libtiff

Author	SHA1	Message	Date
Even Rouault	fb5fbc320b	HTML: update for GitLab issues	2019-10-01 21:27:46 +02:00
Even Rouault	19f6b70d63	html/v3.5.6-beta.html: redact URL of defunct web site	2019-09-29 18:20:11 +02:00
Even Rouault	4d8cc50973	Website: update links to mailing list	2019-09-29 18:14:38 +02:00
Even Rouault	e86d43caee	TIFFReadAndRealloc(): avoid too large memory allocation attempts. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17244	2019-09-18 01:21:17 +02:00
Even Rouault	3519ab6c7f	ByteCountLooksBad and EstimateStripByteCounts: avoid unsigned integer overflows. Fixes https://oss-fuzz.com/testcase-detail/5686156066291712 and https://oss-fuzz.com/testcase-detail/6332499206078464	2019-09-03 20:15:41 +02:00
Even Rouault	6de57f7e0f	tif_ojpeg.c: avoid relying on isTiled macro being wrapped in ()	2019-09-02 16:22:10 +02:00
Even Rouault	7475a28508	tif_ojpeg.c: avoid use of uninitialized memory on edge/broken file. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16844	2019-09-02 16:21:02 +02:00
Even Rouault	4b2a343001	tiff_read_rgba_fuzzer.cc: add a -DSTANDALONE mode for easier reproduction of oss-fuzz reports	2019-09-02 15:33:46 +02:00
Even Rouault	760ecced1e	tif_dirread.c: allocChoppedUpStripArrays(). avoid unsigned integer overflow. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16846	2019-09-01 15:57:17 +02:00
Even Rouault	c22f319eb4	tif_ojpeg.c: avoid unsigned integer overflow. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16793	2019-08-27 10:58:21 +02:00
Even Rouault	9034afb440	TIFFReadDirEntryData(): rewrite to avoid unsigned integer overflow (not a bug). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16792	2019-08-27 00:02:29 +02:00
Even Rouault	244dfb46af	TIFFFetchDirectory(): fix invalid cast from uint64 to tmsize_t. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16784	2019-08-26 18:57:29 +02:00
Even Rouault	1a4efdd151	JPEG: avoid use of unintialized memory on corrupted files Follow-up of `cf3ce6fab8` Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16602 Credit to OSS Fuzz	2019-08-25 14:54:26 +02:00
Even Rouault	804f40f3bf	_TIFFPartialReadStripArray(): avoid unsigned integer overflow. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16685	2019-08-24 00:37:17 +02:00
Even Rouault	7db298e3a8	OJPEGWriteHeaderInfo(): avoid unsigned integer overflow on strile dimensions close to UINT32_MAX. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16683	2019-08-23 23:03:15 +02:00
Even Rouault	67f7561e70	TIFFFillStrip(): avoid harmless unsigned integer overflow. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16653	2019-08-23 14:54:26 +02:00
Even Rouault	ea271d7434	EstimateStripByteCounts(): avoid unsigned integer overflow. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16643&	2019-08-23 13:03:44 +02:00
Even Rouault	5f6349d3f8	tif_ojpeg: avoid unsigned integer overflow (probably not a bug). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16635	2019-08-23 12:38:46 +02:00
Even Rouault	c9edebfdb0	tif_thunder: avoid unsigned integer overflow (not a bug). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16632	2019-08-23 12:28:25 +02:00
Even Rouault	f277541bd8	_TIFFMultiply32() / _TIFFMultiply64(): avoid relying on unsigned integer overflow (not a bug)	2019-08-22 13:02:07 +02:00
Even Rouault	c8f268ef1b	EstimateStripByteCounts(): avoid unsigned integer overflow	2019-08-22 10:19:44 +02:00
Even Rouault	761d50e34d	EstimateStripByteCounts(): avoid unsigned integer overflow	2019-08-21 17:59:15 +02:00
Even Rouault	324aa65c0d	EstimateStripByteCounts(): avoid harmless unsigned integer overflow	2019-08-20 18:09:46 +02:00
Even Rouault	dd50fedc2f	_TIFFPartialReadStripArray(): avoid triggering unsigned integer overflow with -fsanitize=unsigned-integer-overflow (not a bug, this is well defined by itself)	2019-08-20 15:29:06 +02:00
Even Rouault	b04da30e11	tiff2ps: fix use of wrong data type that caused issues (/Height being written as 0) on 64-bit big endian platforms	2019-08-18 10:52:45 +02:00
Even Rouault	1a11c9df6e	setByteArray(): fix previous commit	2019-08-16 19:59:18 +02:00
Even Rouault	1302ffb350	setByteArray(): avoid potential signed integer overflow. Pointed by Hendra Gunadi. No actual problem known (which does not mean there wouldn't be any. Particularly on 32bit builds)	2019-08-16 19:47:42 +02:00
Even Rouault	4bb584a35f	RGBA interface: fix integer overflow potentially causing write heap buffer overflow, especially on 32 bit builds. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443 . Credit to OSS Fuzz	2019-08-15 15:05:28 +02:00
Even Rouault	2218055ca6	Merge branch 'fix_integer_overflow' into 'master' Fix integer overflow in _TIFFCheckMalloc() and other implementation-defined behaviour (CVE-2019-14973) See merge request libtiff/libtiff!90	2019-08-14 09:47:58 +00:00
Even Rouault	1b5e3b6a23	Fix integer overflow in _TIFFCheckMalloc() and other implementation-defined behaviour (CVE-2019-14973) _TIFFCheckMalloc()/_TIFFCheckRealloc() used a unsafe way to detect overflow in the multiplication of nmemb and elem_size (which are of type tmsize_t, thus signed), which was especially easily triggered on 32-bit builds (with recent enough compilers that assume that signed multiplication cannot overflow, since this is undefined behaviour by the C standard). The original issue which lead to this fix was trigged from tif_fax3.c There were also unsafe (implementation defied), and broken in practice on 64bit builds, ways of checking that a uint64 fits of a (signed) tmsize_t by doing (uint64)(tmsize_t)uint64_var != uint64_var comparisons. Those have no known at that time exploits, but are better to fix in a more bullet-proof way. Or similarly use of (int64)uint64_var <= 0.	2019-08-13 10:40:08 +02:00
Even Rouault	12768a24b1	TIFFClientOpen(): fix memory leak if one of the required callbacks is not provided. Fixed Coverity GDAL CID 1404110	2019-08-12 22:51:09 +02:00
Even Rouault	ea69462ea2	OJPEGReadBufferFill(): avoid very long processing time on corrupted files. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16400 . master only	2019-08-12 17:55:56 +02:00
Even Rouault	187e596861	oss-fuzz/tiff_read_rgba_fuzzer.cc: fix wrong env variable value in previous commit	2019-08-11 00:36:31 +02:00
Even Rouault	2c7e74245a	oss-fuzz/tiff_read_rgba_fuzzer.cc: avoid issue with libjpeg-turbo and MSAN	2019-08-11 00:24:41 +02:00
Even Rouault	43908ce15e	OJPEG: fix integer division by zero on corrupted subsampling factors. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15824 . Credit to OSS Fuzz	2019-08-10 19:36:09 +02:00
Even Rouault	75c1cf5e91	Merge branch 'ossfuzz_i386'	2019-08-10 18:45:16 +02:00
Even Rouault	76f1531f5f	contrib/oss-fuzz/build.sh: fix for i386 build of jbigkit, and use $LIB_FUZZING_ENGINE	2019-08-10 18:40:50 +02:00
Even Rouault	a7fa3410d9	Merge branch 'patch-1' into 'master' fix two tiny typos See merge request libtiff/libtiff!89	2019-08-10 16:00:00 +00:00
Reto Kromer	3fd6bb95dc	fix two tiny typos	2019-08-10 15:54:23 +00:00
Even Rouault	66ff50ec79	Merge branch 'patch-1' into 'master' fix a typo in man page See merge request libtiff/libtiff!88	2019-08-09 17:26:44 +00:00
Reto Kromer	2d4bb5bdc2	fix typo	2019-08-09 17:20:26 +00:00
Even Rouault	c9cb49177b	Merge branch 'TIFFTAGID_Zero_reading_IGNORE' into 'master' Suppressed Reading of Tiff tags with ID = 0 (like GPSVERSIONID) corrected. See merge request libtiff/libtiff!77	2019-08-04 13:23:07 +00:00
Su Laus	6f5c9477dd	Reading of Tiff tags with ID = 0 (like GPSVERSIONID) corrected. IGNORE placeholder in tif_dirread.c is now replaced by a field dir_ignore in the TIFFDirEntry structure Currently, in tif_dirread.c a special IGNORE value for the tif tags is defined in order to flag status preventing already processed tags from further processing. This irrational behaviour prevents reading of custom tags with id code 0 - like tag GPSVERSIONID from EXIF 2.31 definition. An additional field 'tdir_ignore' is now added to the TIFFDirEntry structure and code is changed to allow tags with id code 0 to be read correctly. This change was already proposed as pending improvement in tif_dirread.c around line 32. Reference is also made to: - Discussion in https://gitlab.com/libtiff/libtiff/merge_requests/39 - http://bugzilla.maptools.org/show_bug.cgi?id=2540 Comments and indention adapted. Preparation to rebase onto master	2019-08-04 13:23:07 +00:00
Even Rouault	d8e707a953	Merge branch 'cmake_amd64' into 'master' CMakeLists.txt: properly set value of HOST_FILLORDER to LSB2MSB for Windows CMake builds See merge request libtiff/libtiff!87	2019-07-16 09:54:55 +00:00
Even Rouault	5e7e9b597f	CMakeLists.txt: properly set value of HOST_FILLORDER to LSB2MSB for Windows CMake builds As can be seen in https://ci.appveyor.com/project/rleigh-codelibre/libtiff-didfs/builds/25846668/job/ory5w098j8wcij9x log, the HOST_FILLORDER is not properly set: [00:02:58] -- CMAKE_HOST_SYSTEM_PROCESSOR set to AMD64 [00:02:58] -- HOST_FILLORDER set to FILLORDER_MSB2LSB Ther reason is that we match the "amd64.*" lowercase string whereas CMAKE_HOST_SYSTEM_PROCESSOR is set to AMD64 uppercase.	2019-07-15 12:19:27 +02:00
Even Rouault	a21714f028	TIFFWriteCheck(): call TIFFForceStrileArrayWriting() when needed (should have gone with `eaeca6274a`) (master only)	2019-07-09 13:56:18 +02:00
Even Rouault	6662e2b388	Merge branch 'fix_chromium_925269' into 'master' OJPEG: avoid use of unintialized memory on corrupted files See merge request libtiff/libtiff!86	2019-07-09 11:47:43 +00:00
Even Rouault	cf3ce6fab8	OJPEG: avoid use of unintialized memory on corrupted files Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=925269 Patch from Lei Zhang with little adaptations.	2019-07-05 18:51:46 +02:00
Even Rouault	ab3204b167	Merge branch 'fix-division-by-zero' into 'master' Return infinite distance when denominator is zero. See merge request libtiff/libtiff!85	2019-06-29 16:54:50 +00:00
Dirk Lemstra	b381187db6	Return infinite distance when denominator is zero.	2019-06-29 18:44:38 +02:00

1 2 3 4 5 ...

3281 Commits