing es to be zero.
Problem was reported to the tiff mailing list by Julian H. Stacey on January 5, 2019.
2019-01-05 13:56:09 -06:00
Even Rouault
ae0325a1ab Merge branch 'resource-leaks' into 'master'
Fix two resource leaks

See merge request libtiff/libtiff!43
2018-12-07 20:58:13 +00:00
Bob Friesenhahn
d6f7cf744c tiffcrop.c: Avoid new clang warning about tools/tiffcrop.c "size argument in 'strncat' call appears to be size of the source". 2018-12-01 09:16:10 -06:00
Bob Friesenhahn
2480971bba tiff2pdf: Eliminate compiler warning about snprintf output truncation when formatting pdf_datetime. 2018-11-03 13:27:20 -05:00
Bob Friesenhahn
ed624dfe48 tiffcrop.c: Eliminate compiler warning about snprintf output truncation when formatting filenum. 2018-11-03 10:00:11 -05:00