diff options
| author | Chris Liddell <chris.liddell@artifex.com> | 2018-03-27 14:08:47 +0100 |
|---|---|---|
| committer | Chris Liddell <chris.liddell@artifex.com> | 2018-03-29 13:44:03 +0100 |
| commit | 003c4211a019eb5c4719860f353777e177553490 (patch) | |
| tree | e526be8e98c305b1cc135714fa7c9e272ecfd20a /tiff | |
| parent | bc817a3afdb932eadac17155834f89efd1c96da4 (diff) | |
| download | ghostpdl-003c4211a019eb5c4719860f353777e177553490.tar.gz | |
Update libtiff to 4.0.9
Add in portability changes to tiffiop.h
Portability tiffiop.h
Remove globals from tif_pixarlog.c
Tweaks to support libtiff 4.0.9
Diffstat (limited to 'tiff')
82 files changed, 3928 insertions, 1097 deletions
diff --git a/tiff/CMakeLists.txt b/tiff/CMakeLists.txt index 1ee6fd46a..52b5ae99c 100644 --- a/tiff/CMakeLists.txt +++ b/tiff/CMakeLists.txt @@ -467,7 +467,7 @@ report_values(CMAKE_HOST_SYSTEM_PROCESSOR HOST_FILLORDER HOST_BIG_ENDIAN HAVE_IEEEFP) # Large file support -if (UNIX) +if (UNIX OR MINGW) # This might not catch every possibility catered for by # AC_SYS_LARGEFILE. add_definitions(-D_FILE_OFFSET_BITS=64) diff --git a/tiff/ChangeLog b/tiff/ChangeLog index 9b9d397d4..ea8622b8a 100644 --- a/tiff/ChangeLog +++ b/tiff/ChangeLog @@ -1,3 +1,873 @@ +2017-11-18 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> + + * configure.ac: libtiff 4.0.9 released. + + * html/v4.0.9.html: Add HTML file to document changes in libtiff + v4.0.9. + +2017-11-17 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_aux.c, tif_getimage.c, tif_read.c: typo fixes in + comments. + +2017-11-02 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> + + * test/Makefile.am: Add some tests for tiff2bw. + +2017-11-01 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> + + * tools/tiff2bw.c (main): Free memory allocated in the tiff2bw + program. This is in response to the report associated with + CVE-2017-16232 but does not solve the extremely high memory usage + with the associated POC file. + +2017-10-29 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> + + * tools/tiff2pdf.c (t2p_sample_realize_palette): Fix possible + arithmetic overflow in bounds checking code and eliminate + comparison between signed and unsigned type. + + * tools/fax2tiff.c (_FAX_Client_Data): Pass FAX_Client_Data as the + client data. This client data is not used at all at the moment, + but it makes the most sense. Issue that the value of + client_data.fd was passed where a pointer is expected was reported + via email by Gerald Schade on Sun, 29 Oct 2017. + +2017-10-23 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_getimage.c: avoid floating point division by zero in + initCIELabConversion() + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3733 + Credit to OSS Fuzz + +2017-10-17 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_jpeg.c: add compatibility with libjpeg-turbo 1.5.2 that + honours max_memory_to_use > 0. + Cf https://github.com/libjpeg-turbo/libjpeg-turbo/issues/162 + +2017-10-10 Even Rouault <even.rouault at spatialys.com> + + * nmake.opt: support a DEBUG=1 option, so as to adjust OPTFLAGS and use + /MDd runtime in debug mode. + +2017-10-01 Even Rouault <even.rouault at spatialys.com> + + * tools/tiffset.c: fix setting a single value for the ExtraSamples tag + (and other tags with variable number of values). + So 'tiffset -s ExtraSamples 1 X'. This only worked + when setting 2 or more values, but not just one. + +2017-09-29 Even Rouault <even.rouault at spatialys.com> + + * libtiff/libtiff.def: add TIFFReadRGBAStripExt and TIFFReadRGBATileExt + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2735 + +2017-09-09 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_dirread.c: add NULL check to avoid likely false positive + null-pointer dereference warning by CLang Static Analyzer. + +2017-09-07 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tiffiop.h, tif_aux.c: redirect SeekOK() macro to a _TIFFSeekoK() + function that checks if the offset is not bigger than INT64_MAX, so as + to avoid a -1 error return code of TIFFSeekFile() to match a required + seek to UINT64_MAX/-1. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2726 + Adapted from proposal by Nicolas Ruff. + +2017-08-29 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_jpeg.c: accept reading the last strip of a JPEG compressed + file if the codestream height is larger than the truncated height of the + strip. Emit a warning in this situation since this is non compliant. + +2017-08-28 Even Rouault <even.rouault at spatialys.com> + + * test/Makefile.am: add missing reference to images/quad-lzw-compat.tiff + to fix "make distcheck". Patch by Roger Leigh + +2017-08-23 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_dirwrite.c: replace assertion to tag value not fitting + on uint32 when selecting the value of SubIFD tag by runtime check + (in TIFFWriteDirectoryTagSubifd()). + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2728 + Reported by team OWL337 + +2017-08-23 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_dirwrite.c: replace assertion related to not finding the + SubIFD tag by runtime check (in TIFFWriteDirectorySec()) + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2727 + Reported by team OWL337 + +2017-07-24 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_luv.c: further reduce memory requirements for temporary + buffer when RowsPerStrip >= image_length in LogLuvInitState() and + LogL16InitState(). + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2700 + Credit to OSS Fuzz + +2017-07-24 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_getimage.c: fix fromskew computation when to-be-skipped + pixel number is not a multiple of the horizontal subsampling, and + also in some other cases. Impact putcontig8bitYCbCr44tile, + putcontig8bitYCbCr42tile, putcontig8bitYCbCr41tile, + putcontig8bitYCbCr21tile and putcontig8bitYCbCr12tile + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2637 (discovered + by Agostino Sarubbo) + and https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2691 (credit + to OSS Fuzz) + +2017-07-24 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_getimage.c: gtTileContig() and gtTileSeparate(): + properly break from loops on error when stoponerr is set, instead + of going on iterating on row based loop. + +2017-07-18 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_luv.c: LogLuvInitState(): avoid excessive memory + allocation when RowsPerStrip tag is missing. + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2683 + Credit to OSS-Fuzz + +2017-07-15 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_read.c: add protection against excessive memory + allocation attempts in TIFFReadDirEntryArray() on short files. + Effective for mmap'ed case. And non-mmap'ed case, but restricted + to 64bit builds. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2675 + +2017-07-15 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_read.c: in TIFFFetchStripThing(), only grow the + arrays that hold StripOffsets/StripByteCounts, when they are smaller + than the expected number of striles, up to 1 million striles, and + error out beyond. Can be tweaked by setting the environment variable + LIBTIFF_STRILE_ARRAY_MAX_RESIZE_COUNT. + This partially goes against a change added on 2002-12-17 to accept + those arrays of wrong sizes, but is needed to avoid denial of services. + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2350 + Credit to OSS Fuzz + +2017-07-15 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_read.c: TIFFFillStrip() / TIFFFillTile(). + Complementary fix for http://bugzilla.maptools.org/show_bug.cgi?id=2708 + in the isMapped() case, so as to avoid excessive memory allocation + when we need a temporary buffer but the file is truncated. + +2017-07-15 Even Rouault <even.rouault at spatialys.com> + + * tools/tiff2pdf.c: prevent heap buffer overflow write in "Raw" + mode on PlanarConfig=Contig input images. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2715 + Reported by team OWL337 + +2017-07-11 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_dir.c: avoid potential null pointer dereference in + _TIFFVGetField() on corrupted TIFFTAG_NUMBEROFINKS tag instance. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2713 + +2017-07-11 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_lzw.c: fix potential out-of-buffer read on 1-byte LZW + strips. Crashing issue only on memory mapped files, where the strip + offset is the last byte of the file, and the file size is a multiple + of one page size on the CPU architecture (typically 4096). Credit + to myself :-) + +2017-07-11 Even Rouault <even.rouault at spatialys.com> + + * test/tiffcp-lzw-compat.sh, test/images/quad-lzw-compat.tiff: new files + to test old-style LZW decompression + * test/common.sh, Makefile.am, CMakeList.txt: updated with above + +2017-07-11 Even Rouault <even.rouault at spatialys.com> + + * refresh autoconf/make stuff with what is on Ubuntu 16.04 (minor changes) + +2017-07-11 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_lzw.c: fix 4.0.8 regression in the decoding of old-style LZW + compressed files. + +2017-07-10 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_pixarlog.c: avoid excessive memory allocation on decoding + when RowsPerStrip tag is not defined (and thus td_rowsperstrip == UINT_MAX) + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2554 + Credit to OSS Fuzz + +2017-07-04 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_read.c, tiffiop.h: add a _TIFFReadEncodedTileAndAllocBuffer() + and _TIFFReadTileAndAllocBuffer() variants of TIFFReadEncodedTile() and + TIFFReadTile() that allocates the decoded buffer only after a first + successful TIFFFillTile(). This avoids excessive memory allocation + on corrupted files. + * libtiff/tif_getimage.c: use _TIFFReadTileAndAllocBuffer(). + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2470 + Credit to OSS Fuzz. + +2017-07-04 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_error.c, tif_warning.c: correctly use va_list when both + an old-style and new-style warning/error handlers are installed. + Patch by Paavo Helde (sent on the mailing list) + +2017-07-02 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_read.c: TIFFStartTile(): set tif_rawcc to + tif_rawdataloaded when it is set. Similarly to TIFFStartStrip(). + This issue was revealed by the change of 2017-06-30 in TIFFFileTile(), + limiting the number of bytes read. But it could probably have been hit + too in CHUNKY_STRIP_READ_SUPPORT mode previously ? + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2454 + Credit to OSS Fuzz + +2017-06-30 Even Rouault <even.rouault at spatialys.com> + + * man: update documentation regarding SubIFD tag and + TIFFSetSubDirectory() data type. + Patch by Eric Piel + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2671 + +2017-06-30 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_dirwrite.c: in TIFFWriteDirectoryTagCheckedXXXX() + functions associated with LONG8/SLONG8 data type, replace assertion that + the file is BigTIFF, by a non-fatal error. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2712 + Reported by team OWL337 + +2017-06-30 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_read.c, tiffiop.h: add a _TIFFReadEncodedStripAndAllocBuffer() + function, variant of TIFFReadEncodedStrip() that allocates the + decoded buffer only after a first successful TIFFFillStrip(). This avoids + excessive memory allocation on corrupted files. + * libtiff/tif_getimage.c: use _TIFFReadEncodedStripAndAllocBuffer(). + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2708 and + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2433 . + Credit to OSS Fuzz + +2017-06-30 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_read.c: TIFFFillTile(): add limitation to the number + of bytes read in case td_stripbytecount[strip] is bigger than + reasonable, so as to avoid excessive memory allocation (similarly to + what was done for TIFFFileStrip() on 2017-05-10) + +2017-06-29 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tiffiop.h, libtiff/tif_jpeg.c, libtiff/tif_jpeg_12.c, + libtiff/tif_read.c: make TIFFReadScanline() works in + CHUNKY_STRIP_READ_SUPPORT mode with JPEG stream with multiple scans. + Also make configurable through a LIBTIFF_JPEG_MAX_ALLOWED_SCAN_NUMBER + environment variable the maximum number of scans allowed. Defaults to + 100. + +2017-06-27 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_dirread.c: in TIFFReadDirEntryFloat(), check that a + double value can fit in a float before casting. Patch by Nicolas RUFF + +2017-06-26 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_jbig.c: fix memory leak in error code path of JBIGDecode() + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2706 + Reported by team OWL337 + +2017-06-24 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_jpeg.c: error out at decoding time if anticipated libjpeg + memory allocation is above 100 MB. libjpeg in case of multiple scans, + which is allowed even in baseline JPEG, if components are spread over several + scans and not interleavedin a single one, needs to allocate memory (or + backing store) for the whole strip/tile. + See http://www.libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf + This limitation may be overriden by setting the + LIBTIFF_ALLOW_LARGE_LIBJPEG_MEM_ALLOC environment variable, or recompiling + libtiff with a custom value of TIFF_LIBJPEG_LARGEST_MEM_ALLOC macro. + +2017-06-24 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_jpeg.c: add anti-denial of service measure to avoid excessive + CPU consumption on progressive JPEGs with a huge number of scans. + See http://www.libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf + Note: only affects libtiff since 2014-12-29 where support of non-baseline JPEG + was added. + +2017-06-18 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tiffiop.h: add TIFF_NOSANITIZE_UNSIGNED_INT_OVERFLOW macro to + disable CLang warnings raised by -fsanitize=undefined,unsigned-integer-overflow + * libtiff/tif_predict.c: decorate legitimate functions where unsigned int + overflow occur with TIFF_NOSANITIZE_UNSIGNED_INT_OVERFLOW + * libtiff/tif_dirread.c: avoid unsigned int overflow in EstimateStripByteCounts() + and BYTECOUNTLOOKSBAD when file is too short. + * libtiff/tif_jpeg.c: avoid (harmless) unsigned int overflow on tiled images. + * libtiff/tif_fax3.c: avoid unsigned int overflow in Fax3Encode2DRow(). Could + potentially be a bug with huge rows. + * libtiff/tif_getimage.c: avoid many (harmless) unsigned int overflows. + +2017-06-12 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_dirread.c: TIFFFetchStripThing(): limit the number of items + read in StripOffsets/StripByteCounts tags to the number of strips to avoid + excessive memory allocation. + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2215 + Credit to OSS Fuzz + +2017-06-12 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_dirread.c: fix regression of libtiff 4.0.8 in + ChopUpSingleUncompressedStrip() regarding update of newly single-strip + uncompressed files whose bytecount is 0. Before the change of 2016-12-03, + the condition bytecount==0 used to trigger an early exit/disabling of + strip chop. Re-introduce that in update mode. Otherwise this cause + later incorrect setting for the value of StripByCounts/StripOffsets. + ( https://trac.osgeo.org/gdal/ticket/6924 ) + +2017-06-10 Even Rouault <even.rouault at spatialys.com> + + * .appveyor.yml, .travis.yml, build/travis-ci: apply patches + 0001-ci-Travis-script-improvements.patch and + 0002-ci-Invoke-helper-script-via-shell.patch by Roger Leigh + (sent to mailing list) + +2017-06-08 Even Rouault <even.rouault at spatialys.com> + + * .travis.yml, build/travis-ci: new files from + 0001-ci-Add-Travis-support-for-Linux-builds-with-Autoconf.patch by + Roger Leigh (sent to mailing list on 2017-06-08) + This patch adds support for the Travis-CI service. + + * .appveyor.yml: new file from + 0002-ci-Add-AppVeyor-support.patch by Roger Leigh (sent to mailing + list on 2017-06-08) + This patch adds a .appveyor.yml file to the top-level. This allows + one to opt in to having a branch built on Windows with Cygwin, + MinGW and MSVC automatically when a branch is pushed to GitHub, + GitLab, BitBucket or any other supported git hosting service. + + * CMakeLists.txt, test/CMakeLists.txt, test/TiffTestCommon.cmake: apply + patch 0001-cmake-Improve-Cygwin-and-MingGW-test-support.patch from Roger + Leigh (sent to mailing list on 2017-06-08) + This patch makes the CMake build system support running the tests + with MinGW or Cygwin. + +2017-06-08 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_swab.c: if DISABLE_CHECK_TIFFSWABMACROS is defined, do not do + the #ifdef TIFFSwabXXX checks. Make it easier for GDAL to rename the symbols + of its internal libtiff copy. + +2017-06-01 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_dirinfo.c, tif_dirread.c: add _TIFFCheckFieldIsValidForCodec(), + and use it in TIFFReadDirectory() so as to ignore fields whose tag is a + codec-specified tag but this codec is not enabled. This avoids TIFFGetField() + to behave differently depending on whether the codec is enabled or not, and + thus can avoid stack based buffer overflows in a number of TIFF utilities + such as tiffsplit, tiffcmp, thumbnail, etc. + Patch derived from 0063-Handle-properly-CODEC-specific-tags.patch + (http://bugzilla.maptools.org/show_bug.cgi?id=2580) by Raphaël Hertzog. + Fixes: + http://bugzilla.maptools.org/show_bug.cgi?id=2580 + http://bugzilla.maptools.org/show_bug.cgi?id=2693 + http://bugzilla.maptools.org/show_bug.cgi?id=2625 (CVE-2016-10095) + http://bugzilla.maptools.org/show_bug.cgi?id=2564 (CVE-2015-7554) + http://bugzilla.maptools.org/show_bug.cgi?id=2561 (CVE-2016-5318) + http://bugzilla.maptools.org/show_bug.cgi?id=2499 (CVE-2014-8128) + http://bugzilla.maptools.org/show_bug.cgi?id=2441 + http://bugzilla.maptools.org/show_bug.cgi?id=2433 + +2017-05-29 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_getimage.c: initYCbCrConversion(): stricter validation for + refBlackWhite coefficients values. To avoid invalid float->int32 conversion + (when refBlackWhite[0] == 2147483648.f) + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1907 + Credit to OSS Fuzz + +2017-05-29 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_color.c: TIFFYCbCrToRGBInit(): stricter clamping to avoid + int32 overflow in TIFFYCbCrtoRGB(). + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1844 + Credit to OSS Fuzz + +2017-05-21 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> + + * configure.ac: libtiff 4.0.8 released. + + * html/v4.0.8.html: Add description of changes targeting the 4.0.8 + release. + +2017-05-20 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_getimage.c: initYCbCrConversion(): stricter validation for + refBlackWhite coefficients values. To avoid invalid float->int32 conversion. + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1718 + Credit to OSS Fuzz + +2017-05-18 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_getimage.c: initYCbCrConversion(): check luma[1] is not zero + to avoid division by zero. + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1665 + Credit to OSS Fuzz + +2017-05-17 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_read.c: _TIFFVSetField(): fix outside range cast of double to + float. + Credit to Google Autofuzz project + +2017-05-17 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_getimage.c: initYCbCrConversion(): add basic validation of + luma and refBlackWhite coefficients (just check they are not NaN for now), + to avoid potential float to int overflows. + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1663 + Credit to OSS Fuzz + +2017-05-17 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_pixarlog.c: PixarLogDecode(): resync tif_rawcp with + next_in and tif_rawcc with avail_in at beginning and end of function, + similarly to what is done in LZWDecode(). Likely needed so that it + works properly with latest chnges in tif_read.c in CHUNKY_STRIP_READ_SUPPORT + mode. But untested... + +2017-05-17 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_lzw.c: update dec_bitsleft at beginning of LZWDecode(), + and update tif_rawcc at end of LZWDecode(). This is needed to properly + work with the latest chnges in tif_read.c in CHUNKY_STRIP_READ_SUPPORT + mode. + +2017-05-14 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_luv.c: LogL16InitState(): avoid excessive memory + allocation when RowsPerStrip tag is missing. + Credit to OSS-Fuzz (locally run, on GDAL) + +2017-05-14 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_packbits.c: fix out-of-buffer read in PackBitsDecode() + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1563 + Credit to OSS-Fuzz + +2017-05-13 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_pixarlog.c, tif_luv.c: avoid potential int32 + overflows in multiply_ms() and add_ms(). + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1558 + Credit to OSS-Fuzz + +2017-05-13 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_color.c: avoid potential int32 overflow in + TIFFYCbCrToRGBInit() + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1533 + Credit to OSS-Fuzz + +2017-05-13 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_read.c: update tif_rawcc in CHUNKY_STRIP_READ_SUPPORT + mode with tif_rawdataloaded when calling TIFFStartStrip() or + TIFFFillStripPartial(). This avoids reading beyond tif_rawdata + when bytecount > tif_rawdatasize. + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1545. + Credit to OSS-Fuzz + +2017-05-12 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_read.c: TIFFFillStripPartial(): + avoid excessive memory allocation in case of shorten files. + Only effective on 64 bit builds. + Credit to OSS-Fuzz (locally run, on GDAL) + +2017-05-12 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_read.c: TIFFFillStripPartial() / TIFFSeek(), + avoid potential integer overflows with read_ahead in + CHUNKY_STRIP_READ_SUPPORT mode. Should + especially occur on 32 bit platforms. + +2017-05-10 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_read.c: TIFFFillStrip() and TIFFFillTile(): + avoid excessive memory allocation in case of shorten files. + Only effective on 64 bit builds and non-mapped cases. + Credit to OSS-Fuzz (locally run, on GDAL) + +2017-05-10 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_zip.c, tif_pixarlog.c, tif_predict.c: fix memory + leak when the underlying codec (ZIP, PixarLog) succeeds its + setupdecode() method, but PredictorSetup fails. + Credit to OSS-Fuzz (locally run, on GDAL) + +2017-05-10 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_read.c: TIFFFillStrip(): add limitation to the number + of bytes read in case td_stripbytecount[strip] is bigger than + reasonable, so as to avoid excessive memory allocation. + +2017-04-28 Even Rouault <even.rouault at spatialys.com> + + * tools/tiff2bw.c: close TIFF handle in error code path. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2677 + +2017-04-27 Even Rouault <even.rouault at spatialys.com> + + * litiff/tif_fax3.c: avoid crash in Fax3Close() on empty file. + Patch by Alan Coopersmith + complement by myself. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2673 + * tools/fax2tiff.c: emit appropriate message if the input file is + empty. Patch by Alan Coopersmith. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2672 + +2017-04-27 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_ojpeg.c: fix potential memory leak in + OJPEGReadHeaderInfoSecTablesQTable, OJPEGReadHeaderInfoSecTablesDcTable + and OJPEGReadHeaderInfoSecTablesAcTable + Patch by Nicolás Peña. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2670 + +2017-04-27 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_dirread.c: fix memory leak in non DEFER_STRILE_LOAD + mode (ie default) when there is both a StripOffsets and + TileOffsets tag, or a StripByteCounts and TileByteCounts + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2689 + * tools/tiff2ps.c: call TIFFClose() in error code paths. + +2017-02-25 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_fax3.c, tif_predict.c, tif_getimage.c: fix GCC 7 + -Wimplicit-fallthrough warnings. + +2017-02-18 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_pixarlog.c: fix memory leak in error code path of + PixarLogSetupDecode(). Patch by Nicolás Peña. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2665 + +2017-02-18 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_lzw.c: in LZWPostEncode(), increase, if necessary, the + code bit-width after flushing the remaining code and before emitting + the EOI code. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=1982 + +2017-01-31 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_jpeg.c: only run JPEGFixupTagsSubsampling() if the + YCbCrSubsampling tag is not explicitly present. This helps a bit to reduce + the I/O amount when te tag is present (especially on cloud hosted files). + +2017-01-14 Even Rouault <even.rouault at spatialys.com> + + * tools/raw2tiff.c: avoid integer division by zero. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2631 + +2017-01-12 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_ojpeg.c: fix leak in OJPEGReadHeaderInfoSecTablesQTable, + OJPEGReadHeaderInfoSecTablesDcTable and OJPEGReadHeaderInfoSecTablesAcTable + when read fails. + Patch by Nicolás Peña. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659 + +2017-01-11 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_luv.c, tif_lzw.c, tif_packbits.c: return 0 in Encode + functions instead of -1 when TIFFFlushData1() fails. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2130 + +2017-01-11 Even Rouault <even.rouault at spatialys.com> + + * tools/tiffcp.c: error out cleanly in cpContig2SeparateByRow and + cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap based overflow. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2656 and + http://bugzilla.maptools.org/show_bug.cgi?id=2657 + +2017-01-11 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tiffio.h, tif_unix.c, tif_win32.c, tif_vms.c: add _TIFFcalloc() + + * libtiff/tif_read.c: TIFFReadBufferSetup(): use _TIFFcalloc() to zero + initialize tif_rawdata. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2651 + +2017-01-11 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_getimage.c: add explicit uint32 cast in putagreytile to + avoid UndefinedBehaviorSanitizer warning. + Patch by Nicolás Peña. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2658 + +2017-01-11 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_read.c: avoid potential undefined behaviour on signed integer + addition in TIFFReadRawStrip1() in isMapped() case. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2650 + +2017-01-11 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_jpeg.c: validate BitsPerSample in JPEGSetupEncode() to avoid + undefined behaviour caused by invalid shift exponent. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648 + +2017-01-11 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_dir.c, tif_dirread.c, tif_dirwrite.c: implement various clampings + of double to other data types to avoid undefined behaviour if the output range + isn't big enough to hold the input value. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2643 + http://bugzilla.maptools.org/show_bug.cgi?id=2642 + http://bugzilla.maptools.org/show_bug.cgi?id=2646 + http://bugzilla.maptools.org/show_bug.cgi?id=2647 + +2017-01-11 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_dirread.c: avoid division by floating point 0 in + TIFFReadDirEntryCheckedRational() and TIFFReadDirEntryCheckedSrational(), + and return 0 in that case (instead of infinity as before presumably) + Apparently some sanitizers do not like those divisions by zero. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2644 + +2017-01-11 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_dirwrite.c: in TIFFWriteDirectoryTagCheckedRational, replace + assertion by runtime check to error out if passed value is strictly + negative. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2535 + + * tools/tiffcrop.c: remove extraneous TIFFClose() in error code path, that + caused double free. + Related to http://bugzilla.maptools.org/show_bug.cgi?id=2535 + +2017-01-11 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_jpeg.c: avoid integer division by zero in + JPEGSetupEncode() when horizontal or vertical sampling is set to 0. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2653 + +2017-01-03 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_jpeg.c: increase libjpeg max memory usable to + 10 MB instead of libjpeg 1MB default. This helps when creating files + with "big" tile, without using libjpeg temporary files. + Related to https://trac.osgeo.org/gdal/ticket/6757 + +2016-12-20 Even Rouault <even.rouault at spatialys.com> + + * tools/tiff2pdf.c: avoid potential heap-based overflow in + t2p_readwrite_pdf_image_tile(). + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2640 + +2016-12-20 Even Rouault <even.rouault at spatialys.com> + + * tools/tiff2pdf.c: avoid potential invalid memory read in + t2p_writeproc. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2639 + +2016-12-20 Even Rouault <even.rouault at spatialys.com> + + * tools/tiff2pdf.c: fix wrong usage of memcpy() that can trigger + unspecified behaviour. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2638 + +2016-12-18 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_getimage.c: fix potential memory leaks in error code + path of TIFFRGBAImageBegin(). + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2627 + +2016-12-18 Even Rouault <even.rouault at spatialys.com> + + * tools/tiff2pdf.c: prevent heap-based buffer overflow in -j mode + on a paletted image. Note: this fix errors out before the overflow + happens. There could probably be a better fix. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2635 + +2016-12-17 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tiffio.h, libtiff/tif_getimage.c: add TIFFReadRGBAStripExt() + and TIFFReadRGBATileExt() variants of the functions without ext, with + an extra argument to control the stop_on_error behaviour. + +2016-12-17 Even Rouault <even.rouault at spatialys.com> + + * tools/tiff2ps.c: fix 2 heap-based buffer overflows (in PSDataBW + and PSDataColorContig). Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2633 and + http://bugzilla.maptools.org/show_bug.cgi?id=2634. + +2016-12-13 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_fax3.h: revert change done on 2016-01-09 that made + Param member of TIFFFaxTabEnt structure a uint16 to reduce size of + the binary. It happens that the Hylafax software uses the tables that + follow this typedef (TIFFFaxMainTable, TIFFFaxWhiteTable, + TIFFFaxBlackTable), although they are not in a public libtiff header. + Raised by Lee Howard. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2636 + +2016-12-04 Even Rouault <even.rouault at spatialys.com> + + * html/man/Makefile.am: remove thumbnail.1.html and rgb2ycbcr.1.html + from installed pages since the corresponding utilities are no longer + installed. Reported by Havard Eidnes + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2606 + +2016-12-03 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_write.c: fix misleading indentation as warned by GCC. + +2016-12-03 Even Rouault <even.rouault at spatialys.com> + + * tools/tiffcp.c: replace assert( (bps % 8) == 0 ) by a non assert check. + Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2605 + +2016-12-03 Even Rouault <even.rouault at spatialys.com> + + * tools/tiffcp.c: fix uint32 underflow/overflow that can cause heap-based + buffer overflow. + Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2610 + +2016-12-03 Even Rouault <even.rouault at spatialys.com> + + * tools/tiffcp.c: avoid potential division by zero is BitsPerSamples tag is + missing. + Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2607 + +2016-12-03 Even Rouault <even.rouault at spatialys.com> + + * man/Makefile.am: remove thumbnail.1 and rgb2ycbcr.1 from installed man + pages since the corresponding utilities are no longer installed. + Reported by Havard Eidnes + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2606 + +2016-12-03 Even Rouault <even.rouault at spatialys.com> + + * tools/tif_dir.c: when TIFFGetField(, TIFFTAG_NUMBEROFINKS, ) is called, + limit the return number of inks to SamplesPerPixel, so that code that parses + ink names doesn't go past the end of the buffer. + Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2599 + +2016-12-03 Even Rouault <even.rouault at spatialys.com> + + * tools/tiffcp.c: avoid potential division by zero is BitsPerSamples tag is + missing. + Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2597 + +2016-12-03 Even Rouault <even.rouault at spatialys.com> + + * tools/tiffinfo.c: fix null pointer dereference in -r mode when the image has + no StripByteCount tag. + Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2594 + +2016-12-03 Even Rouault <even.rouault at spatialys.com> + + * tools/tiffcrop.c: fix integer division by zero when BitsPerSample is missing. + Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2619 + +2016-12-03 Even Rouault <even.rouault at spatialys.com> + + * tools/tiffcrop.c: add 3 extra bytes at end of strip buffer in + readSeparateStripsIntoBuffer() to avoid read outside of heap allocated buffer. + Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2621 + +2016-12-03 Even Rouault <even.rouault at spatialys.com> + + * tools/tiffcrop.c: fix readContigStripsIntoBuffer() in -i (ignore) mode so + that the output buffer is correctly incremented to avoid write outside bounds. + Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2620 + +2016-12-03 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_ojpeg.c: make OJPEGDecode() early exit in case of failure in + OJPEGPreDecode(). This will avoid a divide by zero, and potential other issues. + Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2611 + +2016-12-03 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_dirread.c: modify ChopUpSingleUncompressedStrip() to + instanciate compute ntrips as TIFFhowmany_32(td->td_imagelength, rowsperstrip), + instead of a logic based on the total size of data. Which is faulty is + the total size of data is not sufficient to fill the whole image, and thus + results in reading outside of the StripByCounts/StripOffsets arrays when + using TIFFReadScanline(). + Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2608. + + * libtiff/tif_strip.c: revert the change in TIFFNumberOfStrips() done + for http://bugzilla.maptools.org/show_bug.cgi?id=2587 / CVE-2016-9273 since + the above change is a better fix that makes it unnecessary. + +2016-12-03 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_pixarlog.c, libtiff/tif_luv.c: fix heap-based buffer + overflow on generation of PixarLog / LUV compressed files, with + ColorMap, TransferFunction attached and nasty plays with bitspersample. + The fix for LUV has not been tested, but suffers from the same kind + of issue of PixarLog. + Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2604 + +2016-12-02 Even Rouault <even.rouault at spatialys.com> + + * tools/tiffcp.c: avoid uint32 underflow in cpDecodedStrips that + can cause various issues, such as buffer overflows in the library. + Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2598 + +2016-12-02 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_read.c, libtiff/tiffiop.h: fix uint32 overflow in + TIFFReadEncodedStrip() that caused an integer division by zero. + Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2596 + +2016-11-20 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_getimage.c, libtiff/tif_open.c: add parenthesis to + fix cppcheck clarifyCalculation warnings + * libtiff/tif_predict.c, libtiff/tif_print.c: fix printf unsigned + vs signed formatting (cppcheck invalidPrintfArgType_uint warnings) + +2016-11-20 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> + + * tools/fax2tiff.c (main): Applied patch by Jörg Ahrens to fix + passing client data for Win32 builds using tif_win32.c + (USE_WIN32_FILEIO defined) for file I/O. Patch was provided via + email on November 20, 2016. + 2016-11-19 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> * libtiff 4.0.7 released. @@ -85,7 +955,7 @@ writeBufferToSeparateStrips(), writeBufferToContigTiles() and writeBufferToSeparateTiles() that could cause heap buffer overflows. Reported by Henri Salo from Nixu Corporation. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2592 + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2592 (CVE-2016-9532) 2016-11-10 Even Rouault <even.rouault at spatialys.com> diff --git a/tiff/HOWTO-RELEASE b/tiff/HOWTO-RELEASE index 9293592b3..ae7501192 100644 --- a/tiff/HOWTO-RELEASE +++ b/tiff/HOWTO-RELEASE @@ -28,7 +28,7 @@ Notes on releasing. Take ChangeLog entries and html-ify in there. Easist thing to do is take html/vX.(X-1).html and use it as a template. -3. Add vX.X.html file to the list of EXTRA_DIST files in the html/Makefile.am. +3. Add vX.X.html file to the list of 'docfiles' files in the html/Makefile.am. 4. Update html/index.html to refer to this new page as the current release. diff --git a/tiff/RELEASE-DATE b/tiff/RELEASE-DATE index fb9e3f6c3..f5a5ad729 100644 --- a/tiff/RELEASE-DATE +++ b/tiff/RELEASE-DATE @@ -1 +1 @@ -20161119 +20171118 diff --git a/tiff/VERSION b/tiff/VERSION index 43beb4001..7919852fe 100644 --- a/tiff/VERSION +++ b/tiff/VERSION @@ -1 +1 @@ -4.0.7 +4.0.9 diff --git a/tiff/config/ltmain.sh b/tiff/config/ltmain.sh index 0f0a2da3f..147d758ab 100644..100755 --- a/tiff/config/ltmain.sh +++ b/tiff/config/ltmain.sh @@ -31,7 +31,7 @@ PROGRAM=libtool PACKAGE=libtool -VERSION=2.4.6 +VERSION="2.4.6 Debian-2.4.6-0.1" package_revision=2.4.6 @@ -2073,7 +2073,7 @@ include the following information: autoconf: `($AUTOCONF --version) 2>/dev/null |$SED 1q` Report bugs to <bug-libtool@gnu.org>. -GNU libtool home page: <http://www.gnu.org/software/libtool/>. +GNU libtool home page: <http://www.gnu.org/s/libtool/>. General help using GNU software: <http://www.gnu.org/gethelp/>." exit 0 } @@ -7272,10 +7272,13 @@ func_mode_link () # -tp=* Portland pgcc target processor selection # --sysroot=* for sysroot support # -O*, -g*, -flto*, -fwhopr*, -fuse-linker-plugin GCC link-time optimization + # -specs=* GCC specs files # -stdlib=* select c++ std lib with clang + # -fsanitize=* Clang/GCC memory and address sanitizer -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \ -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \ - -O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*) + -O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*| \ + -specs=*|-fsanitize=*) func_quote_for_eval "$arg" arg=$func_quote_for_eval_result func_append compile_command " $arg" @@ -7568,7 +7571,10 @@ func_mode_link () case $pass in dlopen) libs=$dlfiles ;; dlpreopen) libs=$dlprefiles ;; - link) libs="$deplibs %DEPLIBS% $dependency_libs" ;; + link) + libs="$deplibs %DEPLIBS%" + test "X$link_all_deplibs" != Xno && libs="$libs $dependency_libs" + ;; esac fi if test lib,dlpreopen = "$linkmode,$pass"; then @@ -7887,19 +7893,19 @@ func_mode_link () # It is a libtool convenience library, so add in its objects. func_append convenience " $ladir/$objdir/$old_library" func_append old_convenience " $ladir/$objdir/$old_library" + tmp_libs= + for deplib in $dependency_libs; do + deplibs="$deplib $deplibs" + if $opt_preserve_dup_deps; then + case "$tmp_libs " in + *" $deplib "*) func_append specialdeplibs " $deplib" ;; + esac + fi + func_append tmp_libs " $deplib" + done elif test prog != "$linkmode" && test lib != "$linkmode"; then func_fatal_error "'$lib' is not a convenience library" fi - tmp_libs= - for deplib in $dependency_libs; do - deplibs="$deplib $deplibs" - if $opt_preserve_dup_deps; then - case "$tmp_libs " in - *" $deplib "*) func_append specialdeplibs " $deplib" ;; - esac - fi - func_append tmp_libs " $deplib" - done continue fi # $pass = conv @@ -8823,6 +8829,9 @@ func_mode_link () revision=$number_minor lt_irix_increment=no ;; + *) + func_fatal_configuration "$modename: unknown library version type '$version_type'" + ;; esac ;; no) diff --git a/tiff/configure b/tiff/configure index db2369496..4bb7c05a5 100755 --- a/tiff/configure +++ b/tiff/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for LibTIFF Software 4.0.7. +# Generated by GNU Autoconf 2.69 for LibTIFF Software 4.0.9. # # Report bugs to <tiff@lists.maptools.org>. # @@ -590,8 +590,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='LibTIFF Software' PACKAGE_TARNAME='tiff' -PACKAGE_VERSION='4.0.7' -PACKAGE_STRING='LibTIFF Software 4.0.7' +PACKAGE_VERSION='4.0.9' +PACKAGE_STRING='LibTIFF Software 4.0.9' PACKAGE_BUGREPORT='tiff@lists.maptools.org' PACKAGE_URL='' @@ -1408,7 +1408,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures LibTIFF Software 4.0.7 to adapt to many kinds of systems. +\`configure' configures LibTIFF Software 4.0.9 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1482,7 +1482,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of LibTIFF Software 4.0.7:";; + short | recursive ) echo "Configuration of LibTIFF Software 4.0.9:";; esac cat <<\_ACEOF @@ -1668,7 +1668,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -LibTIFF Software configure 4.0.7 +LibTIFF Software configure 4.0.9 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2441,7 +2441,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by LibTIFF Software $as_me 4.0.7, which was +It was created by LibTIFF Software $as_me 4.0.9, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3384,7 +3384,7 @@ fi # Define the identity of the package. PACKAGE='tiff' - VERSION='4.0.7' + VERSION='4.0.9' cat >>confdefs.h <<_ACEOF @@ -3588,14 +3588,14 @@ fi LIBTIFF_MAJOR_VERSION=4 LIBTIFF_MINOR_VERSION=0 -LIBTIFF_MICRO_VERSION=7 +LIBTIFF_MICRO_VERSION=9 LIBTIFF_ALPHA_VERSION= LIBTIFF_VERSION=$LIBTIFF_MAJOR_VERSION.$LIBTIFF_MINOR_VERSION.$LIBTIFF_MICRO_VERSION$LIBTIFF_ALPHA_VERSION LIBTIFF_RELEASE_DATE=`date +"%Y%m%d"` -LIBTIFF_CURRENT=7 -LIBTIFF_REVISION=5 -LIBTIFF_AGE=2 +LIBTIFF_CURRENT=8 +LIBTIFF_REVISION=0 +LIBTIFF_AGE=3 LIBTIFF_VERSION_INFO=$LIBTIFF_CURRENT:$LIBTIFF_REVISION:$LIBTIFF_AGE # This is a special hack for OpenBSD and MirOS systems. The dynamic linker @@ -6104,7 +6104,7 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) lt_cv_deplibs_check_method=pass_all ;; -netbsd*) +netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' else @@ -10091,6 +10091,9 @@ $as_echo_n "checking whether the $compiler linker ($LD) supports shared librarie openbsd* | bitrig*) with_gnu_ld=no ;; + linux* | k*bsd*-gnu | gnu*) + link_all_deplibs=no + ;; esac ld_shlibs=yes @@ -10345,7 +10348,7 @@ _LT_EOF fi ;; - netbsd*) + netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' wlarc= @@ -11015,6 +11018,7 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; } if test yes = "$lt_cv_irix_exported_symbol"; then archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib' fi + link_all_deplibs=no else archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib' @@ -11036,7 +11040,7 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; } esac ;; - netbsd*) + netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out else @@ -12151,6 +12155,18 @@ fi dynamic_linker='GNU/Linux ld.so' ;; +netbsdelf*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='NetBSD ld.elf_so' + ;; + netbsd*) version_type=sunos need_lib_prefix=no @@ -15463,7 +15479,7 @@ lt_prog_compiler_static_CXX= ;; esac ;; - netbsd*) + netbsd* | netbsdelf*-gnu) ;; *qnx* | *nto*) # QNX uses GNU C++, but need to define -shared option too, otherwise @@ -15838,6 +15854,9 @@ $as_echo_n "checking whether the $compiler linker ($LD) supports shared librarie ;; esac ;; + linux* | k*bsd*-gnu | gnu*) + link_all_deplibs_CXX=no + ;; *) export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' ;; @@ -16531,6 +16550,18 @@ fi dynamic_linker='GNU/Linux ld.so' ;; +netbsdelf*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='NetBSD ld.elf_so' + ;; + netbsd*) version_type=sunos need_lib_prefix=no @@ -21500,7 +21531,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by LibTIFF Software $as_me 4.0.7, which was +This file was extended by LibTIFF Software $as_me 4.0.9, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -21566,7 +21597,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -LibTIFF Software config.status 4.0.7 +LibTIFF Software config.status 4.0.9 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/tiff/configure.ac b/tiff/configure.ac index 23d543cf1..0dd32b759 100644 --- a/tiff/configure.ac +++ b/tiff/configure.ac @@ -25,7 +25,7 @@ dnl OF THIS SOFTWARE. dnl Process this file with autoconf to produce a configure script. AC_PREREQ(2.64) -AC_INIT([LibTIFF Software],[4.0.7],[tiff@lists.maptools.org],[tiff]) +AC_INIT([LibTIFF Software],[4.0.9],[tiff@lists.maptools.org],[tiff]) AC_CONFIG_AUX_DIR(config) AC_CONFIG_MACRO_DIR(m4) AC_LANG(C) @@ -41,7 +41,7 @@ dnl Versioning. dnl Don't fill the ALPHA_VERSION field, if not applicable. LIBTIFF_MAJOR_VERSION=4 LIBTIFF_MINOR_VERSION=0 -LIBTIFF_MICRO_VERSION=7 +LIBTIFF_MICRO_VERSION=9 LIBTIFF_ALPHA_VERSION= LIBTIFF_VERSION=$LIBTIFF_MAJOR_VERSION.$LIBTIFF_MINOR_VERSION.$LIBTIFF_MICRO_VERSION$LIBTIFF_ALPHA_VERSION dnl This will be used with the 'make release' target @@ -76,9 +76,9 @@ dnl 5. If any interfaces have been added since the last public release, then dnl increment age. dnl 6. If any interfaces have been removed since the last public release, dnl then set age to 0. -LIBTIFF_CURRENT=7 -LIBTIFF_REVISION=5 -LIBTIFF_AGE=2 +LIBTIFF_CURRENT=8 +LIBTIFF_REVISION=0 +LIBTIFF_AGE=3 LIBTIFF_VERSION_INFO=$LIBTIFF_CURRENT:$LIBTIFF_REVISION:$LIBTIFF_AGE # This is a special hack for OpenBSD and MirOS systems. The dynamic linker diff --git a/tiff/html/Makefile.am b/tiff/html/Makefile.am index 01549ba21..12193df70 100644 --- a/tiff/html/Makefile.am +++ b/tiff/html/Makefile.am @@ -84,7 +84,9 @@ docfiles = \ v4.0.4.html \ v4.0.5.html \ v4.0.6.html \ - v4.0.7.html + v4.0.7.html \ + v4.0.8.html \ + v4.0.9.html dist_doc_DATA = $(docfiles) diff --git a/tiff/html/Makefile.in b/tiff/html/Makefile.in index 3cb22e6d9..4c0c8e3e7 100644 --- a/tiff/html/Makefile.in +++ b/tiff/html/Makefile.in @@ -447,7 +447,9 @@ docfiles = \ v4.0.4.html \ v4.0.5.html \ v4.0.6.html \ - v4.0.7.html + v4.0.7.html \ + v4.0.8.html \ + v4.0.9.html dist_doc_DATA = $(docfiles) SUBDIRS = images man diff --git a/tiff/html/index.html b/tiff/html/index.html index 71af0afa4..1c5a3ec31 100644 --- a/tiff/html/index.html +++ b/tiff/html/index.html @@ -24,7 +24,7 @@ </tr> <tr> <th>Latest Stable Release</th> - <td><a href="v4.0.7.html">v4.0.7</a></td> + <td><a href="v4.0.9.html">v4.0.9</a></td> </tr> <tr> <th>Master Download Site</th> @@ -81,12 +81,14 @@ <a href="http://lists.maptools.org/mailman/listinfo/tiff">http://lists.maptools.org/mailman/listinfo/tiff</a>. </p> <p> - The persons responsible for putting up this site and putting together - versions >= 3.5.1 are + The persons currently actively maintaining and releasing libtiff + are <a href="mailto:even.rouault@spatialys.com">Even Rouault</a> + and <a href="mailto:bfriesen@GraphicsMagick.org">Bob Friesenhahn</a>. + </p> + <p>Significant maintainers in the past (since the 3.5.1 release) are <a href="http://pobox.com/~warmerdam">Frank Warmerdam</a>, <a href="mailto:dron@ak4719.spb.edu">Andrey Kiselev</a>, - <a href="mailto:bfriesen@GraphicsMagick.org">Bob Friesenhahn</a>, - Joris Van Damme, Lee Howard and Even Rouault. + Joris Van Damme, and Lee Howard. </p> <p> The following sections are included in this documentation: @@ -114,7 +116,7 @@ </ul> <hr> <p> - Last updated $Date: 2016-09-25 20:05:44 $. + Last updated $Date: 2017-11-07 02:00:06 $. </p> </body> </html> diff --git a/tiff/html/man/CMakeLists.txt b/tiff/html/man/CMakeLists.txt index cb92ea218..897a0e732 100644 --- a/tiff/html/man/CMakeLists.txt +++ b/tiff/html/man/CMakeLists.txt @@ -74,8 +74,6 @@ set(docfiles pal2rgb.1.html ppm2tiff.1.html raw2tiff.1.html - rgb2ycbcr.1.html - thumbnail.1.html tiff2bw.1.html tiff2pdf.1.html tiff2ps.1.html diff --git a/tiff/html/man/Makefile.am b/tiff/html/man/Makefile.am index 587296c53..3ed00d448 100644 --- a/tiff/html/man/Makefile.am +++ b/tiff/html/man/Makefile.am @@ -81,8 +81,6 @@ docfiles = \ pal2rgb.1.html \ ppm2tiff.1.html \ raw2tiff.1.html \ - rgb2ycbcr.1.html \ - thumbnail.1.html \ tiff2bw.1.html \ tiff2pdf.1.html \ tiff2ps.1.html \ diff --git a/tiff/html/man/Makefile.in b/tiff/html/man/Makefile.in index 7f4648c9d..eb99fd1ba 100644 --- a/tiff/html/man/Makefile.in +++ b/tiff/html/man/Makefile.in @@ -383,8 +383,6 @@ docfiles = \ pal2rgb.1.html \ ppm2tiff.1.html \ raw2tiff.1.html \ - rgb2ycbcr.1.html \ - thumbnail.1.html \ tiff2bw.1.html \ tiff2pdf.1.html \ tiff2ps.1.html \ diff --git a/tiff/html/man/rgb2ycbcr.1.html b/tiff/html/man/rgb2ycbcr.1.html deleted file mode 100644 index 6e481f79d..000000000 --- a/tiff/html/man/rgb2ycbcr.1.html +++ /dev/null @@ -1,155 +0,0 @@ -<!-- Creator : groff version 1.18.1 --> -<!-- CreationDate: Sat Feb 24 18:37:19 2007 --> -<html> -<head> -<meta name="generator" content="groff -Thtml, see www.gnu.org"> -<meta name="Content-Style" content="text/css"> -<title>RGB2YCBCR</title> -</head> -<body> - -<h1 align=center>RGB2YCBCR</h1> -<a href="#NAME">NAME</a><br> -<a href="#SYNOPSIS">SYNOPSIS</a><br> -<a href="#DESCRIPTION">DESCRIPTION</a><br> -<a href="#OPTIONS">OPTIONS</a><br> -<a href="#SEE ALSO">SEE ALSO</a><br> - -<hr> -<a name="NAME"></a> -<h2>NAME</h2> -<!-- INDENTATION --> -<table width="100%" border=0 rules="none" frame="void" - cols="2" cellspacing="0" cellpadding="0"> -<tr valign="top" align="left"> -<td width="8%"></td> -<td width="91%"> -<p>rgb2ycbcr − convert non-YCbCr <small>TIFF</small> -images to a YCbCr <small>TIFF</small> image</p> -</td> -</table> -<a name="SYNOPSIS"></a> -<h2>SYNOPSIS</h2> -<!-- INDENTATION --> -<table width="100%" border=0 rules="none" frame="void" - cols="2" cellspacing="0" cellpadding="0"> -<tr valign="top" align="left"> -<td width="8%"></td> -<td width="91%"> -<p><b>rgb2ycbcr</b> [ <i>options</i> ] <i>src1.tif src2.tif -... dst.tif</i></p> -</td> -</table> -<a name="DESCRIPTION"></a> -<h2>DESCRIPTION</h2> -<!-- INDENTATION --> -<table width="100%" border=0 rules="none" frame="void" - cols="2" cellspacing="0" cellpadding="0"> -<tr valign="top" align="left"> -<td width="8%"></td> -<td width="91%"> -<p><i>rgb2ycbcr</i> converts <small>RGB</small> color, -greyscale, or bi-level <small>TIFF</small> images to YCbCr -images by transforming and sampling pixel data. If multiple -files are specified on the command line each source file is -converted to a separate directory in the destination -file.</p> -<!-- INDENTATION --> -<p>By default, chrominance samples are created by sampling 2 -by 2 blocks of luminance values; this can be changed with -the <b>−h</b> and <b>−v</b> options. Output data -are compressed with the <small>PackBits</small> compression -scheme, by default; an alternate scheme can be selected with -the <b>−c</b> option. By default, output data are -compressed in strips with the number of rows in each strip -selected so that the size of a strip is never more than 8 -kilobytes; the <b>−r</b> option can be used to -explicitly set the number of rows per strip.</p> -</td> -</table> -<a name="OPTIONS"></a> -<h2>OPTIONS</h2> -<!-- TABS --> -<table width="100%" border=0 rules="none" frame="void" - cols="5" cellspacing="0" cellpadding="0"> -<tr valign="top" align="left"> -<td width="10%"></td> -<td width="3%"> - -<p><b>−c</b></p> -</td> -<td width="5%"></td> -<td width="80%"> - -<p>Specify a compression scheme to use when writing image -data: <b>−c none</b> for no compression, <b>−c -packbits</b> for the PackBits compression algorithm (the -default), <b>−c jpeg</b> for the JPEG compression -algorithm, <b>−c zip</b> for the deflate compression -algorithm, and <b>−c lzw</b> for Lempel-Ziv & -Welch.</p> -</td> -<td width="0%"> -</td> -<tr valign="top" align="left"> -<td width="10%"></td> -<td width="3%"> - -<p><b>−h</b></p> -</td> -<td width="5%"></td> -<td width="80%"> - -<p>Set the horizontal sampling dimension to one of: 1, 2 -(default), or 4.</p> -</td> -<td width="0%"> -</td> -<tr valign="top" align="left"> -<td width="10%"></td> -<td width="3%"> - -<p><b>−r</b></p> -</td> -<td width="5%"></td> -<td width="80%"> - -<p>Write data with a specified number of rows per strip; by -default the number of rows/strip is selected so that each -strip is approximately 8 kilobytes.</p> -</td> -<td width="0%"> -</td> -<tr valign="top" align="left"> -<td width="10%"></td> -<td width="3%"> - -<p><b>−v</b></p> -</td> -<td width="5%"></td> -<td width="80%"> - -<p>Set the vertical sampling dimension to one of: 1, 2 -(default), or 4.</p> -</td> -<td width="0%"> -</td> -</table> -<a name="SEE ALSO"></a> -<h2>SEE ALSO</h2> -<!-- INDENTATION --> -<table width="100%" border=0 rules="none" frame="void" - cols="2" cellspacing="0" cellpadding="0"> -<tr valign="top" align="left"> -<td width="8%"></td> -<td width="91%"> -<p><b>tiffinfo</b>(1), <b>tiffcp</b>(1), -<b>libtiff</b>(3)</p> -<!-- INDENTATION --> -<p>Libtiff library home page: -<b>http://www.simplesystems.org/libtiff/</b></p> -</td> -</table> -<hr> -</body> -</html> diff --git a/tiff/html/man/thumbnail.1.html b/tiff/html/man/thumbnail.1.html deleted file mode 100644 index 8b114137f..000000000 --- a/tiff/html/man/thumbnail.1.html +++ /dev/null @@ -1,148 +0,0 @@ -<!-- Creator : groff version 1.18.1 --> -<!-- CreationDate: Sat Feb 24 18:37:19 2007 --> -<html> -<head> -<meta name="generator" content="groff -Thtml, see www.gnu.org"> -<meta name="Content-Style" content="text/css"> -<title>THUMBNAIL</title> -</head> -<body> - -<h1 align=center>THUMBNAIL</h1> -<a href="#NAME">NAME</a><br> -<a href="#SYNOPSIS">SYNOPSIS</a><br> -<a href="#DESCRIPTION">DESCRIPTION</a><br> -<a href="#OPTIONS">OPTIONS</a><br> -<a href="#BUGS">BUGS</a><br> -<a href="#SEE ALSO">SEE ALSO</a><br> - -<hr> -<a name="NAME"></a> -<h2>NAME</h2> -<!-- INDENTATION --> -<table width="100%" border=0 rules="none" frame="void" - cols="2" cellspacing="0" cellpadding="0"> -<tr valign="top" align="left"> -<td width="8%"></td> -<td width="91%"> -<p>thumbnail − create a <small>TIFF</small> file with -thumbnail images</p> -</td> -</table> -<a name="SYNOPSIS"></a> -<h2>SYNOPSIS</h2> -<!-- INDENTATION --> -<table width="100%" border=0 rules="none" frame="void" - cols="2" cellspacing="0" cellpadding="0"> -<tr valign="top" align="left"> -<td width="8%"></td> -<td width="91%"> -<p><b>thumbnail</b> [ <i>options</i> ] <i>input.tif -output.tif</i></p> -</td> -</table> -<a name="DESCRIPTION"></a> -<h2>DESCRIPTION</h2> -<!-- INDENTATION --> -<table width="100%" border=0 rules="none" frame="void" - cols="2" cellspacing="0" cellpadding="0"> -<tr valign="top" align="left"> -<td width="8%"></td> -<td width="91%"> -<p><i>thumbnail</i> is a program written to show how one -might use the SubIFD tag (#330) to store thumbnail images. -<i>thumbnail</i> copies a <small>TIFF</small> Class F -facsimile file to the output file and for each image an -8-bit greyscale <i>thumbnail sketch</i>. The output file -contains the thumbnail image with the associated -full-resolution page linked below with the SubIFD tag.</p> -<!-- INDENTATION --> -<p>By default, thumbnail images are 216 pixels wide by 274 -pixels high. Pixels are calculated by sampling and filtering -the input image with each pixel value passed through a -contrast curve.</p> -</td> -</table> -<a name="OPTIONS"></a> -<h2>OPTIONS</h2> -<!-- TABS --> -<table width="100%" border=0 rules="none" frame="void" - cols="5" cellspacing="0" cellpadding="0"> -<tr valign="top" align="left"> -<td width="10%"></td> -<td width="3%"> - -<p><b>−w</b></p> -</td> -<td width="5%"></td> -<td width="80%"> - -<p>Specify the width of thumbnail images in pixels.</p> -</td> -<td width="0%"> -</td> -<tr valign="top" align="left"> -<td width="10%"></td> -<td width="3%"> - -<p><b>−h</b></p> -</td> -<td width="5%"></td> -<td width="80%"> - -<p>Specify the height of thumbnail images in pixels.</p> -</td> -<td width="0%"> -</td> -<tr valign="top" align="left"> -<td width="10%"></td> -<td width="3%"> - -<p><b>−c</b></p> -</td> -<td width="5%"></td> -<td width="80%"> - -<p>Specify a contrast curve to apply in generating the -thumbnail images. By default pixels values are passed -through a linear contrast curve that simply maps the pixel -value ranges. Alternative curves are: <b>exp50</b> for a 50% -exponential curve, <b>exp60</b> for a 60% exponential curve, -<b>exp70</b> for a 70% exponential curve, <b>exp80</b> for a -80% exponential curve, <b>exp90</b> for a 90% exponential -curve, <b>exp</b> for a pure exponential curve, -<b>linear</b> for a linear curve.</p> -</td> -<td width="0%"> -</td> -</table> -<a name="BUGS"></a> -<h2>BUGS</h2> -<!-- INDENTATION --> -<table width="100%" border=0 rules="none" frame="void" - cols="2" cellspacing="0" cellpadding="0"> -<tr valign="top" align="left"> -<td width="8%"></td> -<td width="91%"> -<p>There are no options to control the format of the saved -thumbnail images.</p> -</td> -</table> -<a name="SEE ALSO"></a> -<h2>SEE ALSO</h2> -<!-- INDENTATION --> -<table width="100%" border=0 rules="none" frame="void" - cols="2" cellspacing="0" cellpadding="0"> -<tr valign="top" align="left"> -<td width="8%"></td> -<td width="91%"> -<p><b>tiffdump</b>(1), <b>tiffgt</b>(1), <b>tiffinfo</b>(1), -<b>libtiff</b>(3)</p> -<!-- INDENTATION --> -<p>Libtiff library home page: -<b>http://www.simplesystems.org/libtiff/</b></p> -</td> -</table> -<hr> -</body> -</html> diff --git a/tiff/html/v4.0.7.html b/tiff/html/v4.0.7.html index 151861f49..e29e8d535 100644 --- a/tiff/html/v4.0.7.html +++ b/tiff/html/v4.0.7.html @@ -405,7 +405,7 @@ information is located here: </UL> -Last updated $Date: 2016-11-12 21:43:44 $. +Last updated $Date: 2016-11-19 17:47:40 $. </BODY> </HTML> diff --git a/tiff/html/v4.0.8.html b/tiff/html/v4.0.8.html new file mode 100644 index 000000000..8b85e9c2e --- /dev/null +++ b/tiff/html/v4.0.8.html @@ -0,0 +1,445 @@ +<HTML> +<HEAD> +<TITLE> + Changes in TIFF v4.0.8 +</TITLE> +</HEAD> + +<BODY BGCOLOR=white> +<FONT FACE="Helvetica, Arial, Sans"> + +<BASEFONT SIZE=4> +<B><FONT SIZE=+3>T</FONT>IFF <FONT SIZE=+2>C</FONT>HANGE <FONT SIZE=+2>I</FONT>NFORMATION</B> +<BASEFONT SIZE=3> + +<UL> +<HR SIZE=4 WIDTH=65% ALIGN=left> +<B>Current Version</B>: v4.0.8<BR> +<B>Previous Version</B>: <A HREF=v4.0.7.html>v4.0.7</a><BR> +<B>Master FTP Site</B>: <A HREF="ftp://download.osgeo.org/libtiff"> +download.osgeo.org</a>, directory pub/libtiff</A><BR> +<B>Master HTTP Site #1</B>: <A HREF="http://www.simplesystems.org/libtiff/"> +http://www.simplesystems.org/libtiff/</a><BR> +<B>Master HTTP Site #2</B>: <A HREF="http://libtiff.maptools.org/"> +http://libtiff.maptools.org/</a> +<HR SIZE=4 WIDTH=65% ALIGN=left> +</UL> + +<P> +This document describes the changes made to the software between the +<I>previous</I> and <I>current</I> versions (see above). If you don't +find something listed here, then it was not done in this timeframe, or +it was not considered important enough to be mentioned. The following +information is located here: +<UL> +<LI><A HREF="#highlights">Major Changes</A> +<LI><A HREF="#configure">Changes in the software configuration</A> +<LI><A HREF="#libtiff">Changes in libtiff</A> +<LI><A HREF="#tools">Changes in the tools</A> +<LI><A HREF="#contrib">Changes in the contrib area</A> +</UL> +<p> +<P><HR WIDTH=65% ALIGN=left> + +<!---------------------------------------------------------------------------> + +<A NAME="highlights"><B><FONT SIZE=+3>M</FONT>AJOR CHANGES:</B></A> + +<UL> + + <LI> None + +</UL> + + +<P><HR WIDTH=65% ALIGN=left> +<!---------------------------------------------------------------------------> + +<A NAME="configure"><B><FONT SIZE=+3>C</FONT>HANGES IN THE SOFTWARE CONFIGURATION:</B></A> + +<UL> + + <LI> None + +</UL> + +<P><HR WIDTH=65% ALIGN=left> + +<!---------------------------------------------------------------------------> + +<A NAME="libtiff"><B><FONT SIZE=+3>C</FONT>HANGES IN LIBTIFF:</B></A> + +<UL> + + <LI> libtiff/tif_getimage.c, libtiff/tif_open.c: add parenthesis + to fix cppcheck clarifyCalculation warnings * + libtiff/tif_predict.c, libtiff/tif_print.c: fix printf + unsigned vs signed formatting (cppcheck + invalidPrintfArgType_uint warnings) + + <LI> libtiff/tif_read.c, libtiff/tiffiop.h: fix uint32 overflow in + TIFFReadEncodedStrip() that caused an integer division by + zero. Reported by Agostino Sarubbo. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2596 + + <LI> libtiff/tif_pixarlog.c, libtiff/tif_luv.c: fix heap-based + buffer overflow on generation of PixarLog / LUV compressed + files, with ColorMap, TransferFunction attached and nasty + plays with bitspersample. The fix for LUV has not been + tested, but suffers from the same kind of issue of PixarLog. + Reported by Agostino Sarubbo. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2604 + + <LI> libtiff/tif_strip.c: revert the change in + TIFFNumberOfStrips() done for + http://bugzilla.maptools.org/show_bug.cgi?id=2587 / + CVE-2016-9273 since the above change is a better fix that + makes it unnecessary. + + <LI> libtiff/tif_dirread.c: modify ChopUpSingleUncompressedStrip() + to instanciate compute ntrips as + TIFFhowmany_32(td->td_imagelength, rowsperstrip), instead of a + logic based on the total size of data. Which is faulty is the + total size of data is not sufficient to fill the whole image, + and thus results in reading outside of the + StripByCounts/StripOffsets arrays when using + TIFFReadScanline(). Reported by Agostino Sarubbo. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2608. + + <LI> libtiff/tif_ojpeg.c: make OJPEGDecode() early exit in case of + failure in OJPEGPreDecode(). This will avoid a divide by zero, + and potential other issues. Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2611 + + <LI> libtiff/tif_write.c: fix misleading indentation as warned by GCC. + + + <LI> libtiff/tif_fax3.h: revert change done on 2016-01-09 that + made Param member of TIFFFaxTabEnt structure a uint16 to + reduce size of the binary. It happens that the Hylafax + software uses the tables that follow this typedef + (TIFFFaxMainTable, TIFFFaxWhiteTable, TIFFFaxBlackTable), + although they are not in a public libtiff header. Raised by + Lee Howard. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2636 + + <LI> libtiff/tiffio.h, libtiff/tif_getimage.c: add + TIFFReadRGBAStripExt() and TIFFReadRGBATileExt() variants of + the functions without ext, with an extra argument to control + the stop_on_error behaviour. + + <LI> libtiff/tif_getimage.c: fix potential memory leaks in error + code path of TIFFRGBAImageBegin(). Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2627 + + <LI> libtiff/tif_jpeg.c: increase libjpeg max memory usable to 10 + MB instead of libjpeg 1MB default. This helps when creating + files with "big" tile, without using libjpeg temporary files. + Related to https://trac.osgeo.org/gdal/ticket/6757 + + <LI> libtiff/tif_jpeg.c: avoid integer division by zero in + JPEGSetupEncode() when horizontal or vertical sampling is set + to 0. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2653 + + <LI> libtiff/tif_dirwrite.c: in + TIFFWriteDirectoryTagCheckedRational, replace assertion by + runtime check to error out if passed value is strictly + negative. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2535 + + <LI> libtiff/tif_dirread.c: avoid division by floating point 0 in + TIFFReadDirEntryCheckedRational() and + TIFFReadDirEntryCheckedSrational(), and return 0 in that case + (instead of infinity as before presumably) Apparently some + sanitizers do not like those divisions by zero. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2644 + + <LI> libtiff/tif_dir.c, tif_dirread.c, tif_dirwrite.c: implement + various clampings of double to other data types to avoid + undefined behaviour if the output range isn't big enough to + hold the input value. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2643 + http://bugzilla.maptools.org/show_bug.cgi?id=2642 + http://bugzilla.maptools.org/show_bug.cgi?id=2646 + http://bugzilla.maptools.org/show_bug.cgi?id=2647 + + <LI> libtiff/tif_jpeg.c: validate BitsPerSample in + JPEGSetupEncode() to avoid undefined behaviour caused by + invalid shift exponent. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2648 + + <LI> libtiff/tif_read.c: avoid potential undefined behaviour on + signed integer addition in TIFFReadRawStrip1() in isMapped() + case. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2650 + + <LI> libtiff/tif_getimage.c: add explicit uint32 cast in + putagreytile to avoid UndefinedBehaviorSanitizer warning. + Patch by Nicolás Peña. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2658 + + <LI> libtiff/tif_read.c: TIFFReadBufferSetup(): use _TIFFcalloc() + to zero initialize tif_rawdata. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2651 + + <LI> libtiff/tiffio.h, tif_unix.c, tif_win32.c, tif_vms.c: add + _TIFFcalloc() + + <LI> libtiff/tif_luv.c, tif_lzw.c, tif_packbits.c: return 0 in + Encode functions instead of -1 when TIFFFlushData1() fails. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2130 + + <LI> libtiff/tif_ojpeg.c: fix leak in + OJPEGReadHeaderInfoSecTablesQTable, + OJPEGReadHeaderInfoSecTablesDcTable and + OJPEGReadHeaderInfoSecTablesAcTable when read fails. Patch by + Nicolás Peña. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2659 + + <LI> libtiff/tif_jpeg.c: only run JPEGFixupTagsSubsampling() if + the YCbCrSubsampling tag is not explicitly present. This helps + a bit to reduce the I/O amount when the tag is present + (especially on cloud hosted files). + + <LI> libtiff/tif_lzw.c: in LZWPostEncode(), increase, if + necessary, the code bit-width after flushing the remaining + code and before emitting the EOI code. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=1982 + + <LI> libtiff/tif_pixarlog.c: fix memory leak in error code path of + PixarLogSetupDecode(). Patch by Nicolás Peña. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2665 + + <LI> libtiff/tif_fax3.c, tif_predict.c, tif_getimage.c: fix GCC 7 + -Wimplicit-fallthrough warnings. + + <LI> libtiff/tif_dirread.c: fix memory leak in non + DEFER_STRILE_LOAD mode (ie default) when there is both a + StripOffsets and TileOffsets tag, or a StripByteCounts and + TileByteCounts Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2689 + + <LI> libtiff/tif_ojpeg.c: fix potential memory leak in + OJPEGReadHeaderInfoSecTablesQTable, + OJPEGReadHeaderInfoSecTablesDcTable and + OJPEGReadHeaderInfoSecTablesAcTable Patch by Nicolás Peña. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2670 + + <LI> libtiff/tif_fax3.c: avoid crash in Fax3Close() on empty file. + Patch by Alan Coopersmith + complement by myself. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2673 + + <LI> libtiff/tif_read.c: TIFFFillStrip(): add limitation to the + number of bytes read in case td_stripbytecount[strip] is + bigger than reasonable, so as to avoid excessive memory + allocation. + + <LI> libtiff/tif_zip.c, tif_pixarlog.c, tif_predict.c: fix memory + leak when the underlying codec (ZIP, PixarLog) succeeds its + setupdecode() method, but PredictorSetup fails. Credit to + OSS-Fuzz (locally run, on GDAL) + + <LI> libtiff/tif_read.c: TIFFFillStrip() and TIFFFillTile(): avoid + excessive memory allocation in case of shorten files. Only + effective on 64 bit builds and non-mapped cases. Credit to + OSS-Fuzz (locally run, on GDAL) + + <LI> libtiff/tif_read.c: TIFFFillStripPartial() / TIFFSeek(), + avoid potential integer overflows with read_ahead in + CHUNKY_STRIP_READ_SUPPORT mode. Should + especially occur on 32 bit platforms. + + <LI> libtiff/tif_read.c: TIFFFillStripPartial(): avoid excessive + memory allocation in case of shorten files. Only effective on + 64 bit builds. Credit to OSS-Fuzz (locally run, on GDAL) + + <LI> libtiff/tif_read.c: update tif_rawcc in + CHUNKY_STRIP_READ_SUPPORT mode with tif_rawdataloaded when + calling TIFFStartStrip() or TIFFFillStripPartial(). This + avoids reading beyond tif_rawdata when bytecount > + tif_rawdatasize. Fixes + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1545. + Credit to OSS-Fuzz + + <LI> libtiff/tif_color.c: avoid potential int32 overflow in + TIFFYCbCrToRGBInit() Fixes + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1533 + Credit to OSS-Fuzz + + <LI> libtiff/tif_pixarlog.c, tif_luv.c: avoid potential int32 + overflows in multiply_ms() and add_ms(). Fixes + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1558 + Credit to OSS-Fuzz + + <LI> libtiff/tif_packbits.c: fix out-of-buffer read in + PackBitsDecode() Fixes + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1563 + Credit to OSS-Fuzz + + <LI> libtiff/tif_luv.c: LogL16InitState(): avoid excessive memory + allocation when RowsPerStrip tag is missing. + Credit to OSS-Fuzz (locally run, on GDAL) + + <LI> libtiff/tif_lzw.c: update dec_bitsleft at beginning of + LZWDecode(), and update tif_rawcc at end of LZWDecode(). This + is needed to properly work with the latest chnges in + tif_read.c in CHUNKY_STRIP_READ_SUPPORT mode. + + <LI> libtiff/tif_pixarlog.c: PixarLogDecode(): resync tif_rawcp + with next_in and tif_rawcc with avail_in at beginning and end + of function, similarly to what is done in LZWDecode(). Likely + needed so that it works properly with latest chnges in + tif_read.c in CHUNKY_STRIP_READ_SUPPORT mode. But untested... + + <LI> libtiff/tif_getimage.c: initYCbCrConversion(): add basic + validation of luma and refBlackWhite coefficients (just check + they are not NaN for now), to avoid potential float to int + overflows. Fixes + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1663 + Credit to OSS Fuzz + + <LI> libtiff/tif_read.c: _TIFFVSetField(): fix outside range cast + of double to float. Credit to Google Autofuzz project + + <LI> libtiff/tif_getimage.c: initYCbCrConversion(): check luma[1] + is not zero to avoid division by zero. Fixes + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1665 + Credit to OSS Fuzz + + <LI> libtiff/tif_read.c: _TIFFVSetField(): fix outside range cast + of double to float. Credit to Google Autofuzz project + + <LI> libtiff/tif_getimage.c: initYCbCrConversion(): check luma[1] + is not zero to avoid division by zero. Fixes + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1665 + Credit to OSS Fuzz + + <LI> libtiff/tif_getimage.c: initYCbCrConversion(): stricter + validation for refBlackWhite coefficients values. To avoid + invalid float->int32 conversion. Fixes + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1718 + Credit to OSS Fuzz + +</UL> + +<P><HR WIDTH=65% ALIGN=left> + +<!--------------------------------------------------------------------------> + +<A NAME="tools"><B><FONT SIZE=+3>C</FONT>HANGES IN THE TOOLS:</B></A> + +<UL> + + <LI> tools/fax2tiff.c (main): Applied patch by Jörg Ahrens to fix + passing client data for Win32 builds using tif_win32.c + (USE_WIN32_FILEIO defined) for file I/O. Patch was provided + via email on November 20, 2016. + + <LI> tools/tiffcp.c: avoid uint32 underflow in cpDecodedStrips + that can cause various issues, such as buffer overflows in the + library. Reported by Agostino Sarubbo. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2598 + + <LI> tools/tiffcrop.c: fix readContigStripsIntoBuffer() in -i + (ignore) mode so that the output buffer is correctly + incremented to avoid write outside bounds. Reported by + Agostino Sarubbo. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2620 + + <LI> tools/tiffcrop.c: add 3 extra bytes at end of strip buffer in + readSeparateStripsIntoBuffer() to avoid read outside of heap + allocated buffer. Reported by Agostino Sarubbo. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2621 + + <LI> tools/tiffcrop.c: fix integer division by zero when + BitsPerSample is missing. Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2619 + + <LI> tools/tiffinfo.c: fix null pointer dereference in -r mode + when the image has no StripByteCount tag. Reported by + Agostino Sarubbo. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2594 + + <LI> tools/tiffcp.c: avoid potential division by zero is + BitsPerSamples tag is missing. Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2597 + + <LI> tools/tif_dir.c: when TIFFGetField(, TIFFTAG_NUMBEROFINKS, ) + is called, limit the return number of inks to SamplesPerPixel, + so that code that parses ink names doesn't go past the end of + the buffer. Reported by Agostino Sarubbo. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2599 + + <LI> tools/tiffcp.c: avoid potential division by zero is + BitsPerSamples tag is missing. Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2607 + + <LI> tools/tiffcp.c: fix uint32 underflow/overflow that can cause + heap-based buffer overflow. Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2610 + + <LI> tools/tiffcp.c: replace assert( (bps % 8) == 0 ) by a non + assert check. Reported by Agostino Sarubbo. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2605 + + <LI> tools/tiff2ps.c: fix 2 heap-based buffer overflows (in + PSDataBW and PSDataColorContig). Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2633 and + http://bugzilla.maptools.org/show_bug.cgi?id=2634. + + <LI> tools/tiff2pdf.c: prevent heap-based buffer overflow in -j + mode on a paletted image. Note: this fix errors out before the + overflow happens. There could probably be a better fix. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2635 + + <LI> tools/tiff2pdf.c: fix wrong usage of memcpy() that can + trigger unspecified behaviour. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2638 + + <LI> tools/tiff2pdf.c: avoid potential invalid memory read in + t2p_writeproc. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2639 + + <LI> tools/tiff2pdf.c: avoid potential heap-based overflow in + t2p_readwrite_pdf_image_tile(). Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2640 + + <LI> tools/tiffcrop.c: remove extraneous TIFFClose() in error code + path, that caused double free. Related to + http://bugzilla.maptools.org/show_bug.cgi?id=2535 + + <LI> tools/tiffcp.c: error out cleanly in cpContig2SeparateByRow + and cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap + based overflow. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2656 and + http://bugzilla.maptools.org/show_bug.cgi?id=2657 + + <LI> tools/raw2tiff.c: avoid integer division by zero. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2631 + + <LI> tools/tiff2ps.c: call TIFFClose() in error code paths. + + <LI> tools/fax2tiff.c: emit appropriate message if the input file + is empty. Patch by Alan Coopersmith. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2672 + + <LI> tools/tiff2bw.c: close TIFF handle in error code path. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2677 + +</UL> + +<P><HR WIDTH=65% ALIGN=left> + +<!---------------------------------------------------------------------------> + +<A NAME="contrib"><B><FONT SIZE=+3>C</FONT>HANGES IN THE CONTRIB AREA:</B></A> + +<UL> + + <LI> None + +</UL> + +Last updated $Date: 2017-05-21 17:47:46 $. + +</BODY> +</HTML> diff --git a/tiff/html/v4.0.9.html b/tiff/html/v4.0.9.html new file mode 100644 index 000000000..9be5f274b --- /dev/null +++ b/tiff/html/v4.0.9.html @@ -0,0 +1,373 @@ +<HTML> +<HEAD> +<TITLE> + Changes in TIFF v4.0.9 +</TITLE> +</HEAD> + +<BODY BGCOLOR=white> +<FONT FACE="Helvetica, Arial, Sans"> + +<BASEFONT SIZE=4> +<B><FONT SIZE=+3>T</FONT>IFF <FONT SIZE=+2>C</FONT>HANGE <FONT SIZE=+2>I</FONT>NFORMATION</B> +<BASEFONT SIZE=3> + +<UL> +<HR SIZE=4 WIDTH=65% ALIGN=left> +<B>Current Version</B>: v4.0.9<BR> +<B>Previous Version</B>: <A HREF=v4.0.8.html>v4.0.8</a><BR> +<B>Master FTP Site</B>: <A HREF="ftp://download.osgeo.org/libtiff"> +download.osgeo.org</a>, directory pub/libtiff</A><BR> +<B>Master HTTP Site #1</B>: <A HREF="http://www.simplesystems.org/libtiff/"> +http://www.simplesystems.org/libtiff/</a><BR> +<B>Master HTTP Site #2</B>: <A HREF="http://libtiff.maptools.org/"> +http://libtiff.maptools.org/</a> +<HR SIZE=4 WIDTH=65% ALIGN=left> +</UL> + +<P> +This document describes the changes made to the software between the +<I>previous</I> and <I>current</I> versions (see above). If you don't +find something listed here, then it was not done in this timeframe, or +it was not considered important enough to be mentioned. The following +information is located here: +<UL> +<LI><A HREF="#highlights">Major Changes</A> +<LI><A HREF="#configure">Changes in the software configuration</A> +<LI><A HREF="#libtiff">Changes in libtiff</A> +<LI><A HREF="#tools">Changes in the tools</A> +<LI><A HREF="#contrib">Changes in the contrib area</A> +</UL> +<p> +<P><HR WIDTH=65% ALIGN=left> + +<!---------------------------------------------------------------------------> + +<A NAME="highlights"><B><FONT SIZE=+3>M</FONT>AJOR CHANGES:</B></A> + +<UL> + + <LI> None + +</UL> + + +<P><HR WIDTH=65% ALIGN=left> +<!---------------------------------------------------------------------------> + +<A NAME="configure"><B><FONT SIZE=+3>C</FONT>HANGES IN THE SOFTWARE CONFIGURATION:</B></A> + +<UL> + + <LI> test/Makefile.am: Add some tests for tiff2bw. + <LI> * .appveyor.yml, .travis.yml, build/travis-ci: apply patches + 0001-ci-Travis-script-improvements.patch and + 0002-ci-Invoke-helper-script-via-shell.patch by Roger Leigh + (sent to mailing list) + <LI> .travis.yml, build/travis-ci: new files from + 0001-ci-Add-Travis-support-for-Linux-builds-with-Autoconf.patch by + Roger Leigh (sent to mailing list on 2017-06-08) + This patch adds support for the Travis-CI service. + <LI> .appveyor.yml: new file from + 0002-ci-Add-AppVeyor-support.patch by Roger Leigh (sent to mailing + list on 2017-06-08) + This patch adds a .appveyor.yml file to the top-level. This allows + one to opt in to having a branch built on Windows with Cygwin, + MinGW and MSVC automatically when a branch is pushed to GitHub, + GitLab, BitBucket or any other supported git hosting service. + <LI> CMakeLists.txt, test/CMakeLists.txt, test/TiffTestCommon.cmake: apply + patch 0001-cmake-Improve-Cygwin-and-MingGW-test-support.patch from Roger + Leigh (sent to mailing list on 2017-06-08) + This patch makes the CMake build system support running the tests + with MinGW or Cygwin. + + <LI> test/tiffcp-lzw-compat.sh, test/images/quad-lzw-compat.tiff: new files + to test old-style LZW decompression + <LI> test/common.sh, Makefile.am, CMakeList.txt: updated with above + <LI> test/Makefile.am: add missing reference to images/quad-lzw-compat.tiff + to fix "make distcheck". Patch by Roger Leigh + <LI> nmake.opt: support a DEBUG=1 option, so as to adjust OPTFLAGS and use + /MDd runtime in debug mode. + + +</UL> + +<P><HR WIDTH=65% ALIGN=left> + +<!---------------------------------------------------------------------------> + +<A NAME="libtiff"><B><FONT SIZE=+3>C</FONT>HANGES IN LIBTIFF:</B></A> + +<UL> + + <LI> libtiff/tif_color.c: TIFFYCbCrToRGBInit(): stricter clamping to avoid + int32 overflow in TIFFYCbCrtoRGB(). + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1844 + Credit to OSS Fuzz + + <LI> libtiff/tif_getimage.c: initYCbCrConversion(): stricter validation for + refBlackWhite coefficients values. To avoid invalid float->int32 conversion + (when refBlackWhite[0] == 2147483648.f) + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1907 + Credit to OSS Fuzz + + <LI> libtiff/tif_dirinfo.c, tif_dirread.c: add _TIFFCheckFieldIsValidForCodec(), + and use it in TIFFReadDirectory() so as to ignore fields whose tag is a + codec-specified tag but this codec is not enabled. This avoids TIFFGetField() + to behave differently depending on whether the codec is enabled or not, and + thus can avoid stack based buffer overflows in a number of TIFF utilities + such as tiffsplit, tiffcmp, thumbnail, etc. + Patch derived from 0063-Handle-properly-CODEC-specific-tags.patch + (http://bugzilla.maptools.org/show_bug.cgi?id=2580) by Raphaël Hertzog. + Fixes: + http://bugzilla.maptools.org/show_bug.cgi?id=2580 + http://bugzilla.maptools.org/show_bug.cgi?id=2693 + http://bugzilla.maptools.org/show_bug.cgi?id=2625 (CVE-2016-10095) + http://bugzilla.maptools.org/show_bug.cgi?id=2564 (CVE-2015-7554) + http://bugzilla.maptools.org/show_bug.cgi?id=2561 (CVE-2016-5318) + http://bugzilla.maptools.org/show_bug.cgi?id=2499 (CVE-2014-8128) + http://bugzilla.maptools.org/show_bug.cgi?id=2441 + http://bugzilla.maptools.org/show_bug.cgi?id=2433 + + <LI> libtiff/tif_swab.c: if DISABLE_CHECK_TIFFSWABMACROS is defined, do not do + the #ifdef TIFFSwabXXX checks. Make it easier for GDAL to rename the symbols + of its internal libtiff copy. + + + <LI> libtiff/tif_dirread.c: fix regression of libtiff 4.0.8 in + ChopUpSingleUncompressedStrip() regarding update of newly single-strip + uncompressed files whose bytecount is 0. Before the change of 2016-12-03, + the condition bytecount==0 used to trigger an early exit/disabling of + strip chop. Re-introduce that in update mode. Otherwise this cause + later incorrect setting for the value of StripByCounts/StripOffsets. + ( https://trac.osgeo.org/gdal/ticket/6924 ) + <LI> libtiff/tif_dirread.c: TIFFFetchStripThing(): limit the number of items + read in StripOffsets/StripByteCounts tags to the number of strips to avoid + excessive memory allocation. + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2215 + Credit to OSS Fuzz + <LI> libtiff/tif_getimage.c: avoid many (harmless) unsigned int overflows. + <LI> libtiff/tif_fax3.c: avoid unsigned int overflow in Fax3Encode2DRow(). Could + potentially be a bug with huge rows. + <LI> libtiff/tif_jpeg.c: avoid (harmless) unsigned int overflow on tiled images. + <LI> libtiff/tif_dirread.c: avoid unsigned int overflow in EstimateStripByteCounts() + and BYTECOUNTLOOKSBAD when file is too short. + <LI> libtiff/tif_predict.c: decorate legitimate functions where unsigned int + overflow occur with TIFF_NOSANITIZE_UNSIGNED_INT_OVERFLOW + * libtiff/tif_dirread.c: avoid unsigned int overflow in EstimateStripByteCounts() + <LI> libtiff/tiffiop.h: add TIFF_NOSANITIZE_UNSIGNED_INT_OVERFLOW macro to + disable CLang warnings raised by -fsanitize=undefined,unsigned-integer-overflow + <LI> libtiff/tif_jpeg.c: add anti-denial of service measure to avoid excessive + CPU consumption on progressive JPEGs with a huge number of scans. + See http://www.libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf + Note: only affects libtiff since 2014-12-29 where support of non-baseline JPEG + was added. + + <LI> libtiff/tif_jpeg.c: error out at decoding time if anticipated libjpeg + memory allocation is above 100 MB. libjpeg in case of multiple scans, + which is allowed even in baseline JPEG, if components are spread over several + scans and not interleavedin a single one, needs to allocate memory (or + backing store) for the whole strip/tile. + See http://www.libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf + This limitation may be overriden by setting the + LIBTIFF_ALLOW_LARGE_LIBJPEG_MEM_ALLOC environment variable, or recompiling + libtiff with a custom value of TIFF_LIBJPEG_LARGEST_MEM_ALLOC macro. + <LI> libtiff/tif_jbig.c: fix memory leak in error code path of JBIGDecode() + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2706 + Reported by team OWL337 + <LI> libtiff/tif_dirread.c: in TIFFReadDirEntryFloat(), check that a + double value can fit in a float before casting. Patch by Nicolas RUFF + <LI> libtiff/tiffiop.h, libtiff/tif_jpeg.c, libtiff/tif_jpeg_12.c, + libtiff/tif_read.c: make TIFFReadScanline() works in + CHUNKY_STRIP_READ_SUPPORT mode with JPEG stream with multiple scans. + Also make configurable through a LIBTIFF_JPEG_MAX_ALLOWED_SCAN_NUMBER + environment variable the maximum number of scans allowed. Defaults to + 100. + <LI> libtiff/tif_read.c: TIFFFillTile(): add limitation to the number + of bytes read in case td_stripbytecount[strip] is bigger than + reasonable, so as to avoid excessive memory allocation (similarly to + what was done for TIFFFileStrip() on 2017-05-10) + <LI> libtiff/tif_getimage.c: use _TIFFReadEncodedStripAndAllocBuffer(). + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2708 and + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2433 . + Credit to OSS Fuzz + <LI> libtiff/tif_read.c, tiffiop.h: add a _TIFFReadEncodedStripAndAllocBuffer() + function, variant of TIFFReadEncodedStrip() that allocates the + decoded buffer only after a first successful TIFFFillStrip(). This avoids + excessive memory allocation on corrupted files. + <LI> libtiff/tif_dirwrite.c: in TIFFWriteDirectoryTagCheckedXXXX() + functions associated with LONG8/SLONG8 data type, replace assertion that + the file is BigTIFF, by a non-fatal error. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2712 + Reported by team OWL337 + <LI> libtiff/tif_read.c: TIFFStartTile(): set tif_rawcc to + tif_rawdataloaded when it is set. Similarly to TIFFStartStrip(). + This issue was revealed by the change of 2017-06-30 in TIFFFileTile(), + limiting the number of bytes read. But it could probably have been hit + too in CHUNKY_STRIP_READ_SUPPORT mode previously ? + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2454 + Credit to OSS Fuzz + <LI> libtiff/tif_error.c, tif_warning.c: correctly use va_list when both + an old-style and new-style warning/error handlers are installed. + Patch by Paavo Helde (sent on the mailing list) + <LI> libtiff/tif_getimage.c: use _TIFFReadTileAndAllocBuffer(). + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2470 + Credit to OSS Fuzz. + <LI> libtiff/tif_read.c, tiffiop.h: add a _TIFFReadEncodedTileAndAllocBuffer() + and _TIFFReadTileAndAllocBuffer() variants of TIFFReadEncodedTile() and + TIFFReadTile() that allocates the decoded buffer only after a first + successful TIFFFillTile(). This avoids excessive memory allocation + on corrupted files. + <LI> libtiff/tif_pixarlog.c: avoid excessive memory allocation on decoding + when RowsPerStrip tag is not defined (and thus td_rowsperstrip == UINT_MAX) + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2554 + Credit to OSS Fuzz + <LI> libtiff/tif_lzw.c: fix 4.0.8 regression in the decoding of old-style LZW + compressed files. + <LI> libtiff/tif_lzw.c: fix potential out-of-buffer read on 1-byte LZW + strips. Crashing issue only on memory mapped files, where the strip + offset is the last byte of the file, and the file size is a multiple + of one page size on the CPU architecture (typically 4096). Credit + to myself :-) + <LI> libtiff/tif_dir.c: avoid potential null pointer dereference in + _TIFFVGetField() on corrupted TIFFTAG_NUMBEROFINKS tag instance. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2713 + <LI> tools/tiff2pdf.c: prevent heap buffer overflow write in "Raw" + mode on PlanarConfig=Contig input images. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2715 + Reported by team OWL337 + <LI> libtiff/tif_read.c: TIFFFillStrip() / TIFFFillTile(). + Complementary fix for http://bugzilla.maptools.org/show_bug.cgi?id=2708 + in the isMapped() case, so as to avoid excessive memory allocation + when we need a temporary buffer but the file is truncated. + <LI> libtiff/tif_read.c: TIFFFillStrip() / TIFFFillTile(). + Complementary fix for http://bugzilla.maptools.org/show_bug.cgi?id=2708 + in the isMapped() case, so as to avoid excessive memory allocation + when we need a temporary buffer but the file is truncated. + <LI> libtiff/tif_read.c: in TIFFFetchStripThing(), only grow the + arrays that hold StripOffsets/StripByteCounts, when they are smaller + than the expected number of striles, up to 1 million striles, and + error out beyond. Can be tweaked by setting the environment variable + LIBTIFF_STRILE_ARRAY_MAX_RESIZE_COUNT. + This partially goes against a change added on 2002-12-17 to accept + those arrays of wrong sizes, but is needed to avoid denial of services. + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2350 + Credit to OSS Fuzz + <LI> libtiff/tif_read.c: in TIFFFetchStripThing(), only grow the + arrays that hold StripOffsets/StripByteCounts, when they are smaller + than the expected number of striles, up to 1 million striles, and + error out beyond. Can be tweaked by setting the environment variable + LIBTIFF_STRILE_ARRAY_MAX_RESIZE_COUNT. + This partially goes against a change added on 2002-12-17 to accept + those arrays of wrong sizes, but is needed to avoid denial of services. + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2350 + Credit to OSS Fuzz + <LI> libtiff/tif_read.c: add protection against excessive memory + allocation attempts in TIFFReadDirEntryArray() on short files. + Effective for mmap'ed case. And non-mmap'ed case, but restricted + to 64bit builds. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2675 + <LI> libtiff/tif_read.c: add protection against excessive memory + allocation attempts in TIFFReadDirEntryArray() on short files. + Effective for mmap'ed case. And non-mmap'ed case, but restricted + to 64bit builds. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2675 + <LI> libtiff/tif_luv.c: LogLuvInitState(): avoid excessive memory + allocation when RowsPerStrip tag is missing. + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2683 + Credit to OSS-Fuzz + <LI> libtiff/tif_getimage.c: gtTileContig() and gtTileSeparate(): + properly break from loops on error when stoponerr is set, instead + of going on iterating on row based loop. + <LI> libtiff/tif_getimage.c: fix fromskew computation when to-be-skipped + pixel number is not a multiple of the horizontal subsampling, and + also in some other cases. Impact putcontig8bitYCbCr44tile, + putcontig8bitYCbCr42tile, putcontig8bitYCbCr41tile, + putcontig8bitYCbCr21tile and putcontig8bitYCbCr12tile + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2637 (discovered + by Agostino Sarubbo) + and https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2691 (credit + to OSS Fuzz) + <LI> libtiff/tif_luv.c: further reduce memory requirements for temporary + buffer when RowsPerStrip >= image_length in LogLuvInitState() and + LogL16InitState(). + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2700 + Credit to OSS Fuzz + <LI> libtiff/tif_dirwrite.c: replace assertion related to not finding the + SubIFD tag by runtime check (in TIFFWriteDirectorySec()) + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2727 + Reported by team OWL337 + <LI> libtiff/tif_dirwrite.c: replace assertion to tag value not fitting + on uint32 when selecting the value of SubIFD tag by runtime check + (in TIFFWriteDirectoryTagSubifd()). + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2728 + Reported by team OWL337 + <LI> libtiff/tif_jpeg.c: accept reading the last strip of a JPEG compressed + file if the codestream height is larger than the truncated height of the + strip. Emit a warning in this situation since this is non compliant. + <LI> libtiff/tiffiop.h, tif_aux.c: redirect SeekOK() macro to a _TIFFSeekoK() + function that checks if the offset is not bigger than INT64_MAX, so as + to avoid a -1 error return code of TIFFSeekFile() to match a required + seek to UINT64_MAX/-1. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2726 + Adapted from proposal by Nicolas Ruff. + <LI> libtiff/tif_dirread.c: add NULL check to avoid likely false positive + null-pointer dereference warning by CLang Static Analyzer. + <LI> libtiff/libtiff.def: add TIFFReadRGBAStripExt and TIFFReadRGBATileExt + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2735 + <LI> libtiff/tif_jpeg.c: add compatibility with libjpeg-turbo 1.5.2 that + honours max_memory_to_use > 0. + Cf https://github.com/libjpeg-turbo/libjpeg-turbo/issues/162 + <LI> libtiff/tif_getimage.c: avoid floating point division by zero in + initCIELabConversion() + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3733 + Credit to OSS Fuzz +</UL> + +<P><HR WIDTH=65% ALIGN=left> + +<!--------------------------------------------------------------------------> + +<A NAME="tools"><B><FONT SIZE=+3>C</FONT>HANGES IN THE TOOLS:</B></A> + +<UL> + + <LI> tools/tiff2pdf.c: prevent heap buffer overflow write in "Raw" + mode on PlanarConfig=Contig input images. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2715 + Reported by team OWL337 + <LI> tools/tiffset.c: fix setting a single value for the ExtraSamples tag + (and other tags with variable number of values). + So 'tiffset -s ExtraSamples 1 X'. This only worked + when setting 2 or more values, but not just one. + <LI> tools/fax2tiff.c (_FAX_Client_Data): Pass FAX_Client_Data as the + client data. This client data is not used at all at the moment, + but it makes the most sense. Issue that the value of + client_data.fd was passed where a pointer is expected was reported + via email by Gerald Schade on Sun, 29 Oct 2017. + <LI> tools/tiff2pdf.c (t2p_sample_realize_palette): Fix possible + arithmetic overflow in bounds checking code and eliminate + comparison between signed and unsigned type. + <LI> tools/tiff2bw.c (main): Free memory allocated in the tiff2bw + program. This is in response to the report associated with + CVE-2017-16232 but does not solve the extremely high memory usage + with the associated POC file. + +</UL> + +<P><HR WIDTH=65% ALIGN=left> + +<!---------------------------------------------------------------------------> + +<A NAME="contrib"><B><FONT SIZE=+3>C</FONT>HANGES IN THE CONTRIB AREA:</B></A> + +<UL> + + <LI> None + +</UL> + +Last updated $Date: 2017-11-18 19:38:06 $. + +</BODY> +</HTML> diff --git a/tiff/libtiff/libtiff.def b/tiff/libtiff/libtiff.def index acf8609d5..341c719dd 100644 --- a/tiff/libtiff/libtiff.def +++ b/tiff/libtiff/libtiff.def @@ -85,7 +85,9 @@ EXPORTS TIFFAccessTagMethods TIFFReadRGBAImage TIFFReadRGBAImageOriented TIFFReadRGBAStrip + TIFFReadRGBAStripExt TIFFReadRGBATile + TIFFReadRGBATileExt TIFFReadRawStrip TIFFReadRawTile TIFFReadScanline diff --git a/tiff/libtiff/tif_aux.c b/tiff/libtiff/tif_aux.c index 3d35ba92b..10b8d00c2 100644 --- a/tiff/libtiff/tif_aux.c +++ b/tiff/libtiff/tif_aux.c @@ -1,4 +1,4 @@ -/* $Id: tif_aux.c,v 1.29 2016-11-11 20:45:53 erouault Exp $ */ +/* $Id: tif_aux.c,v 1.31 2017-11-17 20:21:00 erouault Exp $ */ /* * Copyright (c) 1991-1997 Sam Leffler @@ -359,6 +359,13 @@ _TIFFUInt64ToDouble(uint64 ui64) } } +int _TIFFSeekOK(TIFF* tif, toff_t off) +{ + /* Huge offsets, especially -1 / UINT64_MAX, can cause issues */ + /* See http://bugzilla.maptools.org/show_bug.cgi?id=2726 */ + return off <= (~(uint64)0)/2 && TIFFSeekFile(tif,off,SEEK_SET)==off; +} + /* vim: set ts=8 sts=8 sw=8 noet: */ /* * Local Variables: diff --git a/tiff/libtiff/tif_color.c b/tiff/libtiff/tif_color.c index 89194c207..71cafcde6 100644 --- a/tiff/libtiff/tif_color.c +++ b/tiff/libtiff/tif_color.c @@ -1,4 +1,4 @@ -/* $Id: tif_color.c,v 1.22 2016-09-04 21:32:56 erouault Exp $ */ +/* $Id: tif_color.c,v 1.24 2017-05-29 10:12:54 erouault Exp $ */ /* * Copyright (c) 1988-1997 Sam Leffler @@ -199,6 +199,23 @@ TIFFYCbCrtoRGB(TIFFYCbCrToRGB *ycbcr, uint32 Y, int32 Cb, int32 Cr, *b = CLAMP(i, 0, 255); } +/* Clamp function for sanitization purposes. Normally clamping should not */ +/* occur for well behaved chroma and refBlackWhite coefficients */ +static float CLAMPw(float v, float vmin, float vmax) +{ + if( v < vmin ) + { + /* printf("%f clamped to %f\n", v, vmin); */ + return vmin; + } + if( v > vmax ) + { + /* printf("%f clamped to %f\n", v, vmax); */ + return vmax; + } + return v; +} + /* * Initialize the YCbCr->RGB conversion tables. The conversion * is done according to the 6.0 spec: @@ -238,10 +255,10 @@ TIFFYCbCrToRGBInit(TIFFYCbCrToRGB* ycbcr, float *luma, float *refBlackWhite) ycbcr->Cb_g_tab = ycbcr->Cr_g_tab + 256; ycbcr->Y_tab = ycbcr->Cb_g_tab + 256; - { float f1 = 2-2*LumaRed; int32 D1 = FIX(f1); - float f2 = LumaRed*f1/LumaGreen; int32 D2 = -FIX(f2); - float f3 = 2-2*LumaBlue; int32 D3 = FIX(f3); - float f4 = LumaBlue*f3/LumaGreen; int32 D4 = -FIX(f4); + { float f1 = 2-2*LumaRed; int32 D1 = FIX(CLAMP(f1,0.0F,2.0F)); + float f2 = LumaRed*f1/LumaGreen; int32 D2 = -FIX(CLAMP(f2,0.0F,2.0F)); + float f3 = 2-2*LumaBlue; int32 D3 = FIX(CLAMP(f3,0.0F,2.0F)); + float f4 = LumaBlue*f3/LumaGreen; int32 D4 = -FIX(CLAMP(f4,0.0F,2.0F)); int x; #undef LumaBlue @@ -256,17 +273,20 @@ TIFFYCbCrToRGBInit(TIFFYCbCrToRGB* ycbcr, float *luma, float *refBlackWhite) * constructing tables indexed by the raw pixel data. */ for (i = 0, x = -128; i < 256; i++, x++) { - int32 Cr = (int32)Code2V(x, refBlackWhite[4] - 128.0F, - refBlackWhite[5] - 128.0F, 127); - int32 Cb = (int32)Code2V(x, refBlackWhite[2] - 128.0F, - refBlackWhite[3] - 128.0F, 127); + int32 Cr = (int32)CLAMPw(Code2V(x, refBlackWhite[4] - 128.0F, + refBlackWhite[5] - 128.0F, 127), + -128.0F * 32, 128.0F * 32); + int32 Cb = (int32)CLAMPw(Code2V(x, refBlackWhite[2] - 128.0F, + refBlackWhite[3] - 128.0F, 127), + -128.0F * 32, 128.0F * 32); ycbcr->Cr_r_tab[i] = (int32)((D1*Cr + ONE_HALF)>>SHIFT); ycbcr->Cb_b_tab[i] = (int32)((D3*Cb + ONE_HALF)>>SHIFT); ycbcr->Cr_g_tab[i] = D2*Cr; ycbcr->Cb_g_tab[i] = D4*Cb + ONE_HALF; ycbcr->Y_tab[i] = - (int32)Code2V(x + 128, refBlackWhite[0], refBlackWhite[1], 255); + (int32)CLAMPw(Code2V(x + 128, refBlackWhite[0], refBlackWhite[1], 255), + -128.0F * 32, 128.0F * 32); } } diff --git a/tiff/libtiff/tif_dir.c b/tiff/libtiff/tif_dir.c index ad21655a6..f00f8080a 100644 --- a/tiff/libtiff/tif_dir.c +++ b/tiff/libtiff/tif_dir.c @@ -1,4 +1,4 @@ -/* $Id: tif_dir.c,v 1.127 2016-10-25 21:35:15 erouault Exp $ */ +/* $Id: tif_dir.c,v 1.131 2017-07-11 21:38:04 erouault Exp $ */ /* * Copyright (c) 1988-1997 Sam Leffler @@ -31,6 +31,7 @@ * (and also some miscellaneous stuff) */ #include "tiffiop.h" +#include <float.h> /* * These are used in the backwards compatibility code... @@ -154,6 +155,15 @@ bad: return (0); } +static float TIFFClampDoubleToFloat( double val ) +{ + if( val > FLT_MAX ) + return FLT_MAX; + if( val < -FLT_MAX ) + return -FLT_MAX; + return (float)val; +} + static int _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap) { @@ -312,13 +322,13 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap) dblval = va_arg(ap, double); if( dblval < 0 ) goto badvaluedouble; - td->td_xresolution = (float) dblval; + td->td_xresolution = TIFFClampDoubleToFloat( dblval ); break; case TIFFTAG_YRESOLUTION: dblval = va_arg(ap, double); if( dblval < 0 ) goto badvaluedouble; - td->td_yresolution = (float) dblval; + td->td_yresolution = TIFFClampDoubleToFloat( dblval ); break; case TIFFTAG_PLANARCONFIG: v = (uint16) va_arg(ap, uint16_vap); @@ -327,10 +337,10 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap) td->td_planarconfig = (uint16) v; break; case TIFFTAG_XPOSITION: - td->td_xposition = (float) va_arg(ap, double); + td->td_xposition = TIFFClampDoubleToFloat( va_arg(ap, double) ); break; case TIFFTAG_YPOSITION: - td->td_yposition = (float) va_arg(ap, double); + td->td_yposition = TIFFClampDoubleToFloat( va_arg(ap, double) ); break; case TIFFTAG_RESOLUTIONUNIT: v = (uint16) va_arg(ap, uint16_vap); @@ -676,7 +686,7 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap) case TIFF_SRATIONAL: case TIFF_FLOAT: { - float v2 = (float)va_arg(ap, double); + float v2 = TIFFClampDoubleToFloat(va_arg(ap, double)); _TIFFmemcpy(val, &v2, tv_size); } break; @@ -854,6 +864,34 @@ _TIFFVGetField(TIFF* tif, uint32 tag, va_list ap) if( fip == NULL ) /* cannot happen since TIFFGetField() already checks it */ return 0; + if( tag == TIFFTAG_NUMBEROFINKS ) + { + int i; + for (i = 0; i < td->td_customValueCount; i++) { + uint16 val; + TIFFTagValue *tv = td->td_customValues + i; + if (tv->info->field_tag != tag) + continue; + if( tv->value == NULL ) + return 0; + val = *(uint16 *)tv->value; + /* Truncate to SamplesPerPixel, since the */ + /* setting code for INKNAMES assume that there are SamplesPerPixel */ + /* inknames. */ + /* Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2599 */ + if( val > td->td_samplesperpixel ) + { + TIFFWarningExt(tif->tif_clientdata,"_TIFFVGetField", + "Truncating NumberOfInks from %u to %u", + val, td->td_samplesperpixel); + val = td->td_samplesperpixel; + } + *va_arg(ap, uint16*) = val; + return 1; + } + return 0; + } + /* * We want to force the custom code to be used for custom * fields even if the tag happens to match a well known diff --git a/tiff/libtiff/tif_dir.h b/tiff/libtiff/tif_dir.h index 6af5f3dc3..5a3807673 100644 --- a/tiff/libtiff/tif_dir.h +++ b/tiff/libtiff/tif_dir.h @@ -1,4 +1,4 @@ -/* $Id: tif_dir.h,v 1.54 2011-02-18 20:53:05 fwarmerdam Exp $ */ +/* $Id: tif_dir.h,v 1.55 2017-06-01 12:44:04 erouault Exp $ */ /* * Copyright (c) 1988-1997 Sam Leffler @@ -291,6 +291,7 @@ struct _TIFFField { extern int _TIFFMergeFields(TIFF*, const TIFFField[], uint32); extern const TIFFField* _TIFFFindOrRegisterField(TIFF *, uint32, TIFFDataType); extern TIFFField* _TIFFCreateAnonField(TIFF *, uint32, TIFFDataType); +extern int _TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag); #if defined(__cplusplus) } diff --git a/tiff/libtiff/tif_dirinfo.c b/tiff/libtiff/tif_dirinfo.c index 23ad00205..4904f540e 100644 --- a/tiff/libtiff/tif_dirinfo.c +++ b/tiff/libtiff/tif_dirinfo.c @@ -1,4 +1,4 @@ -/* $Id: tif_dirinfo.c,v 1.126 2016-11-18 02:52:13 bfriesen Exp $ */ +/* $Id: tif_dirinfo.c,v 1.127 2017-06-01 12:44:04 erouault Exp $ */ /* * Copyright (c) 1988-1997 Sam Leffler @@ -956,6 +956,109 @@ TIFFMergeFieldInfo(TIFF* tif, const TIFFFieldInfo info[], uint32 n) return 0; } +int +_TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag) +{ + /* Filter out non-codec specific tags */ + switch (tag) { + /* Shared tags */ + case TIFFTAG_PREDICTOR: + /* JPEG tags */ + case TIFFTAG_JPEGTABLES: + /* OJPEG tags */ + case TIFFTAG_JPEGIFOFFSET: + case TIFFTAG_JPEGIFBYTECOUNT: + case TIFFTAG_JPEGQTABLES: + case TIFFTAG_JPEGDCTABLES: + case TIFFTAG_JPEGACTABLES: + case TIFFTAG_JPEGPROC: + case TIFFTAG_JPEGRESTARTINTERVAL: + /* CCITT* */ + case TIFFTAG_BADFAXLINES: + case TIFFTAG_CLEANFAXDATA: + case TIFFTAG_CONSECUTIVEBADFAXLINES: + case TIFFTAG_GROUP3OPTIONS: + case TIFFTAG_GROUP4OPTIONS: + break; + default: + return 1; + } + /* Check if codec specific tags are allowed for the current + * compression scheme (codec) */ + switch (tif->tif_dir.td_compression) { + case COMPRESSION_LZW: + if (tag == TIFFTAG_PREDICTOR) + return 1; + break; + case COMPRESSION_PACKBITS: + /* No codec-specific tags */ + break; + case COMPRESSION_THUNDERSCAN: + /* No codec-specific tags */ + break; + case COMPRESSION_NEXT: + /* No codec-specific tags */ + break; + case COMPRESSION_JPEG: + if (tag == TIFFTAG_JPEGTABLES) + return 1; + break; + case COMPRESSION_OJPEG: + switch (tag) { + case TIFFTAG_JPEGIFOFFSET: + case TIFFTAG_JPEGIFBYTECOUNT: + case TIFFTAG_JPEGQTABLES: + case TIFFTAG_JPEGDCTABLES: + case TIFFTAG_JPEGACTABLES: + case TIFFTAG_JPEGPROC: + case TIFFTAG_JPEGRESTARTINTERVAL: + return 1; + } + break; + case COMPRESSION_CCITTRLE: + case COMPRESSION_CCITTRLEW: + case COMPRESSION_CCITTFAX3: + case COMPRESSION_CCITTFAX4: + switch (tag) { + case TIFFTAG_BADFAXLINES: + case TIFFTAG_CLEANFAXDATA: + case TIFFTAG_CONSECUTIVEBADFAXLINES: + return 1; + case TIFFTAG_GROUP3OPTIONS: + if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX3) + return 1; + break; + case TIFFTAG_GROUP4OPTIONS: + if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX4) + return 1; + break; + } + break; + case COMPRESSION_JBIG: + /* No codec-specific tags */ + break; + case COMPRESSION_DEFLATE: + case COMPRESSION_ADOBE_DEFLATE: + if (tag == TIFFTAG_PREDICTOR) + return 1; + break; + case COMPRESSION_PIXARLOG: + if (tag == TIFFTAG_PREDICTOR) + return 1; + break; + case COMPRESSION_SGILOG: + case COMPRESSION_SGILOG24: + /* No codec-specific tags */ + break; + case COMPRESSION_LZMA: + if (tag == TIFFTAG_PREDICTOR) + return 1; + break; + + } + return 0; +} + /* vim: set ts=8 sts=8 sw=8 noet: */ /* diff --git a/tiff/libtiff/tif_dirread.c b/tiff/libtiff/tif_dirread.c index 01070f2ec..5e62e8131 100644 --- a/tiff/libtiff/tif_dirread.c +++ b/tiff/libtiff/tif_dirread.c @@ -1,4 +1,4 @@ -/* $Id: tif_dirread.c,v 1.204 2016-11-16 15:14:15 erouault Exp $ */ +/* $Id: tif_dirread.c,v 1.218 2017-09-09 21:44:42 erouault Exp $ */ /* * Copyright (c) 1988-1997 Sam Leffler @@ -40,6 +40,8 @@ */ #include "tiffiop.h" +#include <float.h> +#include <stdlib.h> #define IGNORE 0 /* tag placeholder used below */ #define FAILED_FII ((uint32) -1) @@ -635,6 +637,8 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntryFloat(TIFF* tif, TIFFDirEntry* d err=TIFFReadDirEntryCheckedDouble(tif,direntry,&m); if (err!=TIFFReadDirEntryErrOk) return(err); + if ((m > FLT_MAX) || (m < FLT_MIN)) + return(TIFFReadDirEntryErrRange); *value=(float)m; return(TIFFReadDirEntryErrOk); } @@ -764,13 +768,80 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8(TIFF* tif, TIFFDirEntry* di } } -static enum TIFFReadDirEntryErr TIFFReadDirEntryArray(TIFF* tif, TIFFDirEntry* direntry, uint32* count, uint32 desttypesize, void** value) + +#define INITIAL_THRESHOLD (1024 * 1024) +#define THRESHOLD_MULTIPLIER 10 +#define MAX_THRESHOLD (THRESHOLD_MULTIPLIER * THRESHOLD_MULTIPLIER * THRESHOLD_MULTIPLIER * INITIAL_THRESHOLD) + +static enum TIFFReadDirEntryErr TIFFReadDirEntryDataAndRealloc( + TIFF* tif, uint64 offset, tmsize_t size, void** pdest) +{ +#if SIZEOF_VOIDP == 8 || SIZEOF_SIZE_T == 8 + tmsize_t threshold = INITIAL_THRESHOLD; +#endif + tmsize_t already_read = 0; + + assert( !isMapped(tif) ); + + if (!SeekOK(tif,offset)) + return(TIFFReadDirEntryErrIo); + + /* On 64 bit processes, read first a maximum of 1 MB, then 10 MB, etc */ + /* so as to avoid allocating too much memory in case the file is too */ + /* short. We could ask for the file size, but this might be */ + /* expensive with some I/O layers (think of reading a gzipped file) */ + /* Restrict to 64 bit processes, so as to avoid reallocs() */ + /* on 32 bit processes where virtual memory is scarce. */ + while( already_read < size ) + { + void* new_dest; + tmsize_t bytes_read; + tmsize_t to_read = size - already_read; +#if SIZEOF_VOIDP == 8 || SIZEOF_SIZE_T == 8 + if( to_read >= threshold && threshold < MAX_THRESHOLD ) + { + to_read = threshold; + threshold *= THRESHOLD_MULTIPLIER; + } +#endif + + new_dest = (uint8*) _TIFFrealloc( + *pdest, already_read + to_read); + if( new_dest == NULL ) + { + TIFFErrorExt(tif->tif_clientdata, tif->tif_name, + "Failed to allocate memory for %s " + "(%ld elements of %ld bytes each)", + "TIFFReadDirEntryArray", + (long) 1, (long) (already_read + to_read)); + return TIFFReadDirEntryErrAlloc; + } + *pdest = new_dest; + + bytes_read = TIFFReadFile(tif, + (char*)*pdest + already_read, to_read); + already_read += bytes_read; + if (bytes_read != to_read) { + return TIFFReadDirEntryErrIo; + } + } + return TIFFReadDirEntryErrOk; +} + +static enum TIFFReadDirEntryErr TIFFReadDirEntryArrayWithLimit( + TIFF* tif, TIFFDirEntry* direntry, uint32* count, uint32 desttypesize, + void** value, uint64 maxcount) { int typesize; uint32 datasize; void* data; + uint64 target_count64; typesize=TIFFDataWidth(direntry->tdir_type); - if ((direntry->tdir_count==0)||(typesize==0)) + + target_count64 = (direntry->tdir_count > maxcount) ? + maxcount : direntry->tdir_count; + + if ((target_count64==0)||(typesize==0)) { *value=0; return(TIFFReadDirEntryErrOk); @@ -782,17 +853,30 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntryArray(TIFF* tif, TIFFDirEntry* d * in either the current data type or the dest data type. This also * avoids problems with overflow of tmsize_t on 32bit systems. */ - if ((uint64)(2147483647/typesize)<direntry->tdir_count) + if ((uint64)(2147483647/typesize)<target_count64) return(TIFFReadDirEntryErrSizesan); - if ((uint64)(2147483647/desttypesize)<direntry->tdir_count) + if ((uint64)(2147483647/desttypesize)<target_count64) return(TIFFReadDirEntryErrSizesan); - *count=(uint32)direntry->tdir_count; + *count=(uint32)target_count64; datasize=(*count)*typesize; assert((tmsize_t)datasize>0); - data=_TIFFCheckMalloc(tif, *count, typesize, "ReadDirEntryArray"); - if (data==0) - return(TIFFReadDirEntryErrAlloc); + + if( isMapped(tif) && datasize > (uint32)tif->tif_size ) + return TIFFReadDirEntryErrIo; + + if( !isMapped(tif) && + (((tif->tif_flags&TIFF_BIGTIFF) && datasize > 8) || + (!(tif->tif_flags&TIFF_BIGTIFF) && datasize > 4)) ) + { + data = NULL; + } + else + { + data=_TIFFCheckMalloc(tif, *count, typesize, "ReadDirEntryArray"); + if (data==0) + return(TIFFReadDirEntryErrAlloc); + } if (!(tif->tif_flags&TIFF_BIGTIFF)) { if (datasize<=4) @@ -803,7 +887,10 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntryArray(TIFF* tif, TIFFDirEntry* d uint32 offset = direntry->tdir_offset.toff_long; if (tif->tif_flags&TIFF_SWAB) TIFFSwabLong(&offset); - err=TIFFReadDirEntryData(tif,(uint64)offset,(tmsize_t)datasize,data); + if( isMapped(tif) ) + err=TIFFReadDirEntryData(tif,(uint64)offset,(tmsize_t)datasize,data); + else + err=TIFFReadDirEntryDataAndRealloc(tif,(uint64)offset,(tmsize_t)datasize,&data); if (err!=TIFFReadDirEntryErrOk) { _TIFFfree(data); @@ -821,7 +908,10 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntryArray(TIFF* tif, TIFFDirEntry* d uint64 offset = direntry->tdir_offset.toff_long8; if (tif->tif_flags&TIFF_SWAB) TIFFSwabLong8(&offset); - err=TIFFReadDirEntryData(tif,offset,(tmsize_t)datasize,data); + if( isMapped(tif) ) + err=TIFFReadDirEntryData(tif,(uint64)offset,(tmsize_t)datasize,data); + else + err=TIFFReadDirEntryDataAndRealloc(tif,(uint64)offset,(tmsize_t)datasize,&data); if (err!=TIFFReadDirEntryErrOk) { _TIFFfree(data); @@ -833,6 +923,12 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntryArray(TIFF* tif, TIFFDirEntry* d return(TIFFReadDirEntryErrOk); } +static enum TIFFReadDirEntryErr TIFFReadDirEntryArray(TIFF* tif, TIFFDirEntry* direntry, uint32* count, uint32 desttypesize, void** value) +{ + return TIFFReadDirEntryArrayWithLimit(tif, direntry, count, + desttypesize, value, ~((uint64)0)); +} + static enum TIFFReadDirEntryErr TIFFReadDirEntryByteArray(TIFF* tif, TIFFDirEntry* direntry, uint8** value) { enum TIFFReadDirEntryErr err; @@ -1862,7 +1958,8 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntrySlongArray(TIFF* tif, TIFFDirEnt return(TIFFReadDirEntryErrOk); } -static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8Array(TIFF* tif, TIFFDirEntry* direntry, uint64** value) +static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8ArrayWithLimit( + TIFF* tif, TIFFDirEntry* direntry, uint64** value, uint64 maxcount) { enum TIFFReadDirEntryErr err; uint32 count; @@ -1882,7 +1979,7 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8Array(TIFF* tif, TIFFDirEnt default: return(TIFFReadDirEntryErrType); } - err=TIFFReadDirEntryArray(tif,direntry,&count,8,&origdata); + err=TIFFReadDirEntryArrayWithLimit(tif,direntry,&count,8,&origdata,maxcount); if ((err!=TIFFReadDirEntryErrOk)||(origdata==0)) { *value=0; @@ -2028,6 +2125,11 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8Array(TIFF* tif, TIFFDirEnt return(TIFFReadDirEntryErrOk); } +static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8Array(TIFF* tif, TIFFDirEntry* direntry, uint64** value) +{ + return TIFFReadDirEntryLong8ArrayWithLimit(tif, direntry, value, ~((uint64)0)); +} + static enum TIFFReadDirEntryErr TIFFReadDirEntrySlong8Array(TIFF* tif, TIFFDirEntry* direntry, int64** value) { enum TIFFReadDirEntryErr err; @@ -2406,7 +2508,14 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntryFloatArray(TIFF* tif, TIFFDirEnt ma=(double*)origdata; mb=data; for (n=0; n<count; n++) - *mb++=(float)(*ma++); + { + double val = *ma++; + if( val > FLT_MAX ) + val = FLT_MAX; + else if( val < -FLT_MAX ) + val = -FLT_MAX; + *mb++=(float)val; + } } break; } @@ -2723,7 +2832,7 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleShort(TIFF* tif, TIFFDi if (direntry->tdir_count<(uint64)tif->tif_dir.td_samplesperpixel) return(TIFFReadDirEntryErrCount); err=TIFFReadDirEntryShortArray(tif,direntry,&m); - if (err!=TIFFReadDirEntryErrOk) + if (err!=TIFFReadDirEntryErrOk || m == NULL) return(err); na=m; nb=tif->tif_dir.td_samplesperpixel; @@ -2872,7 +2981,10 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedRational(TIFF* tif, TIFFD m.l = direntry->tdir_offset.toff_long8; if (tif->tif_flags&TIFF_SWAB) TIFFSwabArrayOfLong(m.i,2); - if (m.i[0]==0) + /* Not completely sure what we should do when m.i[1]==0, but some */ + /* sanitizers do not like division by 0.0: */ + /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */ + if (m.i[0]==0 || m.i[1]==0) *value=0.0; else *value=(double)m.i[0]/(double)m.i[1]; @@ -2900,7 +3012,10 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSrational(TIFF* tif, TIFF m.l=direntry->tdir_offset.toff_long8; if (tif->tif_flags&TIFF_SWAB) TIFFSwabArrayOfLong(m.i,2); - if ((int32)m.i[0]==0) + /* Not completely sure what we should do when m.i[1]==0, but some */ + /* sanitizers do not like division by 0.0: */ + /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */ + if ((int32)m.i[0]==0 || m.i[1]==0) *value=0.0; else *value=(double)((int32)m.i[0])/(double)m.i[1]; @@ -3566,6 +3681,10 @@ TIFFReadDirectory(TIFF* tif) goto bad; dp->tdir_tag=IGNORE; break; + default: + if( !_TIFFCheckFieldIsValidForCodec(tif, dp->tdir_tag) ) + dp->tdir_tag=IGNORE; + break; } } } @@ -3724,6 +3843,14 @@ TIFFReadDirectory(TIFF* tif) _TIFFmemcpy( &(tif->tif_dir.td_stripoffset_entry), dp, sizeof(TIFFDirEntry) ); #else + if( tif->tif_dir.td_stripoffset != NULL ) + { + TIFFErrorExt(tif->tif_clientdata, module, + "tif->tif_dir.td_stripoffset is " + "already allocated. Likely duplicated " + "StripOffsets/TileOffsets tag"); + goto bad; + } if (!TIFFFetchStripThing(tif,dp,tif->tif_dir.td_nstrips,&tif->tif_dir.td_stripoffset)) goto bad; #endif @@ -3734,7 +3861,15 @@ TIFFReadDirectory(TIFF* tif) _TIFFmemcpy( &(tif->tif_dir.td_stripbytecount_entry), dp, sizeof(TIFFDirEntry) ); #else - if (!TIFFFetchStripThing(tif,dp,tif->tif_dir.td_nstrips,&tif->tif_dir.td_stripbytecount)) + if( tif->tif_dir.td_stripbytecount != NULL ) + { + TIFFErrorExt(tif->tif_clientdata, module, + "tif->tif_dir.td_stripbytecount is " + "already allocated. Likely duplicated " + "StripByteCounts/TileByteCounts tag"); + goto bad; + } + if (!TIFFFetchStripThing(tif,dp,tif->tif_dir.td_nstrips,&tif->tif_dir.td_stripbytecount)) goto bad; #endif break; @@ -3949,12 +4084,14 @@ TIFFReadDirectory(TIFF* tif) #define BYTECOUNTLOOKSBAD \ ( (tif->tif_dir.td_stripbytecount[0] == 0 && tif->tif_dir.td_stripoffset[0] != 0) || \ (tif->tif_dir.td_compression == COMPRESSION_NONE && \ - tif->tif_dir.td_stripbytecount[0] > TIFFGetFileSize(tif) - tif->tif_dir.td_stripoffset[0]) || \ + (tif->tif_dir.td_stripoffset[0] <= TIFFGetFileSize(tif) && \ + tif->tif_dir.td_stripbytecount[0] > TIFFGetFileSize(tif) - tif->tif_dir.td_stripoffset[0])) || \ (tif->tif_mode == O_RDONLY && \ tif->tif_dir.td_compression == COMPRESSION_NONE && \ tif->tif_dir.td_stripbytecount[0] < TIFFScanlineSize64(tif) * tif->tif_dir.td_imagelength) ) } else if (tif->tif_dir.td_nstrips == 1 + && !(tif->tif_flags&TIFF_ISTILED) && _TIFFFillStriles(tif) && tif->tif_dir.td_stripoffset[0] != 0 && BYTECOUNTLOOKSBAD) { @@ -4332,7 +4469,11 @@ EstimateStripByteCounts(TIFF* tif, TIFFDirEntry* dir, uint16 dircount) } space+=datasize; } - space = filesize - space; + if( filesize < space ) + /* we should perhaps return in error ? */ + space = filesize; + else + space = filesize - space; if (td->td_planarconfig == PLANARCONFIG_SEPARATE) space /= td->td_samplesperpixel; for (strip = 0; strip < td->td_nstrips; strip++) @@ -5399,28 +5540,39 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uint64** lpp) static const char module[] = "TIFFFetchStripThing"; enum TIFFReadDirEntryErr err; uint64* data; - err=TIFFReadDirEntryLong8Array(tif,dir,&data); + err=TIFFReadDirEntryLong8ArrayWithLimit(tif,dir,&data,nstrips); if (err!=TIFFReadDirEntryErrOk) { const TIFFField* fip = TIFFFieldWithTag(tif,dir->tdir_tag); TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",0); return(0); } - if (dir->tdir_count!=(uint64)nstrips) + if (dir->tdir_count<(uint64)nstrips) { uint64* resizeddata; + const TIFFField* fip = TIFFFieldWithTag(tif,dir->tdir_tag); + const char* pszMax = getenv("LIBTIFF_STRILE_ARRAY_MAX_RESIZE_COUNT"); + uint32 max_nstrips = 1000000; + if( pszMax ) + max_nstrips = (uint32) atoi(pszMax); + TIFFReadDirEntryOutputErr(tif,TIFFReadDirEntryErrCount, + module, + fip ? fip->field_name : "unknown tagname", + ( nstrips <= max_nstrips ) ); + + if( nstrips > max_nstrips ) + { + _TIFFfree(data); + return(0); + } + resizeddata=(uint64*)_TIFFCheckMalloc(tif,nstrips,sizeof(uint64),"for strip array"); if (resizeddata==0) { _TIFFfree(data); return(0); } - if (dir->tdir_count<(uint64)nstrips) - { - _TIFFmemcpy(resizeddata,data,(uint32)dir->tdir_count*sizeof(uint64)); - _TIFFmemset(resizeddata+(uint32)dir->tdir_count,0,(nstrips-(uint32)dir->tdir_count)*sizeof(uint64)); - } - else - _TIFFmemcpy(resizeddata,data,nstrips*sizeof(uint64)); + _TIFFmemcpy(resizeddata,data,(uint32)dir->tdir_count*sizeof(uint64)); + _TIFFmemset(resizeddata+(uint32)dir->tdir_count,0,(nstrips-(uint32)dir->tdir_count)*sizeof(uint64)); _TIFFfree(data); data=resizeddata; } @@ -5502,13 +5654,17 @@ ChopUpSingleUncompressedStrip(TIFF* tif) uint64 rowblockbytes; uint64 stripbytes; uint32 strip; - uint64 nstrips64; - uint32 nstrips32; + uint32 nstrips; uint32 rowsperstrip; uint64* newcounts; uint64* newoffsets; bytecount = td->td_stripbytecount[0]; + /* On a newly created file, just re-opened to be filled, we */ + /* don't want strip chop to trigger as it is going to cause issues */ + /* later ( StripOffsets and StripByteCounts improperly filled) . */ + if( bytecount == 0 && tif->tif_mode != O_RDONLY ) + return; offset = td->td_stripoffset[0]; assert(td->td_planarconfig == PLANARCONFIG_CONTIG); if ((td->td_photometric == PHOTOMETRIC_YCBCR)&& @@ -5534,18 +5690,17 @@ ChopUpSingleUncompressedStrip(TIFF* tif) return; /* - * never increase the number of strips in an image + * never increase the number of rows per strip */ if (rowsperstrip >= td->td_rowsperstrip) return; - nstrips64 = TIFFhowmany_64(bytecount, stripbytes); - if ((nstrips64==0)||(nstrips64>0xFFFFFFFF)) /* something is wonky, do nothing. */ - return; - nstrips32 = (uint32)nstrips64; + nstrips = TIFFhowmany_32(td->td_imagelength, rowsperstrip); + if( nstrips == 0 ) + return; - newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64), + newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64), "for chopped \"StripByteCounts\" array"); - newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64), + newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64), "for chopped \"StripOffsets\" array"); if (newcounts == NULL || newoffsets == NULL) { /* @@ -5562,18 +5717,18 @@ ChopUpSingleUncompressedStrip(TIFF* tif) * Fill the strip information arrays with new bytecounts and offsets * that reflect the broken-up format. */ - for (strip = 0; strip < nstrips32; strip++) { + for (strip = 0; strip < nstrips; strip++) { if (stripbytes > bytecount) stripbytes = bytecount; newcounts[strip] = stripbytes; - newoffsets[strip] = offset; + newoffsets[strip] = stripbytes ? offset : 0; offset += stripbytes; bytecount -= stripbytes; } /* * Replace old single strip info with multi-strip info. */ - td->td_stripsperimage = td->td_nstrips = nstrips32; + td->td_stripsperimage = td->td_nstrips = nstrips; TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, rowsperstrip); _TIFFfree(td->td_stripbytecount); diff --git a/tiff/libtiff/tif_dirwrite.c b/tiff/libtiff/tif_dirwrite.c index d34f6f611..c68d6d21d 100644 --- a/tiff/libtiff/tif_dirwrite.c +++ b/tiff/libtiff/tif_dirwrite.c @@ -1,4 +1,4 @@ -/* $Id: tif_dirwrite.c,v 1.83 2016-10-25 21:35:15 erouault Exp $ */ +/* $Id: tif_dirwrite.c,v 1.89 2017-08-23 13:33:42 erouault Exp $ */ /* * Copyright (c) 1988-1997 Sam Leffler @@ -30,6 +30,7 @@ * Directory Write Support Routines. */ #include "tiffiop.h" +#include <float.h> #ifdef HAVE_IEEEFP #define TIFFCvtNativeToIEEEFloat(tif, n, fp) @@ -820,7 +821,12 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int imagedone, uint64* pdiroff) TIFFDirEntry* nb; for (na=0, nb=dir; ; na++, nb++) { - assert(na<ndir); + if( na == ndir ) + { + TIFFErrorExt(tif->tif_clientdata,module, + "Cannot find SubIFD tag"); + goto bad; + } if (nb->tdir_tag==TIFFTAG_SUBIFD) break; } @@ -939,6 +945,69 @@ bad: return(0); } +static float TIFFClampDoubleToFloat( double val ) +{ + if( val > FLT_MAX ) + return FLT_MAX; + if( val < -FLT_MAX ) + return -FLT_MAX; + return (float)val; +} + +static int8 TIFFClampDoubleToInt8( double val ) +{ + if( val > 127 ) + return 127; + if( val < -128 || val != val ) + return -128; + return (int8)val; +} + +static int16 TIFFClampDoubleToInt16( double val ) +{ + if( val > 32767 ) + return 32767; + if( val < -32768 || val != val ) + return -32768; + return (int16)val; +} + +static int32 TIFFClampDoubleToInt32( double val ) +{ + if( val > 0x7FFFFFFF ) + return 0x7FFFFFFF; + if( val < -0x7FFFFFFF-1 || val != val ) + return -0x7FFFFFFF-1; + return (int32)val; +} + +static uint8 TIFFClampDoubleToUInt8( double val ) +{ + if( val < 0 ) + return 0; + if( val > 255 || val != val ) + return 255; + return (uint8)val; +} + +static uint16 TIFFClampDoubleToUInt16( double val ) +{ + if( val < 0 ) + return 0; + if( val > 65535 || val != val ) + return 65535; + return (uint16)val; +} + +static uint32 TIFFClampDoubleToUInt32( double val ) +{ + if( val < 0 ) + return 0; + if( val > 0xFFFFFFFFU || val != val ) + return 0xFFFFFFFFU; + return (uint32)val; +} + static int TIFFWriteDirectoryTagSampleformatArray(TIFF* tif, uint32* ndir, TIFFDirEntry* dir, uint16 tag, uint32 count, double* value) { @@ -959,7 +1028,7 @@ TIFFWriteDirectoryTagSampleformatArray(TIFF* tif, uint32* ndir, TIFFDirEntry* di if (tif->tif_dir.td_bitspersample<=32) { for (i = 0; i < count; ++i) - ((float*)conv)[i] = (float)value[i]; + ((float*)conv)[i] = TIFFClampDoubleToFloat(value[i]); ok = TIFFWriteDirectoryTagFloatArray(tif,ndir,dir,tag,count,(float*)conv); } else @@ -971,19 +1040,19 @@ TIFFWriteDirectoryTagSampleformatArray(TIFF* tif, uint32* ndir, TIFFDirEntry* di if (tif->tif_dir.td_bitspersample<=8) { for (i = 0; i < count; ++i) - ((int8*)conv)[i] = (int8)value[i]; + ((int8*)conv)[i] = TIFFClampDoubleToInt8(value[i]); ok = TIFFWriteDirectoryTagSbyteArray(tif,ndir,dir,tag,count,(int8*)conv); } else if (tif->tif_dir.td_bitspersample<=16) { for (i = 0; i < count; ++i) - ((int16*)conv)[i] = (int16)value[i]; + ((int16*)conv)[i] = TIFFClampDoubleToInt16(value[i]); ok = TIFFWriteDirectoryTagSshortArray(tif,ndir,dir,tag,count,(int16*)conv); } else { for (i = 0; i < count; ++i) - ((int32*)conv)[i] = (int32)value[i]; + ((int32*)conv)[i] = TIFFClampDoubleToInt32(value[i]); ok = TIFFWriteDirectoryTagSlongArray(tif,ndir,dir,tag,count,(int32*)conv); } break; @@ -991,19 +1060,19 @@ TIFFWriteDirectoryTagSampleformatArray(TIFF* tif, uint32* ndir, TIFFDirEntry* di if (tif->tif_dir.td_bitspersample<=8) { for (i = 0; i < count; ++i) - ((uint8*)conv)[i] = (uint8)value[i]; + ((uint8*)conv)[i] = TIFFClampDoubleToUInt8(value[i]); ok = TIFFWriteDirectoryTagByteArray(tif,ndir,dir,tag,count,(uint8*)conv); } else if (tif->tif_dir.td_bitspersample<=16) { for (i = 0; i < count; ++i) - ((uint16*)conv)[i] = (uint16)value[i]; + ((uint16*)conv)[i] = TIFFClampDoubleToUInt16(value[i]); ok = TIFFWriteDirectoryTagShortArray(tif,ndir,dir,tag,count,(uint16*)conv); } else { for (i = 0; i < count; ++i) - ((uint32*)conv)[i] = (uint32)value[i]; + ((uint32*)conv)[i] = TIFFClampDoubleToUInt32(value[i]); ok = TIFFWriteDirectoryTagLongArray(tif,ndir,dir,tag,count,(uint32*)conv); } break; @@ -1880,7 +1949,14 @@ TIFFWriteDirectoryTagSubifd(TIFF* tif, uint32* ndir, TIFFDirEntry* dir) for (p=0; p < tif->tif_dir.td_nsubifd; p++) { assert(pa != 0); - assert(*pa <= 0xFFFFFFFFUL); + + /* Could happen if an classicTIFF has a SubIFD of type LONG8 (which is illegal) */ + if( *pa > 0xFFFFFFFFUL) + { + TIFFErrorExt(tif->tif_clientdata,module,"Illegal value for SubIFD tag"); + _TIFFfree(o); + return(0); + } *pb++=(uint32)(*pa++); } n=TIFFWriteDirectoryTagCheckedIfdArray(tif,ndir,dir,TIFFTAG_SUBIFD,tif->tif_dir.td_nsubifd,o); @@ -2047,7 +2123,10 @@ TIFFWriteDirectoryTagCheckedLong8(TIFF* tif, uint32* ndir, TIFFDirEntry* dir, ui { uint64 m; assert(sizeof(uint64)==8); - assert(tif->tif_flags&TIFF_BIGTIFF); + if( !(tif->tif_flags&TIFF_BIGTIFF) ) { + TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","LONG8 not allowed for ClassicTIFF"); + return(0); + } m=value; if (tif->tif_flags&TIFF_SWAB) TIFFSwabLong8(&m); @@ -2060,7 +2139,10 @@ TIFFWriteDirectoryTagCheckedLong8Array(TIFF* tif, uint32* ndir, TIFFDirEntry* di { assert(count<0x20000000); assert(sizeof(uint64)==8); - assert(tif->tif_flags&TIFF_BIGTIFF); + if( !(tif->tif_flags&TIFF_BIGTIFF) ) { + TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8Array","LONG8 not allowed for ClassicTIFF"); + return(0); + } if (tif->tif_flags&TIFF_SWAB) TIFFSwabArrayOfLong8(value,count); return(TIFFWriteDirectoryTagData(tif,ndir,dir,tag,TIFF_LONG8,count,count*8,value)); @@ -2072,7 +2154,10 @@ TIFFWriteDirectoryTagCheckedSlong8(TIFF* tif, uint32* ndir, TIFFDirEntry* dir, u { int64 m; assert(sizeof(int64)==8); - assert(tif->tif_flags&TIFF_BIGTIFF); + if( !(tif->tif_flags&TIFF_BIGTIFF) ) { + TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedSlong8","SLONG8 not allowed for ClassicTIFF"); + return(0); + } m=value; if (tif->tif_flags&TIFF_SWAB) TIFFSwabLong8((uint64*)(&m)); @@ -2085,7 +2170,10 @@ TIFFWriteDirectoryTagCheckedSlong8Array(TIFF* tif, uint32* ndir, TIFFDirEntry* d { assert(count<0x20000000); assert(sizeof(int64)==8); - assert(tif->tif_flags&TIFF_BIGTIFF); + if( !(tif->tif_flags&TIFF_BIGTIFF) ) { + TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedSlong8Array","SLONG8 not allowed for ClassicTIFF"); + return(0); + } if (tif->tif_flags&TIFF_SWAB) TIFFSwabArrayOfLong8((uint64*)value,count); return(TIFFWriteDirectoryTagData(tif,ndir,dir,tag,TIFF_SLONG8,count,count*8,value)); @@ -2094,15 +2182,25 @@ TIFFWriteDirectoryTagCheckedSlong8Array(TIFF* tif, uint32* ndir, TIFFDirEntry* d static int TIFFWriteDirectoryTagCheckedRational(TIFF* tif, uint32* ndir, TIFFDirEntry* dir, uint16 tag, double value) { + static const char module[] = "TIFFWriteDirectoryTagCheckedRational"; uint32 m[2]; - assert(value>=0.0); assert(sizeof(uint32)==4); - if (value<=0.0) + if( value < 0 ) + { + TIFFErrorExt(tif->tif_clientdata,module,"Negative value is illegal"); + return 0; + } + else if( value != value ) + { + TIFFErrorExt(tif->tif_clientdata,module,"Not-a-number value is illegal"); + return 0; + } + else if (value==0.0) { m[0]=0; m[1]=1; } - else if (value==(double)(uint32)value) + else if (value <= 0xFFFFFFFFU && value==(double)(uint32)value) { m[0]=(uint32)value; m[1]=1; @@ -2143,12 +2241,13 @@ TIFFWriteDirectoryTagCheckedRationalArray(TIFF* tif, uint32* ndir, TIFFDirEntry* } for (na=value, nb=m, nc=0; nc<count; na++, nb+=2, nc++) { - if (*na<=0.0) + if (*na<=0.0 || *na != *na) { nb[0]=0; nb[1]=1; } - else if (*na==(float)(uint32)(*na)) + else if (*na >= 0 && *na <= (float)0xFFFFFFFFU && + *na==(float)(uint32)(*na)) { nb[0]=(uint32)(*na); nb[1]=1; diff --git a/tiff/libtiff/tif_error.c b/tiff/libtiff/tif_error.c index 0bc8b878b..47516b4f5 100644 --- a/tiff/libtiff/tif_error.c +++ b/tiff/libtiff/tif_error.c @@ -1,4 +1,4 @@ -/* $Header: /cvs/maptools/cvsroot/libtiff/libtiff/tif_error.c,v 1.5 2010-03-10 18:56:48 bfriesen Exp $ */ +/* $Header: /cvs/maptools/cvsroot/libtiff/libtiff/tif_error.c,v 1.6 2017-07-04 12:54:42 erouault Exp $ */ /* * Copyright (c) 1988-1997 Sam Leffler @@ -51,24 +51,32 @@ void TIFFError(const char* module, const char* fmt, ...) { va_list ap; - va_start(ap, fmt); - if (_TIFFerrorHandler) + if (_TIFFerrorHandler) { + va_start(ap, fmt); (*_TIFFerrorHandler)(module, fmt, ap); - if (_TIFFerrorHandlerExt) + va_end(ap); + } + if (_TIFFerrorHandlerExt) { + va_start(ap, fmt); (*_TIFFerrorHandlerExt)(0, module, fmt, ap); - va_end(ap); + va_end(ap); + } } void TIFFErrorExt(thandle_t fd, const char* module, const char* fmt, ...) { va_list ap; - va_start(ap, fmt); - if (_TIFFerrorHandler) + if (_TIFFerrorHandler) { + va_start(ap, fmt); (*_TIFFerrorHandler)(module, fmt, ap); - if (_TIFFerrorHandlerExt) + va_end(ap); + } + if (_TIFFerrorHandlerExt) { + va_start(ap, fmt); (*_TIFFerrorHandlerExt)(fd, module, fmt, ap); - va_end(ap); + va_end(ap); + } } /* diff --git a/tiff/libtiff/tif_fax3.c b/tiff/libtiff/tif_fax3.c index 16bb4d36f..5fd514118 100644 --- a/tiff/libtiff/tif_fax3.c +++ b/tiff/libtiff/tif_fax3.c @@ -1,4 +1,4 @@ -/* $Id: tif_fax3.c,v 1.78 2016-09-04 21:32:56 erouault Exp $ */ +/* $Id: tif_fax3.c,v 1.81 2017-06-18 10:31:50 erouault Exp $ */ /* * Copyright (c) 1990-1997 Sam Leffler @@ -329,34 +329,64 @@ Fax3Decode2D(TIFF* tif, uint8* buf, tmsize_t occ, uint16 s) #if SIZEOF_UNSIGNED_LONG == 8 # define FILL(n, cp) \ switch (n) { \ - case 15:(cp)[14] = 0xff; case 14:(cp)[13] = 0xff; case 13: (cp)[12] = 0xff;\ - case 12:(cp)[11] = 0xff; case 11:(cp)[10] = 0xff; case 10: (cp)[9] = 0xff;\ - case 9: (cp)[8] = 0xff; case 8: (cp)[7] = 0xff; case 7: (cp)[6] = 0xff;\ - case 6: (cp)[5] = 0xff; case 5: (cp)[4] = 0xff; case 4: (cp)[3] = 0xff;\ - case 3: (cp)[2] = 0xff; case 2: (cp)[1] = 0xff; \ - case 1: (cp)[0] = 0xff; (cp) += (n); case 0: ; \ + case 15:(cp)[14] = 0xff; /*-fallthrough*/ \ + case 14:(cp)[13] = 0xff; /*-fallthrough*/ \ + case 13:(cp)[12] = 0xff; /*-fallthrough*/ \ + case 12:(cp)[11] = 0xff; /*-fallthrough*/ \ + case 11:(cp)[10] = 0xff; /*-fallthrough*/ \ + case 10: (cp)[9] = 0xff; /*-fallthrough*/ \ + case 9: (cp)[8] = 0xff; /*-fallthrough*/ \ + case 8: (cp)[7] = 0xff; /*-fallthrough*/ \ + case 7: (cp)[6] = 0xff; /*-fallthrough*/ \ + case 6: (cp)[5] = 0xff; /*-fallthrough*/ \ + case 5: (cp)[4] = 0xff; /*-fallthrough*/ \ + case 4: (cp)[3] = 0xff; /*-fallthrough*/ \ + case 3: (cp)[2] = 0xff; /*-fallthrough*/ \ + case 2: (cp)[1] = 0xff; /*-fallthrough*/ \ + case 1: (cp)[0] = 0xff; (cp) += (n); /*-fallthrough*/ \ + case 0: ; \ } # define ZERO(n, cp) \ switch (n) { \ - case 15:(cp)[14] = 0; case 14:(cp)[13] = 0; case 13: (cp)[12] = 0; \ - case 12:(cp)[11] = 0; case 11:(cp)[10] = 0; case 10: (cp)[9] = 0; \ - case 9: (cp)[8] = 0; case 8: (cp)[7] = 0; case 7: (cp)[6] = 0; \ - case 6: (cp)[5] = 0; case 5: (cp)[4] = 0; case 4: (cp)[3] = 0; \ - case 3: (cp)[2] = 0; case 2: (cp)[1] = 0; \ - case 1: (cp)[0] = 0; (cp) += (n); case 0: ; \ + case 15:(cp)[14] = 0; /*-fallthrough*/ \ + case 14:(cp)[13] = 0; /*-fallthrough*/ \ + case 13:(cp)[12] = 0; /*-fallthrough*/ \ + case 12:(cp)[11] = 0; /*-fallthrough*/ \ + case 11:(cp)[10] = 0; /*-fallthrough*/ \ + case 10: (cp)[9] = 0; /*-fallthrough*/ \ + case 9: (cp)[8] = 0; /*-fallthrough*/ \ + case 8: (cp)[7] = 0; /*-fallthrough*/ \ + case 7: (cp)[6] = 0; /*-fallthrough*/ \ + case 6: (cp)[5] = 0; /*-fallthrough*/ \ + case 5: (cp)[4] = 0; /*-fallthrough*/ \ + case 4: (cp)[3] = 0; /*-fallthrough*/ \ + case 3: (cp)[2] = 0; /*-fallthrough*/ \ + case 2: (cp)[1] = 0; /*-fallthrough*/ \ + case 1: (cp)[0] = 0; (cp) += (n); /*-fallthrough*/ \ + case 0: ; \ } #else # define FILL(n, cp) \ switch (n) { \ - case 7: (cp)[6] = 0xff; case 6: (cp)[5] = 0xff; case 5: (cp)[4] = 0xff; \ - case 4: (cp)[3] = 0xff; case 3: (cp)[2] = 0xff; case 2: (cp)[1] = 0xff; \ - case 1: (cp)[0] = 0xff; (cp) += (n); case 0: ; \ + case 7: (cp)[6] = 0xff; /*-fallthrough*/ \ + case 6: (cp)[5] = 0xff; /*-fallthrough*/ \ + case 5: (cp)[4] = 0xff; /*-fallthrough*/ \ + case 4: (cp)[3] = 0xff; /*-fallthrough*/ \ + case 3: (cp)[2] = 0xff; /*-fallthrough*/ \ + case 2: (cp)[1] = 0xff; /*-fallthrough*/ \ + case 1: (cp)[0] = 0xff; (cp) += (n); /*-fallthrough*/ \ + case 0: ; \ } # define ZERO(n, cp) \ switch (n) { \ - case 7: (cp)[6] = 0; case 6: (cp)[5] = 0; case 5: (cp)[4] = 0; \ - case 4: (cp)[3] = 0; case 3: (cp)[2] = 0; case 2: (cp)[1] = 0; \ - case 1: (cp)[0] = 0; (cp) += (n); case 0: ; \ + case 7: (cp)[6] = 0; /*-fallthrough*/ \ + case 6: (cp)[5] = 0; /*-fallthrough*/ \ + case 5: (cp)[4] = 0; /*-fallthrough*/ \ + case 4: (cp)[3] = 0; /*-fallthrough*/ \ + case 3: (cp)[2] = 0; /*-fallthrough*/ \ + case 2: (cp)[1] = 0; /*-fallthrough*/ \ + case 1: (cp)[0] = 0; (cp) += (n); /*-fallthrough*/ \ + case 0: ; \ } #endif @@ -1013,7 +1043,11 @@ Fax3Encode2DRow(TIFF* tif, unsigned char* bp, unsigned char* rp, uint32 bits) for (;;) { b2 = finddiff2(rp, b1, bits, PIXEL(rp,b1)); if (b2 >= a1) { - int32 d = b1 - a1; + /* Naive computation triggers -fsanitize=undefined,unsigned-integer-overflow */ + /* although it is correct unless the difference between both is < 31 bit */ + /* int32 d = b1 - a1; */ + int32 d = (b1 >= a1 && b1 - a1 <= 3U) ? (int32)(b1 - a1): + (b1 < a1 && a1 - b1 <= 3U) ? -(int32)(a1 - b1) : 0x7FFFFFFF; if (!(-3 <= d && d <= 3)) { /* horizontal mode */ a2 = finddiff2(bp, a1, bits, PIXEL(bp,a1)); putcode(tif, &horizcode); @@ -1099,7 +1133,7 @@ Fax3PostEncode(TIFF* tif) static void Fax3Close(TIFF* tif) { - if ((Fax3State(tif)->mode & FAXMODE_NORTC) == 0) { + if ((Fax3State(tif)->mode & FAXMODE_NORTC) == 0 && tif->tif_rawcp) { Fax3CodecState* sp = EncoderState(tif); unsigned int code = EOL; unsigned int length = 12; @@ -1321,6 +1355,7 @@ InitCCITTFax3(TIFF* tif) "No space for state block"); return (0); } + _TIFFmemset(tif->tif_data, 0, sizeof (Fax3CodecState)); sp = Fax3State(tif); sp->rw_mode = tif->tif_mode; diff --git a/tiff/libtiff/tif_fax3.h b/tiff/libtiff/tif_fax3.h index e0b2ca6bf..8a435059c 100644 --- a/tiff/libtiff/tif_fax3.h +++ b/tiff/libtiff/tif_fax3.h @@ -1,4 +1,4 @@ -/* $Id: tif_fax3.h,v 1.11 2016-01-23 21:20:34 erouault Exp $ */ +/* $Id: tif_fax3.h,v 1.13 2016-12-14 18:36:27 faxguy Exp $ */ /* * Copyright (c) 1990-1997 Sam Leffler @@ -81,10 +81,12 @@ extern void _TIFFFax3fillruns(unsigned char*, uint32*, uint32*, uint32); #define S_MakeUp 11 #define S_EOL 12 +/* WARNING: do not change the layout of this structure as the HylaFAX software */ +/* really depends on it. See http://bugzilla.maptools.org/show_bug.cgi?id=2636 */ typedef struct { /* state table entry */ unsigned char State; /* see above */ unsigned char Width; /* width of code in bits */ - uint16 Param; /* unsigned 16-bit run length in bits */ + uint32 Param; /* unsigned 32-bit run length in bits (holds on 16 bit actually, but cannot be changed. See above warning) */ } TIFFFaxTabEnt; extern const TIFFFaxTabEnt TIFFFaxMainTable[]; diff --git a/tiff/libtiff/tif_getimage.c b/tiff/libtiff/tif_getimage.c index 0f5e932cd..fc554ccab 100644 --- a/tiff/libtiff/tif_getimage.c +++ b/tiff/libtiff/tif_getimage.c @@ -1,4 +1,4 @@ -/* $Id: tif_getimage.c,v 1.98 2016-11-18 02:47:45 bfriesen Exp $ */ +/* $Id: tif_getimage.c,v 1.114 2017-11-17 20:21:00 erouault Exp $ */ /* * Copyright (c) 1991-1997 Sam Leffler @@ -138,7 +138,7 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024]) /* * TODO: if at all meaningful and useful, make more complete * support check here, or better still, refactor to let supporting - * code decide whether there is support and what meaningfull + * code decide whether there is support and what meaningful * error to return */ break; @@ -283,6 +283,13 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int stop, char emsg[1024]) img->redcmap = NULL; img->greencmap = NULL; img->bluecmap = NULL; + img->Map = NULL; + img->BWmap = NULL; + img->PALmap = NULL; + img->ycbcr = NULL; + img->cielab = NULL; + img->UaToAa = NULL; + img->Bitdepth16To8 = NULL; img->req_orientation = ORIENTATION_BOTLEFT; /* It is the default */ img->tif = tif; @@ -409,7 +416,7 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int stop, char emsg[1024]) /* * TODO: if at all meaningful and useful, make more complete * support check here, or better still, refactor to let supporting - * code decide whether there is support and what meaningfull + * code decide whether there is support and what meaningful * error to return */ break; @@ -468,13 +475,6 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int stop, char emsg[1024]) photoTag, img->photometric); goto fail_return; } - img->Map = NULL; - img->BWmap = NULL; - img->PALmap = NULL; - img->ycbcr = NULL; - img->cielab = NULL; - img->UaToAa = NULL; - img->Bitdepth16To8 = NULL; TIFFGetField(tif, TIFFTAG_IMAGEWIDTH, &img->width); TIFFGetField(tif, TIFFTAG_IMAGELENGTH, &img->height); TIFFGetFieldDefaulted(tif, TIFFTAG_ORIENTATION, &img->orientation); @@ -494,10 +494,7 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int stop, char emsg[1024]) return 1; fail_return: - _TIFFfree( img->redcmap ); - _TIFFfree( img->greencmap ); - _TIFFfree( img->bluecmap ); - img->redcmap = img->greencmap = img->bluecmap = NULL; + TIFFRGBAImageEnd( img ); return 0; } @@ -629,7 +626,7 @@ gtTileContig(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h) uint32 col, row, y, rowstoread; tmsize_t pos; uint32 tw, th; - unsigned char* buf; + unsigned char* buf = NULL; int32 fromskew, toskew; uint32 nrow; int ret = 1, flip; @@ -637,13 +634,14 @@ gtTileContig(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h) int32 this_toskew, leftmost_toskew; int32 leftmost_fromskew; uint32 leftmost_tw; + tmsize_t bufsize; - buf = (unsigned char*) _TIFFmalloc(TIFFTileSize(tif)); - if (buf == 0) { - TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "%s", "No space for tile buffer"); - return (0); + bufsize = TIFFTileSize(tif); + if (bufsize == 0) { + TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "%s", "No space for tile buffer"); + return (0); } - _TIFFmemset(buf, 0, TIFFTileSize(tif)); + TIFFGetField(tif, TIFFTAG_TILEWIDTH, &tw); TIFFGetField(tif, TIFFTAG_TILELENGTH, &th); @@ -663,7 +661,7 @@ gtTileContig(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h) leftmost_fromskew = img->col_offset % tw; leftmost_tw = tw - leftmost_fromskew; leftmost_toskew = toskew + leftmost_fromskew; - for (row = 0; row < h; row += nrow) + for (row = 0; ret != 0 && row < h; row += nrow) { rowstoread = th - (row + img->row_offset) % th; nrow = (row + rowstoread > h ? h - row : rowstoread); @@ -674,8 +672,9 @@ gtTileContig(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h) col = img->col_offset; while (tocol < w) { - if (TIFFReadTile(tif, buf, col, - row+img->row_offset, 0, 0)==(tmsize_t)(-1) && img->stoponerr) + if (_TIFFReadTileAndAllocBuffer(tif, (void**) &buf, bufsize, col, + row+img->row_offset, 0, 0)==(tmsize_t)(-1) && + (buf == NULL || img->stoponerr)) { ret = 0; break; @@ -702,7 +701,7 @@ gtTileContig(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h) this_toskew = toskew; } - y += (flip & FLIP_VERTICALLY ? -(int32) nrow : (int32) nrow); + y += ((flip & FLIP_VERTICALLY) ? -(int32) nrow : (int32) nrow); } _TIFFfree(buf); @@ -740,11 +739,11 @@ gtTileSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h) uint32 col, row, y, rowstoread; tmsize_t pos; uint32 tw, th; - unsigned char* buf; - unsigned char* p0; - unsigned char* p1; - unsigned char* p2; - unsigned char* pa; + unsigned char* buf = NULL; + unsigned char* p0 = NULL; + unsigned char* p1 = NULL; + unsigned char* p2 = NULL; + unsigned char* pa = NULL; tmsize_t tilesize; tmsize_t bufsize; int32 fromskew, toskew; @@ -763,16 +762,7 @@ gtTileSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h) TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in %s", "gtTileSeparate"); return (0); } - buf = (unsigned char*) _TIFFmalloc(bufsize); - if (buf == 0) { - TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "%s", "No space for tile buffer"); - return (0); - } - _TIFFmemset(buf, 0, bufsize); - p0 = buf; - p1 = p0 + tilesize; - p2 = p1 + tilesize; - pa = (alpha?(p2+tilesize):NULL); + TIFFGetField(tif, TIFFTAG_TILEWIDTH, &tw); TIFFGetField(tif, TIFFTAG_TILELENGTH, &th); @@ -792,7 +782,6 @@ gtTileSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h) case PHOTOMETRIC_MINISBLACK: case PHOTOMETRIC_PALETTE: colorchannels = 1; - p2 = p1 = p0; break; default: @@ -806,7 +795,7 @@ gtTileSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h) leftmost_fromskew = img->col_offset % tw; leftmost_tw = tw - leftmost_fromskew; leftmost_toskew = toskew + leftmost_fromskew; - for (row = 0; row < h; row += nrow) + for (row = 0; ret != 0 && row < h; row += nrow) { rowstoread = th - (row + img->row_offset) % th; nrow = (row + rowstoread > h ? h - row : rowstoread); @@ -817,7 +806,30 @@ gtTileSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h) col = img->col_offset; while (tocol < w) { - if (TIFFReadTile(tif, p0, col, + if( buf == NULL ) + { + if (_TIFFReadTileAndAllocBuffer( + tif, (void**) &buf, bufsize, col, + row+img->row_offset,0,0)==(tmsize_t)(-1) + && (buf == NULL || img->stoponerr)) + { + ret = 0; + break; + } + p0 = buf; + if( colorchannels == 1 ) + { + p2 = p1 = p0; + pa = (alpha?(p0+3*tilesize):NULL); + } + else + { + p1 = p0 + tilesize; + p2 = p1 + tilesize; + pa = (alpha?(p2+tilesize):NULL); + } + } + else if (TIFFReadTile(tif, p0, col, row+img->row_offset,0,0)==(tmsize_t)(-1) && img->stoponerr) { ret = 0; @@ -871,7 +883,7 @@ gtTileSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h) this_toskew = toskew; } - y += (flip & FLIP_VERTICALLY ?-(int32) nrow : (int32) nrow); + y += ((flip & FLIP_VERTICALLY) ?-(int32) nrow : (int32) nrow); } if (flip & FLIP_HORIZONTALLY) { @@ -908,26 +920,22 @@ gtStripContig(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h) tileContigRoutine put = img->put.contig; uint32 row, y, nrow, nrowsub, rowstoread; tmsize_t pos; - unsigned char* buf; + unsigned char* buf = NULL; uint32 rowsperstrip; uint16 subsamplinghor,subsamplingver; uint32 imagewidth = img->width; tmsize_t scanline; int32 fromskew, toskew; int ret = 1, flip; + tmsize_t maxstripsize; TIFFGetFieldDefaulted(tif, TIFFTAG_YCBCRSUBSAMPLING, &subsamplinghor, &subsamplingver); if( subsamplingver == 0 ) { TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Invalid vertical YCbCr subsampling"); return (0); } - - buf = (unsigned char*) _TIFFmalloc(TIFFStripSize(tif)); - if (buf == 0) { - TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "No space for strip buffer"); - return (0); - } - _TIFFmemset(buf, 0, TIFFStripSize(tif)); + + maxstripsize = TIFFStripSize(tif); flip = setorientation(img); if (flip & FLIP_VERTICALLY) { @@ -949,11 +957,12 @@ gtStripContig(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h) nrowsub = nrow; if ((nrowsub%subsamplingver)!=0) nrowsub+=subsamplingver-nrowsub%subsamplingver; - if (TIFFReadEncodedStrip(tif, + if (_TIFFReadEncodedStripAndAllocBuffer(tif, TIFFComputeStrip(tif,row+img->row_offset, 0), - buf, + (void**)(&buf), + maxstripsize, ((row + img->row_offset)%rowsperstrip + nrowsub) * scanline)==(tmsize_t)(-1) - && img->stoponerr) + && (buf == NULL || img->stoponerr)) { ret = 0; break; @@ -962,7 +971,7 @@ gtStripContig(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h) pos = ((row + img->row_offset) % rowsperstrip) * scanline + \ ((tmsize_t) img->col_offset * img->samplesperpixel); (*put)(img, raster+y*w, 0, y, w, nrow, fromskew, toskew, buf + pos); - y += (flip & FLIP_VERTICALLY ? -(int32) nrow : (int32) nrow); + y += ((flip & FLIP_VERTICALLY) ? -(int32) nrow : (int32) nrow); } if (flip & FLIP_HORIZONTALLY) { @@ -997,8 +1006,8 @@ gtStripSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h) { TIFF* tif = img->tif; tileSeparateRoutine put = img->put.separate; - unsigned char *buf; - unsigned char *p0, *p1, *p2, *pa; + unsigned char *buf = NULL; + unsigned char *p0 = NULL, *p1 = NULL, *p2 = NULL, *pa = NULL; uint32 row, y, nrow, rowstoread; tmsize_t pos; tmsize_t scanline; @@ -1017,15 +1026,6 @@ gtStripSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h) TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in %s", "gtStripSeparate"); return (0); } - p0 = buf = (unsigned char *)_TIFFmalloc(bufsize); - if (buf == 0) { - TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "No space for tile buffer"); - return (0); - } - _TIFFmemset(buf, 0, bufsize); - p1 = p0 + stripsize; - p2 = p1 + stripsize; - pa = (alpha?(p2+stripsize):NULL); flip = setorientation(img); if (flip & FLIP_VERTICALLY) { @@ -1043,7 +1043,6 @@ gtStripSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h) case PHOTOMETRIC_MINISBLACK: case PHOTOMETRIC_PALETTE: colorchannels = 1; - p2 = p1 = p0; break; default: @@ -1059,7 +1058,31 @@ gtStripSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h) rowstoread = rowsperstrip - (row + img->row_offset) % rowsperstrip; nrow = (row + rowstoread > h ? h - row : rowstoread); offset_row = row + img->row_offset; - if (TIFFReadEncodedStrip(tif, TIFFComputeStrip(tif, offset_row, 0), + if( buf == NULL ) + { + if (_TIFFReadEncodedStripAndAllocBuffer( + tif, TIFFComputeStrip(tif, offset_row, 0), + (void**) &buf, bufsize, + ((row + img->row_offset)%rowsperstrip + nrow) * scanline)==(tmsize_t)(-1) + && (buf == NULL || img->stoponerr)) + { + ret = 0; + break; + } + p0 = buf; + if( colorchannels == 1 ) + { + p2 = p1 = p0; + pa = (alpha?(p0+3*stripsize):NULL); + } + else + { + p1 = p0 + stripsize; + p2 = p1 + stripsize; + pa = (alpha?(p2+stripsize):NULL); + } + } + else if (TIFFReadEncodedStrip(tif, TIFFComputeStrip(tif, offset_row, 0), p0, ((row + img->row_offset)%rowsperstrip + nrow) * scanline)==(tmsize_t)(-1) && img->stoponerr) { @@ -1097,7 +1120,7 @@ gtStripSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h) ((tmsize_t) img->col_offset * img->samplesperpixel); (*put)(img, raster+y*w, 0, y, w, nrow, fromskew, toskew, p0 + pos, p1 + pos, p2 + pos, (alpha?(pa+pos):NULL)); - y += (flip & FLIP_VERTICALLY ? -(int32) nrow : (int32) nrow); + y += ((flip & FLIP_VERTICALLY) ? -(int32) nrow : (int32) nrow); } if (flip & FLIP_HORIZONTALLY) { @@ -1136,11 +1159,15 @@ gtStripSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h) #define REPEAT2(op) op; op #define CASE8(x,op) \ switch (x) { \ - case 7: op; case 6: op; case 5: op; \ - case 4: op; case 3: op; case 2: op; \ + case 7: op; /*-fallthrough*/ \ + case 6: op; /*-fallthrough*/ \ + case 5: op; /*-fallthrough*/ \ + case 4: op; /*-fallthrough*/ \ + case 3: op; /*-fallthrough*/ \ + case 2: op; /*-fallthrough*/ \ case 1: op; \ } -#define CASE4(x,op) switch (x) { case 3: op; case 2: op; case 1: op; } +#define CASE4(x,op) switch (x) { case 3: op; /*-fallthrough*/ case 2: op; /*-fallthrough*/ case 1: op; } #define NOP #define UNROLL8(w, op1, op2) { \ @@ -1211,8 +1238,8 @@ DECLAREContigPutFunc(put8bitcmaptile) int samplesperpixel = img->samplesperpixel; (void) y; - while (h-- > 0) { - for (x = w; x-- > 0;) + for( ; h > 0; --h) { + for (x = w; x > 0; --x) { *cp++ = PALmap[*pp][0]; pp += samplesperpixel; @@ -1231,7 +1258,7 @@ DECLAREContigPutFunc(put4bitcmaptile) (void) x; (void) y; fromskew /= 2; - while (h-- > 0) { + for( ; h > 0; --h) { uint32* bw; UNROLL2(w, bw = PALmap[*pp++], *cp++ = *bw++); cp += toskew; @@ -1248,7 +1275,7 @@ DECLAREContigPutFunc(put2bitcmaptile) (void) x; (void) y; fromskew /= 4; - while (h-- > 0) { + for( ; h > 0; --h) { uint32* bw; UNROLL4(w, bw = PALmap[*pp++], *cp++ = *bw++); cp += toskew; @@ -1265,7 +1292,7 @@ DECLAREContigPutFunc(put1bitcmaptile) (void) x; (void) y; fromskew /= 8; - while (h-- > 0) { + for( ; h > 0; --h) { uint32* bw; UNROLL8(w, bw = PALmap[*pp++], *cp++ = *bw++); cp += toskew; @@ -1282,8 +1309,8 @@ DECLAREContigPutFunc(putgreytile) uint32** BWmap = img->BWmap; (void) y; - while (h-- > 0) { - for (x = w; x-- > 0;) + for( ; h > 0; --h) { + for (x = w; x > 0; --x) { *cp++ = BWmap[*pp][0]; pp += samplesperpixel; @@ -1302,10 +1329,10 @@ DECLAREContigPutFunc(putagreytile) uint32** BWmap = img->BWmap; (void) y; - while (h-- > 0) { - for (x = w; x-- > 0;) + for( ; h > 0; --h) { + for (x = w; x > 0; --x) { - *cp++ = BWmap[*pp][0] & (*(pp+1) << 24 | ~A1); + *cp++ = BWmap[*pp][0] & ((uint32)*(pp+1) << 24 | ~A1); pp += samplesperpixel; } cp += toskew; @@ -1322,10 +1349,10 @@ DECLAREContigPutFunc(put16bitbwtile) uint32** BWmap = img->BWmap; (void) y; - while (h-- > 0) { + for( ; h > 0; --h) { uint16 *wp = (uint16 *) pp; - for (x = w; x-- > 0;) + for (x = w; x > 0; --x) { /* use high order byte of 16bit value */ @@ -1347,7 +1374,7 @@ DECLAREContigPutFunc(put1bitbwtile) (void) x; (void) y; fromskew /= 8; - while (h-- > 0) { + for( ; h > 0; --h) { uint32* bw; UNROLL8(w, bw = BWmap[*pp++], *cp++ = *bw++); cp += toskew; @@ -1364,7 +1391,7 @@ DECLAREContigPutFunc(put2bitbwtile) (void) x; (void) y; fromskew /= 4; - while (h-- > 0) { + for( ; h > 0; --h) { uint32* bw; UNROLL4(w, bw = BWmap[*pp++], *cp++ = *bw++); cp += toskew; @@ -1381,7 +1408,7 @@ DECLAREContigPutFunc(put4bitbwtile) (void) x; (void) y; fromskew /= 2; - while (h-- > 0) { + for( ; h > 0; --h) { uint32* bw; UNROLL2(w, bw = BWmap[*pp++], *cp++ = *bw++); cp += toskew; @@ -1398,7 +1425,7 @@ DECLAREContigPutFunc(putRGBcontig8bittile) (void) x; (void) y; fromskew *= samplesperpixel; - while (h-- > 0) { + for( ; h > 0; --h) { UNROLL8(w, NOP, *cp++ = PACK(pp[0], pp[1], pp[2]); pp += samplesperpixel); @@ -1417,7 +1444,7 @@ DECLAREContigPutFunc(putRGBAAcontig8bittile) (void) x; (void) y; fromskew *= samplesperpixel; - while (h-- > 0) { + for( ; h > 0; --h) { UNROLL8(w, NOP, *cp++ = PACK4(pp[0], pp[1], pp[2], pp[3]); pp += samplesperpixel); @@ -1435,10 +1462,10 @@ DECLAREContigPutFunc(putRGBUAcontig8bittile) int samplesperpixel = img->samplesperpixel; (void) y; fromskew *= samplesperpixel; - while (h-- > 0) { + for( ; h > 0; --h) { uint32 r, g, b, a; uint8* m; - for (x = w; x-- > 0;) { + for (x = w; x > 0; --x) { a = pp[3]; m = img->UaToAa+((size_t) a<<8); r = m[pp[0]]; @@ -1461,8 +1488,8 @@ DECLAREContigPutFunc(putRGBcontig16bittile) uint16 *wp = (uint16 *)pp; (void) y; fromskew *= samplesperpixel; - while (h-- > 0) { - for (x = w; x-- > 0;) { + for( ; h > 0; --h) { + for (x = w; x > 0; --x) { *cp++ = PACK(img->Bitdepth16To8[wp[0]], img->Bitdepth16To8[wp[1]], img->Bitdepth16To8[wp[2]]); @@ -1483,8 +1510,8 @@ DECLAREContigPutFunc(putRGBAAcontig16bittile) uint16 *wp = (uint16 *)pp; (void) y; fromskew *= samplesperpixel; - while (h-- > 0) { - for (x = w; x-- > 0;) { + for( ; h > 0; --h) { + for (x = w; x > 0; --x) { *cp++ = PACK4(img->Bitdepth16To8[wp[0]], img->Bitdepth16To8[wp[1]], img->Bitdepth16To8[wp[2]], @@ -1506,10 +1533,10 @@ DECLAREContigPutFunc(putRGBUAcontig16bittile) uint16 *wp = (uint16 *)pp; (void) y; fromskew *= samplesperpixel; - while (h-- > 0) { + for( ; h > 0; --h) { uint32 r,g,b,a; uint8* m; - for (x = w; x-- > 0;) { + for (x = w; x > 0; --x) { a = img->Bitdepth16To8[wp[3]]; m = img->UaToAa+((size_t) a<<8); r = m[img->Bitdepth16To8[wp[0]]]; @@ -1535,7 +1562,7 @@ DECLAREContigPutFunc(putRGBcontig8bitCMYKtile) (void) x; (void) y; fromskew *= samplesperpixel; - while (h-- > 0) { + for( ; h > 0; --h) { UNROLL8(w, NOP, k = 255 - pp[3]; r = (k*(255-pp[0]))/255; @@ -1561,8 +1588,8 @@ DECLAREContigPutFunc(putRGBcontig8bitCMYKMaptile) (void) y; fromskew *= samplesperpixel; - while (h-- > 0) { - for (x = w; x-- > 0;) { + for( ; h > 0; --h) { + for (x = w; x > 0; --x) { k = 255 - pp[3]; r = (k*(255-pp[0]))/255; g = (k*(255-pp[1]))/255; @@ -1591,7 +1618,7 @@ static void name(\ DECLARESepPutFunc(putRGBseparate8bittile) { (void) img; (void) x; (void) y; (void) a; - while (h-- > 0) { + for( ; h > 0; --h) { UNROLL8(w, NOP, *cp++ = PACK(*r++, *g++, *b++)); SKEW(r, g, b, fromskew); cp += toskew; @@ -1604,7 +1631,7 @@ DECLARESepPutFunc(putRGBseparate8bittile) DECLARESepPutFunc(putRGBAAseparate8bittile) { (void) img; (void) x; (void) y; - while (h-- > 0) { + for( ; h > 0; --h) { UNROLL8(w, NOP, *cp++ = PACK4(*r++, *g++, *b++, *a++)); SKEW4(r, g, b, a, fromskew); cp += toskew; @@ -1617,9 +1644,9 @@ DECLARESepPutFunc(putRGBAAseparate8bittile) DECLARESepPutFunc(putCMYKseparate8bittile) { (void) img; (void) y; - while (h-- > 0) { + for( ; h > 0; --h) { uint32 rv, gv, bv, kv; - for (x = w; x-- > 0;) { + for (x = w; x > 0; --x) { kv = 255 - *a++; rv = (kv*(255-*r++))/255; gv = (kv*(255-*g++))/255; @@ -1637,10 +1664,10 @@ DECLARESepPutFunc(putCMYKseparate8bittile) DECLARESepPutFunc(putRGBUAseparate8bittile) { (void) img; (void) y; - while (h-- > 0) { + for( ; h > 0; --h) { uint32 rv, gv, bv, av; uint8* m; - for (x = w; x-- > 0;) { + for (x = w; x > 0; --x) { av = *a++; m = img->UaToAa+((size_t) av<<8); rv = m[*r++]; @@ -1662,7 +1689,7 @@ DECLARESepPutFunc(putRGBseparate16bittile) uint16 *wg = (uint16*) g; uint16 *wb = (uint16*) b; (void) img; (void) y; (void) a; - while (h-- > 0) { + for( ; h > 0; --h) { for (x = 0; x < w; x++) *cp++ = PACK(img->Bitdepth16To8[*wr++], img->Bitdepth16To8[*wg++], @@ -1682,7 +1709,7 @@ DECLARESepPutFunc(putRGBAAseparate16bittile) uint16 *wb = (uint16*) b; uint16 *wa = (uint16*) a; (void) img; (void) y; - while (h-- > 0) { + for( ; h > 0; --h) { for (x = 0; x < w; x++) *cp++ = PACK4(img->Bitdepth16To8[*wr++], img->Bitdepth16To8[*wg++], @@ -1703,10 +1730,10 @@ DECLARESepPutFunc(putRGBUAseparate16bittile) uint16 *wb = (uint16*) b; uint16 *wa = (uint16*) a; (void) img; (void) y; - while (h-- > 0) { + for( ; h > 0; --h) { uint32 r2,g2,b2,a2; uint8* m; - for (x = w; x-- > 0;) { + for (x = w; x > 0; --x) { a2 = img->Bitdepth16To8[*wa++]; m = img->UaToAa+((size_t) a2<<8); r2 = m[img->Bitdepth16To8[*wr++]]; @@ -1728,8 +1755,8 @@ DECLAREContigPutFunc(putcontig8bitCIELab) uint32 r, g, b; (void) y; fromskew *= 3; - while (h-- > 0) { - for (x = w; x-- > 0;) { + for( ; h > 0; --h) { + for (x = w; x > 0; --x) { TIFFCIELabToXYZ(img->cielab, (unsigned char)pp[0], (signed char)pp[1], @@ -1842,7 +1869,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr44tile) (void) y; /* adjust fromskew */ - fromskew = (fromskew * 18) / 4; + fromskew = (fromskew / 4) * (4*2+2); if ((h & 3) == 0 && (w & 3) == 0) { for (; h >= 4; h -= 4) { x = w>>2; @@ -1945,7 +1972,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr42tile) int32 incr = 2*toskew+w; (void) y; - fromskew = (fromskew * 10) / 4; + fromskew = (fromskew / 4) * (4*2+2); if ((w & 3) == 0 && (h & 1) == 0) { for (; h >= 2; h -= 2) { x = w>>2; @@ -2023,7 +2050,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr42tile) DECLAREContigPutFunc(putcontig8bitYCbCr41tile) { (void) y; - /* XXX adjust fromskew */ + fromskew = (fromskew / 4) * (4*1+2); do { x = w>>2; while(x>0) { @@ -2046,9 +2073,9 @@ DECLAREContigPutFunc(putcontig8bitYCbCr41tile) int32 Cr = pp[5]; switch( (w&3) ) { - case 3: YCbCrtoRGB(cp [2], pp[2]); - case 2: YCbCrtoRGB(cp [1], pp[1]); - case 1: YCbCrtoRGB(cp [0], pp[0]); + case 3: YCbCrtoRGB(cp [2], pp[2]); /*-fallthrough*/ + case 2: YCbCrtoRGB(cp [1], pp[1]); /*-fallthrough*/ + case 1: YCbCrtoRGB(cp [0], pp[0]); /*-fallthrough*/ case 0: break; } @@ -2070,7 +2097,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr22tile) uint32* cp2; int32 incr = 2*toskew+w; (void) y; - fromskew = (fromskew / 2) * 6; + fromskew = (fromskew / 2) * (2*2+2); cp2 = cp+w+toskew; while (h>=2) { x = w; @@ -2126,7 +2153,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr22tile) DECLAREContigPutFunc(putcontig8bitYCbCr21tile) { (void) y; - fromskew = (fromskew * 4) / 2; + fromskew = (fromskew / 2) * (2*1+2); do { x = w>>1; while(x>0) { @@ -2165,7 +2192,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr12tile) uint32* cp2; int32 incr = 2*toskew+w; (void) y; - fromskew = (fromskew / 2) * 4; + fromskew = (fromskew / 1) * (1 * 2 + 2); cp2 = cp+w+toskew; while (h>=2) { x = w; @@ -2201,7 +2228,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr12tile) DECLAREContigPutFunc(putcontig8bitYCbCr11tile) { (void) y; - fromskew *= 3; + fromskew = (fromskew / 1) * (1 * 1 + 2); do { x = w; /* was x = w>>1; patched 2000/09/25 warmerda@home.com */ do { @@ -2225,7 +2252,7 @@ DECLARESepPutFunc(putseparate8bitYCbCr11tile) (void) y; (void) a; /* TODO: naming of input vars is still off, change obfuscating declaration inside define, or resolve obfuscation */ - while (h-- > 0) { + for( ; h > 0; --h) { x = w; do { uint32 dr, dg, db; @@ -2238,6 +2265,11 @@ DECLARESepPutFunc(putseparate8bitYCbCr11tile) } #undef YCbCrtoRGB +static int isInRefBlackWhiteRange(float f) +{ + return f > (float)(-0x7FFFFFFF + 128) && f < (float)0x7FFFFFFF; +} + static int initYCbCrConversion(TIFFRGBAImage* img) { @@ -2262,6 +2294,31 @@ initYCbCrConversion(TIFFRGBAImage* img) TIFFGetFieldDefaulted(img->tif, TIFFTAG_YCBCRCOEFFICIENTS, &luma); TIFFGetFieldDefaulted(img->tif, TIFFTAG_REFERENCEBLACKWHITE, &refBlackWhite); + + /* Do some validation to avoid later issues. Detect NaN for now */ + /* and also if lumaGreen is zero since we divide by it later */ + if( luma[0] != luma[0] || + luma[1] != luma[1] || + luma[1] == 0.0 || + luma[2] != luma[2] ) + { + TIFFErrorExt(img->tif->tif_clientdata, module, + "Invalid values for YCbCrCoefficients tag"); + return (0); + } + + if( !isInRefBlackWhiteRange(refBlackWhite[0]) || + !isInRefBlackWhiteRange(refBlackWhite[1]) || + !isInRefBlackWhiteRange(refBlackWhite[2]) || + !isInRefBlackWhiteRange(refBlackWhite[3]) || + !isInRefBlackWhiteRange(refBlackWhite[4]) || + !isInRefBlackWhiteRange(refBlackWhite[5]) ) + { + TIFFErrorExt(img->tif->tif_clientdata, module, + "Invalid values for ReferenceBlackWhite tag"); + return (0); + } + if (TIFFYCbCrToRGBInit(img->ycbcr, luma, refBlackWhite) < 0) return(0); return (1); @@ -2275,6 +2332,13 @@ initCIELabConversion(TIFFRGBAImage* img) float *whitePoint; float refWhite[3]; + TIFFGetFieldDefaulted(img->tif, TIFFTAG_WHITEPOINT, &whitePoint); + if (whitePoint[1] == 0.0f ) { + TIFFErrorExt(img->tif->tif_clientdata, module, + "Invalid value for WhitePoint tag."); + return NULL; + } + if (!img->cielab) { img->cielab = (TIFFCIELabToRGB *) _TIFFmalloc(sizeof(TIFFCIELabToRGB)); @@ -2285,7 +2349,6 @@ initCIELabConversion(TIFFRGBAImage* img) } } - TIFFGetFieldDefaulted(img->tif, TIFFTAG_WHITEPOINT, &whitePoint); refWhite[1] = 100.0F; refWhite[0] = whitePoint[0] / whitePoint[1] * refWhite[1]; refWhite[2] = (1.0F - whitePoint[0] - whitePoint[1]) @@ -2816,6 +2879,13 @@ int TIFFReadRGBAStrip(TIFF* tif, uint32 row, uint32 * raster ) { + return TIFFReadRGBAStripExt(tif, row, raster, 0 ); +} + +int +TIFFReadRGBAStripExt(TIFF* tif, uint32 row, uint32 * raster, int stop_on_error) + +{ char emsg[1024] = ""; TIFFRGBAImage img; int ok; @@ -2836,7 +2906,7 @@ TIFFReadRGBAStrip(TIFF* tif, uint32 row, uint32 * raster ) return (0); } - if (TIFFRGBAImageOK(tif, emsg) && TIFFRGBAImageBegin(&img, tif, 0, emsg)) { + if (TIFFRGBAImageOK(tif, emsg) && TIFFRGBAImageBegin(&img, tif, stop_on_error, emsg)) { img.row_offset = row; img.col_offset = 0; @@ -2867,6 +2937,13 @@ int TIFFReadRGBATile(TIFF* tif, uint32 col, uint32 row, uint32 * raster) { + return TIFFReadRGBATileExt(tif, col, row, raster, 0 ); +} + + +int +TIFFReadRGBATileExt(TIFF* tif, uint32 col, uint32 row, uint32 * raster, int stop_on_error ) +{ char emsg[1024] = ""; TIFFRGBAImage img; int ok; @@ -2901,7 +2978,7 @@ TIFFReadRGBATile(TIFF* tif, uint32 col, uint32 row, uint32 * raster) */ if (!TIFFRGBAImageOK(tif, emsg) - || !TIFFRGBAImageBegin(&img, tif, 0, emsg)) { + || !TIFFRGBAImageBegin(&img, tif, stop_on_error, emsg)) { TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "%s", emsg); return( 0 ); } diff --git a/tiff/libtiff/tif_jbig.c b/tiff/libtiff/tif_jbig.c index 37878f6e7..7a14dd9ab 100644 --- a/tiff/libtiff/tif_jbig.c +++ b/tiff/libtiff/tif_jbig.c @@ -1,4 +1,4 @@ -/* $Id: tif_jbig.c,v 1.15 2010-03-10 18:56:48 bfriesen Exp $ */ +/* $Id: tif_jbig.c,v 1.16 2017-06-26 15:20:00 erouault Exp $ */ /* * Copyright (c) 1988-1997 Sam Leffler @@ -94,6 +94,7 @@ static int JBIGDecode(TIFF* tif, uint8* buffer, tmsize_t size, uint16 s) jbg_strerror(decodeStatus) #endif ); + jbg_dec_free(&decoder); return 0; } diff --git a/tiff/libtiff/tif_jpeg.c b/tiff/libtiff/tif_jpeg.c index 70b72d83c..0fbdb3548 100644 --- a/tiff/libtiff/tif_jpeg.c +++ b/tiff/libtiff/tif_jpeg.c @@ -1,4 +1,4 @@ -/* $Id: tif_jpeg.c,v 1.123 2016-01-23 21:20:34 erouault Exp $ */ +/* $Id: tif_jpeg.c,v 1.134 2017-10-17 19:04:47 erouault Exp $ */ /* * Copyright (c) 1994-1997 Sam Leffler @@ -27,6 +27,8 @@ #define WIN32_LEAN_AND_MEAN #define VC_EXTRALEAN +#include <stdlib.h> + #include "tiffiop.h" #ifdef JPEG_SUPPORT @@ -47,6 +49,7 @@ int TIFFFillStrip(TIFF* tif, uint32 strip); int TIFFFillTile(TIFF* tif, uint32 tile); int TIFFReInitJPEG_12( TIFF *tif, int scheme, int is_encode ); +int TIFFJPEGIsFullStripRequired_12(TIFF* tif); /* We undefine FAR to avoid conflict with JPEG definition */ @@ -145,6 +148,8 @@ typedef struct { jpeg_error_mgr err; /* libjpeg error manager */ JMP_BUF exit_jmpbuf; /* for catching libjpeg failures */ + + struct jpeg_progress_mgr progress; /* * The following two members could be a union, but * they're small enough that it's not worth the effort. @@ -175,6 +180,7 @@ typedef struct { int jpegtablesmode; /* What to put in JPEGTables */ int ycbcrsampling_fetched; + int max_allowed_scan_number; } JPEGState; #define JState(tif) ((JPEGState*)(tif)->tif_data) @@ -235,6 +241,33 @@ TIFFjpeg_output_message(j_common_ptr cinfo) TIFFWarningExt(((JPEGState *) cinfo)->tif->tif_clientdata, "JPEGLib", "%s", buffer); } +/* Avoid the risk of denial-of-service on crafted JPEGs with an insane */ +/* number of scans. */ +/* See http://www.libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf */ +static void +TIFFjpeg_progress_monitor(j_common_ptr cinfo) +{ + JPEGState *sp = (JPEGState *) cinfo; /* NB: cinfo assumed first */ + if (cinfo->is_decompressor) + { + const int scan_no = + ((j_decompress_ptr)cinfo)->input_scan_number; + if (scan_no >= sp->max_allowed_scan_number) + { + TIFFErrorExt(((JPEGState *) cinfo)->tif->tif_clientdata, + "TIFFjpeg_progress_monitor", + "Scan number %d exceeds maximum scans (%d). This limit " + "can be raised through the LIBTIFF_JPEG_MAX_ALLOWED_SCAN_NUMBER " + "environment variable.", + scan_no, sp->max_allowed_scan_number); + + jpeg_abort(cinfo); /* clean up libjpeg state */ + LONGJMP(sp->exit_jmpbuf, 1); /* return to libtiff caller */ + } + } +} + + /* * Interface routines. This layer of routines exists * primarily to limit side-effects from using setjmp. @@ -337,8 +370,23 @@ TIFFjpeg_read_header(JPEGState* sp, boolean require_image) } static int +TIFFjpeg_has_multiple_scans(JPEGState* sp) +{ + return CALLJPEG(sp, 0, jpeg_has_multiple_scans(&sp->cinfo.d)); +} + +static int TIFFjpeg_start_decompress(JPEGState* sp) { + const char* sz_max_allowed_scan_number; + /* progress monitor */ + sp->cinfo.d.progress = &sp->progress; + sp->progress.progress_monitor = TIFFjpeg_progress_monitor; + sp->max_allowed_scan_number = 100; + sz_max_allowed_scan_number = getenv("LIBTIFF_JPEG_MAX_ALLOWED_SCAN_NUMBER"); + if( sz_max_allowed_scan_number ) + sp->max_allowed_scan_number = atoi(sz_max_allowed_scan_number); + return CALLVJPEG(sp, jpeg_start_decompress(&sp->cinfo.d)); } @@ -589,9 +637,8 @@ std_term_source(j_decompress_ptr cinfo) } static void -TIFFjpeg_data_src(JPEGState* sp, TIFF* tif) +TIFFjpeg_data_src(JPEGState* sp) { - (void) tif; sp->cinfo.d.src = &sp->src; sp->src.init_source = std_init_source; sp->src.fill_input_buffer = std_fill_input_buffer; @@ -617,9 +664,9 @@ tables_init_source(j_decompress_ptr cinfo) } static void -TIFFjpeg_tables_src(JPEGState* sp, TIFF* tif) +TIFFjpeg_tables_src(JPEGState* sp) { - TIFFjpeg_data_src(sp, tif); + TIFFjpeg_data_src(sp); sp->src.init_source = tables_init_source; } @@ -697,9 +744,11 @@ static int JPEGFixupTags(TIFF* tif) { #ifdef CHECK_JPEG_YCBCR_SUBSAMPLING + JPEGState* sp = JState(tif); if ((tif->tif_dir.td_photometric==PHOTOMETRIC_YCBCR)&& (tif->tif_dir.td_planarconfig==PLANARCONFIG_CONTIG)&& - (tif->tif_dir.td_samplesperpixel==3)) + (tif->tif_dir.td_samplesperpixel==3) && + !sp->ycbcrsampling_fetched) JPEGFixupTagsSubsampling(tif); #endif @@ -974,7 +1023,7 @@ JPEGSetupDecode(TIFF* tif) /* Read JPEGTables if it is present */ if (TIFFFieldSet(tif,FIELD_JPEGTABLES)) { - TIFFjpeg_tables_src(sp, tif); + TIFFjpeg_tables_src(sp); if(TIFFjpeg_read_header(sp,FALSE) != JPEG_HEADER_TABLES_ONLY) { TIFFErrorExt(tif->tif_clientdata, "JPEGSetupDecode", "Bogus JPEGTables field"); return (0); @@ -996,11 +1045,47 @@ JPEGSetupDecode(TIFF* tif) } /* Set up for reading normal data */ - TIFFjpeg_data_src(sp, tif); + TIFFjpeg_data_src(sp); tif->tif_postdecode = _TIFFNoPostDecode; /* override byte swapping */ return (1); } +/* Returns 1 if the full strip should be read, even when doing scanline per */ +/* scanline decoding. This happens when the JPEG stream uses multiple scans. */ +/* Currently only called in CHUNKY_STRIP_READ_SUPPORT mode through */ +/* scanline interface. */ +/* Only reads tif->tif_dir.td_bitspersample, tif->tif_rawdata and */ +/* tif->tif_rawcc members. */ +/* Can be called independently of the usual setup/predecode/decode states */ +int TIFFJPEGIsFullStripRequired(TIFF* tif) +{ + int ret; + JPEGState state; + +#if defined(JPEG_DUAL_MODE_8_12) && !defined(TIFFJPEGIsFullStripRequired) + if( tif->tif_dir.td_bitspersample == 12 ) + return TIFFJPEGIsFullStripRequired_12( tif ); +#endif + + memset(&state, 0, sizeof(JPEGState)); + state.tif = tif; + + TIFFjpeg_create_decompress(&state); + + TIFFjpeg_data_src(&state); + + if (TIFFjpeg_read_header(&state, TRUE) != JPEG_HEADER_OK) + { + TIFFjpeg_destroy(&state); + return (0); + } + ret = TIFFjpeg_has_multiple_scans(&state); + + TIFFjpeg_destroy(&state); + + return ret; +} + /* * Set up for decoding a strip or tile. */ @@ -1041,13 +1126,13 @@ JPEGPreDecode(TIFF* tif, uint16 s) /* * Check image parameters and set decompression parameters. */ - segment_width = td->td_imagewidth; - segment_height = td->td_imagelength - tif->tif_row; if (isTiled(tif)) { segment_width = td->td_tilewidth; segment_height = td->td_tilelength; sp->bytesperline = TIFFTileRowSize(tif); } else { + segment_width = td->td_imagewidth; + segment_height = td->td_imagelength - tif->tif_row; if (segment_height > td->td_rowsperstrip) segment_height = td->td_rowsperstrip; sp->bytesperline = TIFFScanlineSize(tif); @@ -1068,9 +1153,23 @@ JPEGPreDecode(TIFF* tif, uint16 s) segment_width, segment_height, sp->cinfo.d.image_width, sp->cinfo.d.image_height); - } - if (sp->cinfo.d.image_width > segment_width || - sp->cinfo.d.image_height > segment_height) { + } + if( sp->cinfo.d.image_width == segment_width && + sp->cinfo.d.image_height > segment_height && + tif->tif_row + segment_height == td->td_imagelength && + !isTiled(tif) ) { + /* Some files have a last strip, that should be truncated, */ + /* but their JPEG codestream has still the maximum strip */ + /* height. Warn about this as this is non compliant, but */ + /* we can safely recover from that. */ + TIFFWarningExt(tif->tif_clientdata, module, + "JPEG strip size exceeds expected dimensions," + " expected %dx%d, got %dx%d", + segment_width, segment_height, + sp->cinfo.d.image_width, sp->cinfo.d.image_height); + } + else if (sp->cinfo.d.image_width > segment_width || + sp->cinfo.d.image_height > segment_height) { /* * This case could be dangerous, if the strip or tile size has * been reported as less than the amount of data jpeg will @@ -1103,6 +1202,47 @@ JPEGPreDecode(TIFF* tif, uint16 s) return (0); } #endif + + /* In some cases, libjpeg needs to allocate a lot of memory */ + /* http://www.libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf */ + if( TIFFjpeg_has_multiple_scans(sp) ) + { + /* In this case libjpeg will need to allocate memory or backing */ + /* store for all coefficients */ + /* See call to jinit_d_coef_controller() from master_selection() */ + /* in libjpeg */ + toff_t nRequiredMemory = (toff_t)sp->cinfo.d.image_width * + sp->cinfo.d.image_height * + sp->cinfo.d.num_components * + ((td->td_bitspersample+7)/8); + /* BLOCK_SMOOTHING_SUPPORTED is generally defined, so we need */ + /* to replicate the logic of jinit_d_coef_controller() */ + if( sp->cinfo.d.progressive_mode ) + nRequiredMemory *= 3; + +#ifndef TIFF_LIBJPEG_LARGEST_MEM_ALLOC +#define TIFF_LIBJPEG_LARGEST_MEM_ALLOC (100 * 1024 * 1024) +#endif + + if( nRequiredMemory > TIFF_LIBJPEG_LARGEST_MEM_ALLOC && + getenv("LIBTIFF_ALLOW_LARGE_LIBJPEG_MEM_ALLOC") == NULL ) + { + TIFFErrorExt(tif->tif_clientdata, module, + "Reading this strip would require libjpeg to allocate " + "at least %u bytes. " + "This is disabled since above the %u threshold. " + "You may override this restriction by defining the " + "LIBTIFF_ALLOW_LARGE_LIBJPEG_MEM_ALLOC environment variable, " + "or recompile libtiff by defining the " + "TIFF_LIBJPEG_LARGEST_MEM_ALLOC macro to a value greater " + "than %u", + (unsigned)nRequiredMemory, + (unsigned)TIFF_LIBJPEG_LARGEST_MEM_ALLOC, + (unsigned)TIFF_LIBJPEG_LARGEST_MEM_ALLOC); + return (0); + } + } + if (td->td_planarconfig == PLANARCONFIG_CONTIG) { /* Component 0 should have expected sampling factors */ if (sp->cinfo.d.comp_info[0].h_samp_factor != sp->h_sampling || @@ -1364,10 +1504,18 @@ JPEGDecodeRaw(TIFF* tif, uint8* buf, tmsize_t cc, uint16 s) { JPEGState *sp = JState(tif); tmsize_t nrows; + TIFFDirectory *td = &tif->tif_dir; (void) s; + nrows = sp->cinfo.d.image_height; + /* For last strip, limit number of rows to its truncated height */ + /* even if the codestream height is larger (which is not compliant, */ + /* but that we tolerate) */ + if( (uint32)nrows > td->td_imagelength - tif->tif_row && !isTiled(tif) ) + nrows = td->td_imagelength - tif->tif_row; + /* data is expected to be read in multiples of a scanline */ - if ( (nrows = sp->cinfo.d.image_height) != 0 ) { + if ( nrows != 0 ) { /* Cb,Cr both have sampling factors 1, so this is correct */ JDIMENSION clumps_per_line = sp->cinfo.d.comp_info[1].downsampled_width; @@ -1626,6 +1774,20 @@ JPEGSetupEncode(TIFF* tif) case PHOTOMETRIC_YCBCR: sp->h_sampling = td->td_ycbcrsubsampling[0]; sp->v_sampling = td->td_ycbcrsubsampling[1]; + if( sp->h_sampling == 0 || sp->v_sampling == 0 ) + { + TIFFErrorExt(tif->tif_clientdata, module, + "Invalig horizontal/vertical sampling value"); + return (0); + } + if( td->td_bitspersample > 16 ) + { + TIFFErrorExt(tif->tif_clientdata, module, + "BitsPerSample %d not allowed for JPEG", + td->td_bitspersample); + return (0); + } + /* * A ReferenceBlackWhite field *must* be present since the * default value is inappropriate for YCbCr. Fill in the @@ -2291,6 +2453,25 @@ static int JPEGInitializeLibJPEG( TIFF * tif, int decompress ) } else { if (!TIFFjpeg_create_compress(sp)) return (0); +#ifndef TIFF_JPEG_MAX_MEMORY_TO_USE +#define TIFF_JPEG_MAX_MEMORY_TO_USE (10 * 1024 * 1024) +#endif + /* libjpeg turbo 1.5.2 honours max_memory_to_use, but has no backing */ + /* store implementation, so better not set max_memory_to_use ourselves. */ + /* See https://github.com/libjpeg-turbo/libjpeg-turbo/issues/162 */ + if( sp->cinfo.c.mem->max_memory_to_use > 0 ) + { + /* This is to address bug related in ticket GDAL #1795. */ + if (getenv("JPEGMEM") == NULL) + { + /* Increase the max memory usable. This helps when creating files */ + /* with "big" tile, without using libjpeg temporary files. */ + /* For example a 512x512 tile with 3 bands */ + /* requires 1.5 MB which is above libjpeg 1MB default */ + if( sp->cinfo.c.mem->max_memory_to_use < TIFF_JPEG_MAX_MEMORY_TO_USE ) + sp->cinfo.c.mem->max_memory_to_use = TIFF_JPEG_MAX_MEMORY_TO_USE; + } + } } sp->cinfo_initialized = TRUE; diff --git a/tiff/libtiff/tif_jpeg_12.c b/tiff/libtiff/tif_jpeg_12.c index 8499e6498..b458c2589 100644 --- a/tiff/libtiff/tif_jpeg_12.c +++ b/tiff/libtiff/tif_jpeg_12.c @@ -4,6 +4,7 @@ #if defined(JPEG_DUAL_MODE_8_12) # define TIFFInitJPEG TIFFInitJPEG_12 +# define TIFFJPEGIsFullStripRequired TIFFJPEGIsFullStripRequired_12 int TIFFInitJPEG_12(TIFF* tif, int scheme); diff --git a/tiff/libtiff/tif_luv.c b/tiff/libtiff/tif_luv.c index ca08f30a7..4b25244bf 100644 --- a/tiff/libtiff/tif_luv.c +++ b/tiff/libtiff/tif_luv.c @@ -1,4 +1,4 @@ -/* $Id: tif_luv.c,v 1.43 2016-09-04 21:32:56 erouault Exp $ */ +/* $Id: tif_luv.c,v 1.49 2017-07-24 12:47:30 erouault Exp $ */ /* * Copyright (c) 1997 Greg Ward Larson @@ -158,6 +158,7 @@ typedef struct logLuvState LogLuvState; struct logLuvState { + int encoder_state; /* 1 if encoder correctly initialized */ int user_datafmt; /* user data format */ int encode_meth; /* encoding method */ int pixel_size; /* bytes per pixel */ @@ -472,7 +473,7 @@ LogL16Encode(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s) tif->tif_rawcp = op; tif->tif_rawcc = tif->tif_rawdatasize - occ; if (!TIFFFlushData1(tif)) - return (-1); + return (0); op = tif->tif_rawcp; occ = tif->tif_rawdatasize - tif->tif_rawcc; } @@ -504,7 +505,7 @@ LogL16Encode(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s) tif->tif_rawcp = op; tif->tif_rawcc = tif->tif_rawdatasize - occ; if (!TIFFFlushData1(tif)) - return (-1); + return (0); op = tif->tif_rawcp; occ = tif->tif_rawdatasize - tif->tif_rawcc; } @@ -564,7 +565,7 @@ LogLuvEncode24(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s) tif->tif_rawcp = op; tif->tif_rawcc = tif->tif_rawdatasize - occ; if (!TIFFFlushData1(tif)) - return (-1); + return (0); op = tif->tif_rawcp; occ = tif->tif_rawdatasize - tif->tif_rawcc; } @@ -623,7 +624,7 @@ LogLuvEncode32(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s) tif->tif_rawcp = op; tif->tif_rawcc = tif->tif_rawdatasize - occ; if (!TIFFFlushData1(tif)) - return (-1); + return (0); op = tif->tif_rawcp; occ = tif->tif_rawdatasize - tif->tif_rawcc; } @@ -655,7 +656,7 @@ LogLuvEncode32(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s) tif->tif_rawcp = op; tif->tif_rawcc = tif->tif_rawdatasize - occ; if (!TIFFFlushData1(tif)) - return (-1); + return (0); op = tif->tif_rawcp; occ = tif->tif_rawdatasize - tif->tif_rawcc; } @@ -1263,15 +1264,16 @@ LogL16GuessDataFmt(TIFFDirectory *td) return (SGILOGDATAFMT_UNKNOWN); } + +#define TIFF_SIZE_T_MAX ((size_t) ~ ((size_t)0)) +#define TIFF_TMSIZE_T_MAX (tmsize_t)(TIFF_SIZE_T_MAX >> 1) + static tmsize_t multiply_ms(tmsize_t m1, tmsize_t m2) { - tmsize_t bytes = m1 * m2; - - if (m1 && bytes / m1 != m2) - bytes = 0; - - return bytes; + if( m1 == 0 || m2 > TIFF_TMSIZE_T_MAX / m1 ) + return 0; + return m1 * m2; } static int @@ -1312,8 +1314,10 @@ LogL16InitState(TIFF* tif) } if( isTiled(tif) ) sp->tbuflen = multiply_ms(td->td_tilewidth, td->td_tilelength); - else + else if( td->td_rowsperstrip < td->td_imagelength ) sp->tbuflen = multiply_ms(td->td_imagewidth, td->td_rowsperstrip); + else + sp->tbuflen = multiply_ms(td->td_imagewidth, td->td_imagelength); if (multiply_ms(sp->tbuflen, sizeof (int16)) == 0 || (sp->tbuf = (uint8*) _TIFFmalloc(sp->tbuflen * sizeof (int16))) == NULL) { TIFFErrorExt(tif->tif_clientdata, module, "No space for SGILog translation buffer"); @@ -1412,8 +1416,10 @@ LogLuvInitState(TIFF* tif) } if( isTiled(tif) ) sp->tbuflen = multiply_ms(td->td_tilewidth, td->td_tilelength); - else + else if( td->td_rowsperstrip < td->td_imagelength ) sp->tbuflen = multiply_ms(td->td_imagewidth, td->td_rowsperstrip); + else + sp->tbuflen = multiply_ms(td->td_imagewidth, td->td_imagelength); if (multiply_ms(sp->tbuflen, sizeof (uint32)) == 0 || (sp->tbuf = (uint8*) _TIFFmalloc(sp->tbuflen * sizeof (uint32))) == NULL) { TIFFErrorExt(tif->tif_clientdata, module, "No space for SGILog translation buffer"); @@ -1552,6 +1558,7 @@ LogLuvSetupEncode(TIFF* tif) td->td_photometric, "must be either LogLUV or LogL"); break; } + sp->encoder_state = 1; return (1); notsupported: TIFFErrorExt(tif->tif_clientdata, module, @@ -1563,19 +1570,27 @@ notsupported: static void LogLuvClose(TIFF* tif) { + LogLuvState* sp = (LogLuvState*) tif->tif_data; TIFFDirectory *td = &tif->tif_dir; + assert(sp != 0); /* * For consistency, we always want to write out the same * bitspersample and sampleformat for our TIFF file, * regardless of the data format being used by the application. * Since this routine is called after tags have been set but * before they have been recorded in the file, we reset them here. + * Note: this is really a nasty approach. See PixarLogClose */ - td->td_samplesperpixel = - (td->td_photometric == PHOTOMETRIC_LOGL) ? 1 : 3; - td->td_bitspersample = 16; - td->td_sampleformat = SAMPLEFORMAT_INT; + if( sp->encoder_state ) + { + /* See PixarLogClose. Might avoid issues with tags whose size depends + * on those below, but not completely sure this is enough. */ + td->td_samplesperpixel = + (td->td_photometric == PHOTOMETRIC_LOGL) ? 1 : 3; + td->td_bitspersample = 16; + td->td_sampleformat = SAMPLEFORMAT_INT; + } } static void diff --git a/tiff/libtiff/tif_lzw.c b/tiff/libtiff/tif_lzw.c index 240e19c2e..bc8f9c84a 100644 --- a/tiff/libtiff/tif_lzw.c +++ b/tiff/libtiff/tif_lzw.c @@ -1,4 +1,4 @@ -/* $Id: tif_lzw.c,v 1.52 2016-09-04 21:32:56 erouault Exp $ */ +/* $Id: tif_lzw.c,v 1.57 2017-07-11 10:54:29 erouault Exp $ */ /* * Copyright (c) 1988-1997 Sam Leffler @@ -275,7 +275,8 @@ LZWPreDecode(TIFF* tif, uint16 s) /* * Check for old bit-reversed codes. */ - if (tif->tif_rawdata[0] == 0 && (tif->tif_rawdata[1] & 0x1)) { + if (tif->tif_rawcc >= 2 && + tif->tif_rawdata[0] == 0 && (tif->tif_rawdata[1] & 0x1)) { #ifdef LZW_COMPAT if (!sp->dec_decode) { TIFFWarningExt(tif->tif_clientdata, module, @@ -318,7 +319,7 @@ LZWPreDecode(TIFF* tif, uint16 s) sp->dec_restart = 0; sp->dec_nbitsmask = MAXCODE(BITS_MIN); #ifdef LZW_CHECKEOS - sp->dec_bitsleft = ((uint64)tif->tif_rawcc) << 3; + sp->dec_bitsleft = 0; #endif sp->dec_free_entp = sp->dec_codetab + CODE_FIRST; /* @@ -425,6 +426,9 @@ LZWDecode(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s) } bp = (unsigned char *)tif->tif_rawcp; +#ifdef LZW_CHECKEOS + sp->dec_bitsleft = (((uint64)tif->tif_rawcc) << 3); +#endif nbits = sp->lzw_nbits; nextdata = sp->lzw_nextdata; nextbits = sp->lzw_nextbits; @@ -549,6 +553,7 @@ LZWDecode(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s) } } + tif->tif_rawcc -= (tmsize_t)( (uint8*) bp - tif->tif_rawcp ); tif->tif_rawcp = (uint8*) bp; sp->lzw_nbits = (unsigned short) nbits; sp->lzw_nextdata = nextdata; @@ -651,6 +656,9 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s) } bp = (unsigned char *)tif->tif_rawcp; +#ifdef LZW_CHECKEOS + sp->dec_bitsleft = (((uint64)tif->tif_rawcc) << 3); +#endif nbits = sp->lzw_nbits; nextdata = sp->lzw_nextdata; nextbits = sp->lzw_nextbits; @@ -760,6 +768,7 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s) } } + tif->tif_rawcc -= (tmsize_t)( (uint8*) bp - tif->tif_rawcp ); tif->tif_rawcp = (uint8*) bp; sp->lzw_nbits = (unsigned short)nbits; sp->lzw_nextdata = nextdata; @@ -969,7 +978,8 @@ LZWEncode(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s) */ if (op > limit) { tif->tif_rawcc = (tmsize_t)(op - tif->tif_rawdata); - TIFFFlushData1(tif); + if( !TIFFFlushData1(tif) ) + return 0; op = tif->tif_rawdata; } PutNextCode(op, ent); @@ -1054,12 +1064,32 @@ LZWPostEncode(TIFF* tif) if (op > sp->enc_rawlimit) { tif->tif_rawcc = (tmsize_t)(op - tif->tif_rawdata); - TIFFFlushData1(tif); + if( !TIFFFlushData1(tif) ) + return 0; op = tif->tif_rawdata; } if (sp->enc_oldcode != (hcode_t) -1) { + int free_ent = sp->lzw_free_ent; + PutNextCode(op, sp->enc_oldcode); sp->enc_oldcode = (hcode_t) -1; + free_ent ++; + + if (free_ent == CODE_MAX-1) { + /* table is full, emit clear code and reset */ + outcount = 0; + PutNextCode(op, CODE_CLEAR); + nbits = BITS_MIN; + } else { + /* + * If the next entry is going to be too big for + * the code size, then increase it, if possible. + */ + if (free_ent > sp->lzw_maxcode) { + nbits++; + assert(nbits <= BITS_MAX); + } + } } PutNextCode(op, CODE_EOI); /* Explicit 0xff masking to make icc -check=conversions happy */ diff --git a/tiff/libtiff/tif_ojpeg.c b/tiff/libtiff/tif_ojpeg.c index 30a181263..92ed1fa19 100644 --- a/tiff/libtiff/tif_ojpeg.c +++ b/tiff/libtiff/tif_ojpeg.c @@ -1,4 +1,4 @@ -/* $Id: tif_ojpeg.c,v 1.65 2016-09-04 21:32:56 erouault Exp $ */ +/* $Id: tif_ojpeg.c,v 1.69 2017-04-27 17:29:26 erouault Exp $ */ /* WARNING: The type of JPEG encapsulation defined by the TIFF Version 6.0 specification is now totally obsolete and deprecated for new applications and @@ -244,6 +244,7 @@ typedef enum { typedef struct { TIFF* tif; + int decoder_ok; #ifndef LIBJPEG_ENCAP_EXTERNAL JMP_BUF exit_jmpbuf; #endif @@ -722,6 +723,7 @@ OJPEGPreDecode(TIFF* tif, uint16 s) } sp->write_curstrile++; } + sp->decoder_ok = 1; return(1); } @@ -784,8 +786,14 @@ OJPEGPreDecodeSkipScanlines(TIFF* tif) static int OJPEGDecode(TIFF* tif, uint8* buf, tmsize_t cc, uint16 s) { + static const char module[]="OJPEGDecode"; OJPEGState* sp=(OJPEGState*)tif->tif_data; (void)s; + if( !sp->decoder_ok ) + { + TIFFErrorExt(tif->tif_clientdata,module,"Cannot decode: decoder not correctly initialized"); + return 0; + } if (sp->libjpeg_jpeg_query_style==0) { if (OJPEGDecodeRaw(tif,buf,cc)==0) @@ -1782,7 +1790,12 @@ OJPEGReadHeaderInfoSecTablesQTable(TIFF* tif) TIFFSeekFile(tif,sp->qtable_offset[m],SEEK_SET); p=(uint32)TIFFReadFile(tif,&ob[sizeof(uint32)+5],64); if (p!=64) + { + _TIFFfree(ob); return(0); + } + if (sp->qtable[m]!=0) + _TIFFfree(sp->qtable[m]); sp->qtable[m]=ob; sp->sof_tq[m]=m; } @@ -1846,7 +1859,12 @@ OJPEGReadHeaderInfoSecTablesDcTable(TIFF* tif) rb[sizeof(uint32)+5+n]=o[n]; p=(uint32)TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q); if (p!=q) + { + _TIFFfree(rb); return(0); + } + if (sp->dctable[m]!=0) + _TIFFfree(sp->dctable[m]); sp->dctable[m]=rb; sp->sos_tda[m]=(m<<4); } @@ -1910,7 +1928,12 @@ OJPEGReadHeaderInfoSecTablesAcTable(TIFF* tif) rb[sizeof(uint32)+5+n]=o[n]; p=(uint32)TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q); if (p!=q) + { + _TIFFfree(rb); return(0); + } + if (sp->actable[m]!=0) + _TIFFfree(sp->actable[m]); sp->actable[m]=rb; sp->sos_tda[m]=(sp->sos_tda[m]|m); } diff --git a/tiff/libtiff/tif_open.c b/tiff/libtiff/tif_open.c index 5c9036e6b..a7279e1ea 100644 --- a/tiff/libtiff/tif_open.c +++ b/tiff/libtiff/tif_open.c @@ -1,4 +1,4 @@ -/* $Id: tif_open.c,v 1.47 2016-01-23 21:20:34 erouault Exp $ */ +/* $Id: tif_open.c,v 1.48 2016-11-20 22:29:47 erouault Exp $ */ /* * Copyright (c) 1988-1997 Sam Leffler @@ -279,10 +279,10 @@ TIFFClientOpen( * Setup header and write. */ #ifdef WORDS_BIGENDIAN - tif->tif_header.common.tiff_magic = tif->tif_flags & TIFF_SWAB + tif->tif_header.common.tiff_magic = (tif->tif_flags & TIFF_SWAB) ? TIFF_LITTLEENDIAN : TIFF_BIGENDIAN; #else - tif->tif_header.common.tiff_magic = tif->tif_flags & TIFF_SWAB + tif->tif_header.common.tiff_magic = (tif->tif_flags & TIFF_SWAB) ? TIFF_BIGENDIAN : TIFF_LITTLEENDIAN; #endif if (!(tif->tif_flags&TIFF_BIGTIFF)) diff --git a/tiff/libtiff/tif_packbits.c b/tiff/libtiff/tif_packbits.c index d2a0165de..18904b013 100644 --- a/tiff/libtiff/tif_packbits.c +++ b/tiff/libtiff/tif_packbits.c @@ -1,4 +1,4 @@ -/* $Id: tif_packbits.c,v 1.24 2016-09-04 21:32:56 erouault Exp $ */ +/* $Id: tif_packbits.c,v 1.26 2017-05-14 02:26:07 erouault Exp $ */ /* * Copyright (c) 1988-1997 Sam Leffler @@ -99,7 +99,7 @@ PackBitsEncode(TIFF* tif, uint8* buf, tmsize_t cc, uint16 s) slop = (long)(op - lastliteral); tif->tif_rawcc += (tmsize_t)(lastliteral - tif->tif_rawcp); if (!TIFFFlushData1(tif)) - return (-1); + return (0); op = tif->tif_rawcp; while (slop-- > 0) *op++ = *lastliteral++; @@ -107,7 +107,7 @@ PackBitsEncode(TIFF* tif, uint8* buf, tmsize_t cc, uint16 s) } else { tif->tif_rawcc += (tmsize_t)(op - tif->tif_rawcp); if (!TIFFFlushData1(tif)) - return (-1); + return (0); op = tif->tif_rawcp; } } @@ -244,6 +244,12 @@ PackBitsDecode(TIFF* tif, uint8* op, tmsize_t occ, uint16 s) (unsigned long) ((tmsize_t)n - occ)); n = (long)occ; } + if( cc == 0 ) + { + TIFFWarningExt(tif->tif_clientdata, module, + "Terminating PackBitsDecode due to lack of data."); + break; + } occ -= n; b = *bp++; cc--; diff --git a/tiff/libtiff/tif_pixarlog.c b/tiff/libtiff/tif_pixarlog.c index ef78b7066..0ae4f18b0 100644 --- a/tiff/libtiff/tif_pixarlog.c +++ b/tiff/libtiff/tif_pixarlog.c @@ -1,4 +1,4 @@ -/* $Id: tif_pixarlog.c,v 1.48 2016-09-23 22:12:18 erouault Exp $ */ +/* $Id: tif_pixarlog.c,v 1.54 2017-07-10 10:40:28 erouault Exp $ */ /* * Copyright (c) 1996-1997 Sam Leffler @@ -636,29 +636,27 @@ PixarLogGuessDataFmt(TIFFDirectory *td) return guess; } +#define TIFF_SIZE_T_MAX ((size_t) ~ ((size_t)0)) +#define TIFF_TMSIZE_T_MAX (tmsize_t)(TIFF_SIZE_T_MAX >> 1) + static tmsize_t multiply_ms(tmsize_t m1, tmsize_t m2) { - tmsize_t bytes = m1 * m2; - - if (m1 && bytes / m1 != m2) - bytes = 0; - - return bytes; + if( m1 == 0 || m2 > TIFF_TMSIZE_T_MAX / m1 ) + return 0; + return m1 * m2; } static tmsize_t add_ms(tmsize_t m1, tmsize_t m2) { - tmsize_t bytes = m1 + m2; - /* if either input is zero, assume overflow already occurred */ if (m1 == 0 || m2 == 0) - bytes = 0; - else if (bytes <= m1 || bytes <= m2) - bytes = 0; + return 0; + else if (m1 > TIFF_TMSIZE_T_MAX - m2) + return 0; - return bytes; + return m1 + m2; } static int @@ -675,9 +673,20 @@ PixarLogSetupDecode(TIFF* tif) TIFFDirectory *td = &tif->tif_dir; PixarLogState* sp = DecoderState(tif); tmsize_t tbuf_size; + uint32 strip_height; assert(sp != NULL); + /* This function can possibly be called several times by */ + /* PredictorSetupDecode() if this function succeeds but */ + /* PredictorSetup() fails */ + if( (sp->state & PLSTATE_INIT) != 0 ) + return 1; + + strip_height = td->td_rowsperstrip; + if( strip_height > td->td_imagelength ) + strip_height = td->td_imagelength; + /* Make sure no byte swapping happens on the data * after decompression. */ tif->tif_postdecode = _TIFFNoPostDecode; @@ -687,7 +696,7 @@ PixarLogSetupDecode(TIFF* tif) sp->stride = (td->td_planarconfig == PLANARCONFIG_CONTIG ? td->td_samplesperpixel : 1); tbuf_size = multiply_ms(multiply_ms(multiply_ms(sp->stride, td->td_imagewidth), - td->td_rowsperstrip), sizeof(uint16)); + strip_height), sizeof(uint16)); /* add one more stride in case input ends mid-stride */ tbuf_size = add_ms(tbuf_size, sizeof(uint16) * sp->stride); if (tbuf_size == 0) @@ -699,6 +708,9 @@ PixarLogSetupDecode(TIFF* tif) if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN) sp->user_datafmt = PixarLogGuessDataFmt(td); if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN) { + _TIFFfree(sp->tbuf); + sp->tbuf = NULL; + sp->tbuf_size = 0; TIFFErrorExt(tif->tif_clientdata, module, "PixarLog compression can't handle bits depth/data format combination (depth: %d)", td->td_bitspersample); @@ -706,6 +718,9 @@ PixarLogSetupDecode(TIFF* tif) } if (inflateInit(&sp->stream) != Z_OK) { + _TIFFfree(sp->tbuf); + sp->tbuf = NULL; + sp->tbuf_size = 0; TIFFErrorExt(tif->tif_clientdata, module, "%s", sp->stream.msg ? sp->stream.msg : "(null)"); return (0); } else { @@ -774,6 +789,10 @@ PixarLogDecode(TIFF* tif, uint8* op, tmsize_t occ, uint16 s) (void) s; assert(sp != NULL); + + sp->stream.next_in = tif->tif_rawcp; + sp->stream.avail_in = (uInt) tif->tif_rawcc; + sp->stream.next_out = (unsigned char *) sp->tbuf; assert(sizeof(sp->stream.avail_out)==4); /* if this assert gets raised, we need to simplify this code to reflect a ZLib that is likely updated @@ -819,6 +838,9 @@ PixarLogDecode(TIFF* tif, uint8* op, tmsize_t occ, uint16 s) return (0); } + tif->tif_rawcp = sp->stream.next_in; + tif->tif_rawcc = sp->stream.avail_in; + up = sp->tbuf; /* Swap bytes in the data if from a different endian machine. */ if (tif->tif_flags & TIFF_SWAB) @@ -1233,8 +1255,10 @@ PixarLogPostEncode(TIFF* tif) static void PixarLogClose(TIFF* tif) { + PixarLogState* sp = (PixarLogState*) tif->tif_data; TIFFDirectory *td = &tif->tif_dir; + assert(sp != 0); /* In a really sneaky (and really incorrect, and untruthful, and * troublesome, and error-prone) maneuver that completely goes against * the spirit of TIFF, and breaks TIFF, on close, we covertly @@ -1243,8 +1267,19 @@ PixarLogClose(TIFF* tif) * readers that don't know about PixarLog, or how to set * the PIXARLOGDATFMT pseudo-tag. */ - td->td_bitspersample = 8; - td->td_sampleformat = SAMPLEFORMAT_UINT; + + if (sp->state&PLSTATE_INIT) { + /* We test the state to avoid an issue such as in + * http://bugzilla.maptools.org/show_bug.cgi?id=2604 + * What appends in that case is that the bitspersample is 1 and + * a TransferFunction is set. The size of the TransferFunction + * depends on 1<<bitspersample. So if we increase it, an access + * out of the buffer will happen at directory flushing. + * Another option would be to clear those targs. + */ + td->td_bitspersample = 8; + td->td_sampleformat = SAMPLEFORMAT_UINT; + } } static void diff --git a/tiff/libtiff/tif_predict.c b/tiff/libtiff/tif_predict.c index 0b185d2e2..9ae1f57a6 100644 --- a/tiff/libtiff/tif_predict.c +++ b/tiff/libtiff/tif_predict.c @@ -1,4 +1,4 @@ -/* $Id: tif_predict.c,v 1.40 2016-11-04 09:19:13 erouault Exp $ */ +/* $Id: tif_predict.c,v 1.44 2017-06-18 10:31:50 erouault Exp $ */ /* * Copyright (c) 1988-1997 Sam Leffler @@ -117,6 +117,9 @@ PredictorSetupDecode(TIFF* tif) TIFFPredictorState* sp = PredictorState(tif); TIFFDirectory* td = &tif->tif_dir; + /* Note: when PredictorSetup() fails, the effets of setupdecode() */ + /* will not be "cancelled" so setupdecode() might be robust to */ + /* be called several times. */ if (!(*sp->setupdecode)(tif) || !PredictorSetup(tif)) return 0; @@ -259,11 +262,12 @@ PredictorSetupEncode(TIFF* tif) #define REPEAT4(n, op) \ switch (n) { \ - default: { tmsize_t i; for (i = n-4; i > 0; i--) { op; } } \ - case 4: op; \ - case 3: op; \ - case 2: op; \ - case 1: op; \ + default: { \ + tmsize_t i; for (i = n-4; i > 0; i--) { op; } } /*-fallthrough*/ \ + case 4: op; /*-fallthrough*/ \ + case 3: op; /*-fallthrough*/ \ + case 2: op; /*-fallthrough*/ \ + case 1: op; /*-fallthrough*/ \ case 0: ; \ } @@ -273,6 +277,7 @@ PredictorSetupEncode(TIFF* tif) /* - when storing into the byte stream, we explicitly mask with 0xff so */ /* as to make icc -check=conversions happy (not necessary by the standard) */ +TIFF_NOSANITIZE_UNSIGNED_INT_OVERFLOW static int horAcc8(TIFF* tif, uint8* cp0, tmsize_t cc) { @@ -340,6 +345,7 @@ swabHorAcc16(TIFF* tif, uint8* cp0, tmsize_t cc) return horAcc16(tif, cp0, cc); } +TIFF_NOSANITIZE_UNSIGNED_INT_OVERFLOW static int horAcc16(TIFF* tif, uint8* cp0, tmsize_t cc) { @@ -374,6 +380,7 @@ swabHorAcc32(TIFF* tif, uint8* cp0, tmsize_t cc) return horAcc32(tif, cp0, cc); } +TIFF_NOSANITIZE_UNSIGNED_INT_OVERFLOW static int horAcc32(TIFF* tif, uint8* cp0, tmsize_t cc) { @@ -499,6 +506,7 @@ PredictorDecodeTile(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s) return 0; } +TIFF_NOSANITIZE_UNSIGNED_INT_OVERFLOW static int horDiff8(TIFF* tif, uint8* cp0, tmsize_t cc) { @@ -552,6 +560,7 @@ horDiff8(TIFF* tif, uint8* cp0, tmsize_t cc) return 1; } +TIFF_NOSANITIZE_UNSIGNED_INT_OVERFLOW static int horDiff16(TIFF* tif, uint8* cp0, tmsize_t cc) { @@ -591,6 +600,7 @@ swabHorDiff16(TIFF* tif, uint8* cp0, tmsize_t cc) return 1; } +TIFF_NOSANITIZE_UNSIGNED_INT_OVERFLOW static int horDiff32(TIFF* tif, uint8* cp0, tmsize_t cc) { @@ -633,6 +643,7 @@ swabHorDiff32(TIFF* tif, uint8* cp0, tmsize_t cc) /* * Floating point predictor differencing routine. */ +TIFF_NOSANITIZE_UNSIGNED_INT_OVERFLOW static int fpDiff(TIFF* tif, uint8* cp0, tmsize_t cc) { @@ -797,7 +808,7 @@ PredictorPrintDir(TIFF* tif, FILE* fd, long flags) case 2: fprintf(fd, "horizontal differencing "); break; case 3: fprintf(fd, "floating point predictor "); break; } - fprintf(fd, "%u (0x%x)\n", sp->predictor, sp->predictor); + fprintf(fd, "%d (0x%x)\n", sp->predictor, sp->predictor); } if (sp->printdir) (*sp->printdir)(tif, fd, flags); diff --git a/tiff/libtiff/tif_print.c b/tiff/libtiff/tif_print.c index 186f2ee5c..24d4b98a6 100644 --- a/tiff/libtiff/tif_print.c +++ b/tiff/libtiff/tif_print.c @@ -1,4 +1,4 @@ -/* $Id: tif_print.c,v 1.64 2015-12-06 22:19:56 erouault Exp $ */ +/* $Id: tif_print.c,v 1.65 2016-11-20 22:31:22 erouault Exp $ */ /* * Copyright (c) 1988-1997 Sam Leffler @@ -262,7 +262,7 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags) if (td->td_subfiletype & FILETYPE_MASK) fprintf(fd, "%stransparency mask", sep); fprintf(fd, " (%lu = 0x%lx)\n", - (long) td->td_subfiletype, (long) td->td_subfiletype); + (unsigned long) td->td_subfiletype, (long) td->td_subfiletype); } if (TIFFFieldSet(tif,FIELD_IMAGEDIMENSIONS)) { fprintf(fd, " Image Width: %lu Image Length: %lu", @@ -521,7 +521,7 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags) fprintf(fd, "\n"); n = 1L<<td->td_bitspersample; for (l = 0; l < n; l++) - fprintf(fd, " %5lu: %5u %5u %5u\n", + fprintf(fd, " %5ld: %5u %5u %5u\n", l, td->td_colormap[0][l], td->td_colormap[1][l], @@ -544,7 +544,7 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags) n = 1L<<td->td_bitspersample; for (l = 0; l < n; l++) { uint16 i; - fprintf(fd, " %2lu: %5u", + fprintf(fd, " %2ld: %5u", l, td->td_transferfunction[0][l]); for (i = 1; i < td->td_samplesperpixel; i++) fprintf(fd, " %5u", @@ -661,7 +661,7 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags) uint32 s; fprintf(fd, " %lu %s:\n", - (long) td->td_nstrips, + (unsigned long) td->td_nstrips, isTiled(tif) ? "Tiles" : "Strips"); for (s = 0; s < td->td_nstrips; s++) #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) diff --git a/tiff/libtiff/tif_read.c b/tiff/libtiff/tif_read.c index 80035929f..2ba985a74 100644 --- a/tiff/libtiff/tif_read.c +++ b/tiff/libtiff/tif_read.c @@ -1,4 +1,4 @@ -/* $Id: tif_read.c,v 1.49 2016-07-10 18:00:21 erouault Exp $ */ +/* $Id: tif_read.c,v 1.66 2017-11-17 20:21:00 erouault Exp $ */ /* * Copyright (c) 1988-1997 Sam Leffler @@ -47,6 +47,121 @@ TIFFReadRawTile1(TIFF* tif, uint32 tile, void* buf, tmsize_t size, const char* m #define NOSTRIP ((uint32)(-1)) /* undefined state */ #define NOTILE ((uint32)(-1)) /* undefined state */ +#define INITIAL_THRESHOLD (1024 * 1024) +#define THRESHOLD_MULTIPLIER 10 +#define MAX_THRESHOLD (THRESHOLD_MULTIPLIER * THRESHOLD_MULTIPLIER * THRESHOLD_MULTIPLIER * INITIAL_THRESHOLD) + +/* Read 'size' bytes in tif_rawdata buffer starting at offset 'rawdata_offset' + * Returns 1 in case of success, 0 otherwise. */ +static int TIFFReadAndRealloc( TIFF* tif, tmsize_t size, + tmsize_t rawdata_offset, + int is_strip, uint32 strip_or_tile, + const char* module ) +{ +#if SIZEOF_VOIDP == 8 || SIZEOF_SIZE_T == 8 + tmsize_t threshold = INITIAL_THRESHOLD; +#endif + tmsize_t already_read = 0; + + /* On 64 bit processes, read first a maximum of 1 MB, then 10 MB, etc */ + /* so as to avoid allocating too much memory in case the file is too */ + /* short. We could ask for the file size, but this might be */ + /* expensive with some I/O layers (think of reading a gzipped file) */ + /* Restrict to 64 bit processes, so as to avoid reallocs() */ + /* on 32 bit processes where virtual memory is scarce. */ + while( already_read < size ) + { + tmsize_t bytes_read; + tmsize_t to_read = size - already_read; +#if SIZEOF_VOIDP == 8 || SIZEOF_SIZE_T == 8 + if( to_read >= threshold && threshold < MAX_THRESHOLD && + already_read + to_read + rawdata_offset > tif->tif_rawdatasize ) + { + to_read = threshold; + threshold *= THRESHOLD_MULTIPLIER; + } +#endif + if (already_read + to_read + rawdata_offset > tif->tif_rawdatasize) { + uint8* new_rawdata; + assert((tif->tif_flags & TIFF_MYBUFFER) != 0); + tif->tif_rawdatasize = (tmsize_t)TIFFroundup_64( + (uint64)already_read + to_read + rawdata_offset, 1024); + if (tif->tif_rawdatasize==0) { + TIFFErrorExt(tif->tif_clientdata, module, + "Invalid buffer size"); + return 0; + } + new_rawdata = (uint8*) _TIFFrealloc( + tif->tif_rawdata, tif->tif_rawdatasize); + if( new_rawdata == 0 ) + { + TIFFErrorExt(tif->tif_clientdata, module, + "No space for data buffer at scanline %lu", + (unsigned long) tif->tif_row); + _TIFFfree(tif->tif_rawdata); + tif->tif_rawdata = 0; + tif->tif_rawdatasize = 0; + return 0; + } + tif->tif_rawdata = new_rawdata; + } + + bytes_read = TIFFReadFile(tif, + tif->tif_rawdata + rawdata_offset + already_read, to_read); + already_read += bytes_read; + if (bytes_read != to_read) { + memset( tif->tif_rawdata + rawdata_offset + already_read, 0, + tif->tif_rawdatasize - rawdata_offset - already_read ); +#if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) + if( is_strip ) + { + TIFFErrorExt(tif->tif_clientdata, module, + "Read error at scanline %lu; got %I64u bytes, " + "expected %I64u", + (unsigned long) tif->tif_row, + (unsigned __int64) already_read, + (unsigned __int64) size); + } + else + { + TIFFErrorExt(tif->tif_clientdata, module, + "Read error at row %lu, col %lu, tile %lu; " + "got %I64u bytes, expected %I64u", + (unsigned long) tif->tif_row, + (unsigned long) tif->tif_col, + (unsigned long) strip_or_tile, + (unsigned __int64) already_read, + (unsigned __int64) size); + } +#else + if( is_strip ) + { + TIFFErrorExt(tif->tif_clientdata, module, + "Read error at scanline %lu; got %llu bytes, " + "expected %llu", + (unsigned long) tif->tif_row, + (unsigned long long) already_read, + (unsigned long long) size); + } + else + { + TIFFErrorExt(tif->tif_clientdata, module, + "Read error at row %lu, col %lu, tile %lu; " + "got %llu bytes, expected %llu", + (unsigned long) tif->tif_row, + (unsigned long) tif->tif_col, + (unsigned long) strip_or_tile, + (unsigned long long) already_read, + (unsigned long long) size); + } +#endif + return 0; + } + } + return 1; +} + + static int TIFFFillStripPartial( TIFF *tif, int strip, tmsize_t read_ahead, int restart ) { @@ -54,7 +169,8 @@ TIFFFillStripPartial( TIFF *tif, int strip, tmsize_t read_ahead, int restart ) register TIFFDirectory *td = &tif->tif_dir; tmsize_t unused_data; uint64 read_offset; - tmsize_t cc, to_read; + tmsize_t to_read; + tmsize_t read_ahead_mod; /* tmsize_t bytecountm; */ if (!_TIFFFillStriles( tif ) || !tif->tif_dir.td_stripbytecount) @@ -67,7 +183,14 @@ TIFFFillStripPartial( TIFF *tif, int strip, tmsize_t read_ahead, int restart ) */ /* bytecountm=(tmsize_t) td->td_stripbytecount[strip]; */ - if (read_ahead*2 > tif->tif_rawdatasize) { + + /* Not completely sure where the * 2 comes from, but probably for */ + /* an exponentional growth strategy of tif_rawdatasize */ + if( read_ahead < TIFF_TMSIZE_T_MAX / 2 ) + read_ahead_mod = read_ahead * 2; + else + read_ahead_mod = read_ahead; + if (read_ahead_mod > tif->tif_rawdatasize) { assert( restart ); tif->tif_curstrip = NOSTRIP; @@ -77,8 +200,6 @@ TIFFFillStripPartial( TIFF *tif, int strip, tmsize_t read_ahead, int restart ) (unsigned long) strip); return (0); } - if (!TIFFReadBufferSetup(tif, 0, read_ahead*2)) - return (0); } if( restart ) @@ -118,7 +239,10 @@ TIFFFillStripPartial( TIFF *tif, int strip, tmsize_t read_ahead, int restart ) /* ** How much do we want to read? */ - to_read = tif->tif_rawdatasize - unused_data; + if( read_ahead_mod > tif->tif_rawdatasize ) + to_read = read_ahead_mod - unused_data; + else + to_read = tif->tif_rawdatasize - unused_data; if( (uint64) to_read > td->td_stripbytecount[strip] - tif->tif_rawdataoff - tif->tif_rawdataloaded ) { @@ -127,28 +251,18 @@ TIFFFillStripPartial( TIFF *tif, int strip, tmsize_t read_ahead, int restart ) } assert((tif->tif_flags&TIFF_BUFFERMMAP)==0); - cc = TIFFReadFile(tif, tif->tif_rawdata + unused_data, to_read); - - if (cc != to_read) { -#if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) - TIFFErrorExt(tif->tif_clientdata, module, - "Read error at scanline %lu; got %I64u bytes, expected %I64u", - (unsigned long) tif->tif_row, - (unsigned __int64) cc, - (unsigned __int64) to_read); -#else - TIFFErrorExt(tif->tif_clientdata, module, - "Read error at scanline %lu; got %llu bytes, expected %llu", - (unsigned long) tif->tif_row, - (unsigned long long) cc, - (unsigned long long) to_read); -#endif + if( !TIFFReadAndRealloc( tif, to_read, unused_data, + 1, /* is_strip */ + 0, /* strip_or_tile */ + module) ) + { return 0; } - + tif->tif_rawdataoff = tif->tif_rawdataoff + tif->tif_rawdataloaded - unused_data ; tif->tif_rawdataloaded = unused_data + to_read; + tif->tif_rawcc = tif->tif_rawdataloaded; tif->tif_rawcp = tif->tif_rawdata; if (!isFillOrder(tif, td->td_fillorder) && @@ -162,9 +276,30 @@ TIFFFillStripPartial( TIFF *tif, int strip, tmsize_t read_ahead, int restart ) ** restart the decoder. */ if( restart ) - return TIFFStartStrip(tif, strip); + { + +#ifdef JPEG_SUPPORT + /* A bit messy since breaks the codec abstraction. Ultimately */ + /* there should be a function pointer for that, but it seems */ + /* only JPEG is affected. */ + /* For JPEG, if there are multiple scans (can generally be known */ + /* with the read_ahead used), we need to read the whole strip */ + if( tif->tif_dir.td_compression==COMPRESSION_JPEG && + (uint64)tif->tif_rawcc < td->td_stripbytecount[strip] ) + { + if( TIFFJPEGIsFullStripRequired(tif) ) + { + return TIFFFillStrip(tif, strip); + } + } +#endif + + return TIFFStartStrip(tif, strip); + } else + { return 1; + } } /* @@ -219,7 +354,18 @@ TIFFSeek(TIFF* tif, uint32 row, uint16 sample ) if( !whole_strip ) { - read_ahead = tif->tif_scanlinesize * 16 + 5000; + /* 16 is for YCbCr mode where we may need to read 16 */ + /* lines at a time to get a decompressed line, and 5000 */ + /* is some constant value, for example for JPEG tables */ + if( tif->tif_scanlinesize < TIFF_TMSIZE_T_MAX / 16 && + tif->tif_scanlinesize * 16 < TIFF_TMSIZE_T_MAX - 5000 ) + { + read_ahead = tif->tif_scanlinesize * 16 + 5000; + } + else + { + read_ahead = tif->tif_scanlinesize; + } } /* @@ -315,18 +461,17 @@ TIFFReadScanline(TIFF* tif, void* buf, uint32 row, uint16 sample) } /* - * Read a strip of data and decompress the specified - * amount into the user-supplied buffer. + * Calculate the strip size according to the number of + * rows in the strip (check for truncated last strip on any + * of the separations). */ -tmsize_t -TIFFReadEncodedStrip(TIFF* tif, uint32 strip, void* buf, tmsize_t size) +static tmsize_t TIFFReadEncodedStripGetStripSize(TIFF* tif, uint32 strip, uint16* pplane) { static const char module[] = "TIFFReadEncodedStrip"; TIFFDirectory *td = &tif->tif_dir; uint32 rowsperstrip; uint32 stripsperplane; uint32 stripinplane; - uint16 plane; uint32 rows; tmsize_t stripsize; if (!TIFFCheckRead(tif,0)) @@ -338,23 +483,37 @@ TIFFReadEncodedStrip(TIFF* tif, uint32 strip, void* buf, tmsize_t size) (unsigned long)td->td_nstrips); return((tmsize_t)(-1)); } - /* - * Calculate the strip size according to the number of - * rows in the strip (check for truncated last strip on any - * of the separations). - */ + rowsperstrip=td->td_rowsperstrip; if (rowsperstrip>td->td_imagelength) rowsperstrip=td->td_imagelength; - stripsperplane=((td->td_imagelength+rowsperstrip-1)/rowsperstrip); + stripsperplane= TIFFhowmany_32_maxuint_compat(td->td_imagelength, rowsperstrip); stripinplane=(strip%stripsperplane); - plane=(uint16)(strip/stripsperplane); + if( pplane ) *pplane=(uint16)(strip/stripsperplane); rows=td->td_imagelength-stripinplane*rowsperstrip; if (rows>rowsperstrip) rows=rowsperstrip; stripsize=TIFFVStripSize(tif,rows); if (stripsize==0) return((tmsize_t)(-1)); + return stripsize; +} + +/* + * Read a strip of data and decompress the specified + * amount into the user-supplied buffer. + */ +tmsize_t +TIFFReadEncodedStrip(TIFF* tif, uint32 strip, void* buf, tmsize_t size) +{ + static const char module[] = "TIFFReadEncodedStrip"; + TIFFDirectory *td = &tif->tif_dir; + tmsize_t stripsize; + uint16 plane; + + stripsize=TIFFReadEncodedStripGetStripSize(tif, strip, &plane); + if (stripsize==((tmsize_t)(-1))) + return((tmsize_t)(-1)); /* shortcut to avoid an extra memcpy() */ if( td->td_compression == COMPRESSION_NONE && @@ -383,6 +542,49 @@ TIFFReadEncodedStrip(TIFF* tif, uint32 strip, void* buf, tmsize_t size) return(stripsize); } +/* Variant of TIFFReadEncodedStrip() that does + * * if *buf == NULL, *buf = _TIFFmalloc(bufsizetoalloc) only after TIFFFillStrip() has + * succeeded. This avoid excessive memory allocation in case of truncated + * file. + * * calls regular TIFFReadEncodedStrip() if *buf != NULL + */ +tmsize_t +_TIFFReadEncodedStripAndAllocBuffer(TIFF* tif, uint32 strip, + void **buf, tmsize_t bufsizetoalloc, + tmsize_t size_to_read) +{ + tmsize_t this_stripsize; + uint16 plane; + + if( *buf != NULL ) + { + return TIFFReadEncodedStrip(tif, strip, *buf, size_to_read); + } + + this_stripsize=TIFFReadEncodedStripGetStripSize(tif, strip, &plane); + if (this_stripsize==((tmsize_t)(-1))) + return((tmsize_t)(-1)); + + if ((size_to_read!=(tmsize_t)(-1))&&(size_to_read<this_stripsize)) + this_stripsize=size_to_read; + if (!TIFFFillStrip(tif,strip)) + return((tmsize_t)(-1)); + + *buf = _TIFFmalloc(bufsizetoalloc); + if (*buf == NULL) { + TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "No space for strip buffer"); + return((tmsize_t)(-1)); + } + _TIFFmemset(*buf, 0, bufsizetoalloc); + + if ((*tif->tif_decodestrip)(tif,*buf,this_stripsize,plane)<=0) + return((tmsize_t)(-1)); + (*tif->tif_postdecode)(tif,*buf,this_stripsize); + return(this_stripsize); + + +} + static tmsize_t TIFFReadRawStrip1(TIFF* tif, uint32 strip, void* buf, tmsize_t size, const char* module) @@ -420,16 +622,25 @@ TIFFReadRawStrip1(TIFF* tif, uint32 strip, void* buf, tmsize_t size, return ((tmsize_t)(-1)); } } else { - tmsize_t ma,mb; + tmsize_t ma = 0; tmsize_t n; - ma=(tmsize_t)td->td_stripoffset[strip]; - mb=ma+size; - if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)||(ma>tif->tif_size)) - n=0; - else if ((mb<ma)||(mb<size)||(mb>tif->tif_size)) - n=tif->tif_size-ma; - else - n=size; + if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)|| + ((ma=(tmsize_t)td->td_stripoffset[strip])>tif->tif_size)) + { + n=0; + } + else if( ma > TIFF_TMSIZE_T_MAX - size ) + { + n=0; + } + else + { + tmsize_t mb=ma+size; + if (mb>tif->tif_size) + n=tif->tif_size-ma; + else + n=size; + } if (n!=size) { #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) TIFFErrorExt(tif->tif_clientdata, module, @@ -454,6 +665,43 @@ TIFFReadRawStrip1(TIFF* tif, uint32 strip, void* buf, tmsize_t size, return (size); } +static tmsize_t +TIFFReadRawStripOrTile2(TIFF* tif, uint32 strip_or_tile, int is_strip, + tmsize_t size, const char* module) +{ + TIFFDirectory *td = &tif->tif_dir; + + assert( !isMapped(tif) ); + assert((tif->tif_flags&TIFF_NOREADRAW)==0); + + if (!SeekOK(tif, td->td_stripoffset[strip_or_tile])) { + if( is_strip ) + { + TIFFErrorExt(tif->tif_clientdata, module, + "Seek error at scanline %lu, strip %lu", + (unsigned long) tif->tif_row, + (unsigned long) strip_or_tile); + } + else + { + TIFFErrorExt(tif->tif_clientdata, module, + "Seek error at row %lu, col %lu, tile %lu", + (unsigned long) tif->tif_row, + (unsigned long) tif->tif_col, + (unsigned long) strip_or_tile); + } + return ((tmsize_t)(-1)); + } + + if( !TIFFReadAndRealloc( tif, size, 0, is_strip, + strip_or_tile, module ) ) + { + return ((tmsize_t)(-1)); + } + + return (size); +} + /* * Read a strip of data from the file. */ @@ -535,26 +783,40 @@ TIFFFillStrip(TIFF* tif, uint32 strip) #endif return (0); } - if (isMapped(tif) && - (isFillOrder(tif, td->td_fillorder) - || (tif->tif_flags & TIFF_NOBITREV))) { - /* - * The image is mapped into memory and we either don't - * need to flip bits or the compression routine is - * going to handle this operation itself. In this - * case, avoid copying the raw data and instead just - * reference the data from the memory mapped file - * image. This assumes that the decompression - * routines do not modify the contents of the raw data - * buffer (if they try to, the application will get a - * fault since the file is mapped read-only). - */ - if ((tif->tif_flags & TIFF_MYBUFFER) && tif->tif_rawdata) { - _TIFFfree(tif->tif_rawdata); - tif->tif_rawdata = NULL; - tif->tif_rawdatasize = 0; + + /* To avoid excessive memory allocations: */ + /* Byte count should normally not be larger than a number of */ + /* times the uncompressed size plus some margin */ + if( bytecount > 1024 * 1024 ) + { + /* 10 and 4096 are just values that could be adjusted. */ + /* Hopefully they are safe enough for all codecs */ + tmsize_t stripsize = TIFFStripSize(tif); + if( stripsize != 0 && + (bytecount - 4096) / 10 > (uint64)stripsize ) + { + uint64 newbytecount = (uint64)stripsize * 10 + 4096; + if( (int64)newbytecount >= 0 ) + { +#if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) + TIFFWarningExt(tif->tif_clientdata, module, + "Too large strip byte count %I64u, strip %lu. Limiting to %I64u", + (unsigned __int64) bytecount, + (unsigned long) strip, + (unsigned __int64) newbytecount); +#else + TIFFErrorExt(tif->tif_clientdata, module, + "Too large strip byte count %llu, strip %lu. Limiting to %llu", + (unsigned long long) bytecount, + (unsigned long) strip, + (unsigned long long) newbytecount); +#endif + bytecount = newbytecount; + } } - tif->tif_flags &= ~TIFF_MYBUFFER; + } + + if (isMapped(tif)) { /* * We must check for overflow, potentially causing * an OOB read. Instead of simple @@ -591,6 +853,28 @@ TIFFFillStrip(TIFF* tif, uint32 strip) tif->tif_curstrip = NOSTRIP; return (0); } + } + + if (isMapped(tif) && + (isFillOrder(tif, td->td_fillorder) + || (tif->tif_flags & TIFF_NOBITREV))) { + /* + * The image is mapped into memory and we either don't + * need to flip bits or the compression routine is + * going to handle this operation itself. In this + * case, avoid copying the raw data and instead just + * reference the data from the memory mapped file + * image. This assumes that the decompression + * routines do not modify the contents of the raw data + * buffer (if they try to, the application will get a + * fault since the file is mapped read-only). + */ + if ((tif->tif_flags & TIFF_MYBUFFER) && tif->tif_rawdata) { + _TIFFfree(tif->tif_rawdata); + tif->tif_rawdata = NULL; + tif->tif_rawdatasize = 0; + } + tif->tif_flags &= ~TIFF_MYBUFFER; tif->tif_rawdatasize = (tmsize_t)bytecount; tif->tif_rawdata = tif->tif_base + (tmsize_t)td->td_stripoffset[strip]; tif->tif_rawdataoff = 0; @@ -624,17 +908,36 @@ TIFFFillStrip(TIFF* tif, uint32 strip) (unsigned long) strip); return (0); } - if (!TIFFReadBufferSetup(tif, 0, bytecountm)) - return (0); } if (tif->tif_flags&TIFF_BUFFERMMAP) { tif->tif_curstrip = NOSTRIP; - if (!TIFFReadBufferSetup(tif, 0, bytecountm)) + tif->tif_rawdata = NULL; + tif->tif_rawdatasize = 0; + tif->tif_flags &= ~TIFF_BUFFERMMAP; + } + + if( isMapped(tif) ) + { + if (bytecountm > tif->tif_rawdatasize && + !TIFFReadBufferSetup(tif, 0, bytecountm)) + { + return (0); + } + if (TIFFReadRawStrip1(tif, strip, tif->tif_rawdata, + bytecountm, module) != bytecountm) + { return (0); + } } - if (TIFFReadRawStrip1(tif, strip, tif->tif_rawdata, - bytecountm, module) != bytecountm) - return (0); + else + { + if (TIFFReadRawStripOrTile2(tif, strip, 1, + bytecountm, module) != bytecountm) + { + return (0); + } + } + tif->tif_rawdataoff = 0; tif->tif_rawdataloaded = bytecountm; @@ -714,6 +1017,77 @@ TIFFReadEncodedTile(TIFF* tif, uint32 tile, void* buf, tmsize_t size) return ((tmsize_t)(-1)); } +/* Variant of TIFFReadTile() that does + * * if *buf == NULL, *buf = _TIFFmalloc(bufsizetoalloc) only after TIFFFillTile() has + * succeeded. This avoid excessive memory allocation in case of truncated + * file. + * * calls regular TIFFReadEncodedTile() if *buf != NULL + */ +tmsize_t +_TIFFReadTileAndAllocBuffer(TIFF* tif, + void **buf, tmsize_t bufsizetoalloc, + uint32 x, uint32 y, uint32 z, uint16 s) +{ + if (!TIFFCheckRead(tif, 1) || !TIFFCheckTile(tif, x, y, z, s)) + return ((tmsize_t)(-1)); + return (_TIFFReadEncodedTileAndAllocBuffer(tif, + TIFFComputeTile(tif, x, y, z, s), + buf, bufsizetoalloc, + (tmsize_t)(-1))); +} + +/* Variant of TIFFReadEncodedTile() that does + * * if *buf == NULL, *buf = _TIFFmalloc(bufsizetoalloc) only after TIFFFillTile() has + * succeeded. This avoid excessive memory allocation in case of truncated + * file. + * * calls regular TIFFReadEncodedTile() if *buf != NULL + */ +tmsize_t +_TIFFReadEncodedTileAndAllocBuffer(TIFF* tif, uint32 tile, + void **buf, tmsize_t bufsizetoalloc, + tmsize_t size_to_read) +{ + static const char module[] = "_TIFFReadEncodedTileAndAllocBuffer"; + TIFFDirectory *td = &tif->tif_dir; + tmsize_t tilesize = tif->tif_tilesize; + + if( *buf != NULL ) + { + return TIFFReadEncodedTile(tif, tile, *buf, size_to_read); + } + + if (!TIFFCheckRead(tif, 1)) + return ((tmsize_t)(-1)); + if (tile >= td->td_nstrips) { + TIFFErrorExt(tif->tif_clientdata, module, + "%lu: Tile out of range, max %lu", + (unsigned long) tile, (unsigned long) td->td_nstrips); + return ((tmsize_t)(-1)); + } + + if (!TIFFFillTile(tif,tile)) + return((tmsize_t)(-1)); + + *buf = _TIFFmalloc(bufsizetoalloc); + if (*buf == NULL) { + TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), + "No space for tile buffer"); + return((tmsize_t)(-1)); + } + _TIFFmemset(*buf, 0, bufsizetoalloc); + + if (size_to_read == (tmsize_t)(-1)) + size_to_read = tilesize; + else if (size_to_read > tilesize) + size_to_read = tilesize; + if( (*tif->tif_decodetile)(tif, + (uint8*) *buf, size_to_read, (uint16)(tile/td->td_stripsperimage))) { + (*tif->tif_postdecode)(tif, (uint8*) *buf, size_to_read); + return (size_to_read); + } else + return ((tmsize_t)(-1)); +} + static tmsize_t TIFFReadRawTile1(TIFF* tif, uint32 tile, void* buf, tmsize_t size, const char* module) { @@ -856,6 +1230,56 @@ TIFFFillTile(TIFF* tif, uint32 tile) #endif return (0); } + + /* To avoid excessive memory allocations: */ + /* Byte count should normally not be larger than a number of */ + /* times the uncompressed size plus some margin */ + if( bytecount > 1024 * 1024 ) + { + /* 10 and 4096 are just values that could be adjusted. */ + /* Hopefully they are safe enough for all codecs */ + tmsize_t stripsize = TIFFTileSize(tif); + if( stripsize != 0 && + (bytecount - 4096) / 10 > (uint64)stripsize ) + { + uint64 newbytecount = (uint64)stripsize * 10 + 4096; + if( (int64)newbytecount >= 0 ) + { +#if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) + TIFFWarningExt(tif->tif_clientdata, module, + "Too large tile byte count %I64u, tile %lu. Limiting to %I64u", + (unsigned __int64) bytecount, + (unsigned long) tile, + (unsigned __int64) newbytecount); +#else + TIFFErrorExt(tif->tif_clientdata, module, + "Too large tile byte count %llu, tile %lu. Limiting to %llu", + (unsigned long long) bytecount, + (unsigned long) tile, + (unsigned long long) newbytecount); +#endif + bytecount = newbytecount; + } + } + } + + if (isMapped(tif)) { + /* + * We must check for overflow, potentially causing + * an OOB read. Instead of simple + * + * td->td_stripoffset[tile]+bytecount > tif->tif_size + * + * comparison (which can overflow) we do the following + * two comparisons: + */ + if (bytecount > (uint64)tif->tif_size || + td->td_stripoffset[tile] > (uint64)tif->tif_size - bytecount) { + tif->tif_curtile = NOTILE; + return (0); + } + } + if (isMapped(tif) && (isFillOrder(tif, td->td_fillorder) || (tif->tif_flags & TIFF_NOBITREV))) { @@ -876,20 +1300,7 @@ TIFFFillTile(TIFF* tif, uint32 tile) tif->tif_rawdatasize = 0; } tif->tif_flags &= ~TIFF_MYBUFFER; - /* - * We must check for overflow, potentially causing - * an OOB read. Instead of simple - * - * td->td_stripoffset[tile]+bytecount > tif->tif_size - * - * comparison (which can overflow) we do the following - * two comparisons: - */ - if (bytecount > (uint64)tif->tif_size || - td->td_stripoffset[tile] > (uint64)tif->tif_size - bytecount) { - tif->tif_curtile = NOTILE; - return (0); - } + tif->tif_rawdatasize = (tmsize_t)bytecount; tif->tif_rawdata = tif->tif_base + (tmsize_t)td->td_stripoffset[tile]; @@ -917,18 +1328,36 @@ TIFFFillTile(TIFF* tif, uint32 tile) (unsigned long) tile); return (0); } - if (!TIFFReadBufferSetup(tif, 0, bytecountm)) - return (0); } if (tif->tif_flags&TIFF_BUFFERMMAP) { tif->tif_curtile = NOTILE; - if (!TIFFReadBufferSetup(tif, 0, bytecountm)) + tif->tif_rawdata = NULL; + tif->tif_rawdatasize = 0; + tif->tif_flags &= ~TIFF_BUFFERMMAP; + } + + if( isMapped(tif) ) + { + if (bytecountm > tif->tif_rawdatasize && + !TIFFReadBufferSetup(tif, 0, bytecountm)) + { + return (0); + } + if (TIFFReadRawTile1(tif, tile, tif->tif_rawdata, + bytecountm, module) != bytecountm) + { return (0); + } + } + else + { + if (TIFFReadRawStripOrTile2(tif, tile, 0, + bytecountm, module) != bytecountm) + { + return (0); + } } - if (TIFFReadRawTile1(tif, tile, tif->tif_rawdata, - bytecountm, module) != bytecountm) - return (0); tif->tif_rawdataoff = 0; tif->tif_rawdataloaded = bytecountm; @@ -976,7 +1405,9 @@ TIFFReadBufferSetup(TIFF* tif, void* bp, tmsize_t size) "Invalid buffer size"); return (0); } - tif->tif_rawdata = (uint8*) _TIFFmalloc(tif->tif_rawdatasize); + /* Initialize to zero to avoid uninitialized buffers in case of */ + /* short reads (http://bugzilla.maptools.org/show_bug.cgi?id=2651) */ + tif->tif_rawdata = (uint8*) _TIFFcalloc(1, tif->tif_rawdatasize); tif->tif_flags |= TIFF_MYBUFFER; } if (tif->tif_rawdata == NULL) { @@ -1018,7 +1449,10 @@ TIFFStartStrip(TIFF* tif, uint32 strip) else { tif->tif_rawcp = tif->tif_rawdata; - tif->tif_rawcc = (tmsize_t)td->td_stripbytecount[strip]; + if( tif->tif_rawdataloaded > 0 ) + tif->tif_rawcc = tif->tif_rawdataloaded; + else + tif->tif_rawcc = (tmsize_t)td->td_stripbytecount[strip]; } return ((*tif->tif_predecode)(tif, (uint16)(strip / td->td_stripsperimage))); @@ -1065,7 +1499,10 @@ TIFFStartTile(TIFF* tif, uint32 tile) else { tif->tif_rawcp = tif->tif_rawdata; - tif->tif_rawcc = (tmsize_t)td->td_stripbytecount[tile]; + if( tif->tif_rawdataloaded > 0 ) + tif->tif_rawcc = tif->tif_rawdataloaded; + else + tif->tif_rawcc = (tmsize_t)td->td_stripbytecount[tile]; } return ((*tif->tif_predecode)(tif, (uint16)(tile/td->td_stripsperimage))); diff --git a/tiff/libtiff/tif_strip.c b/tiff/libtiff/tif_strip.c index b6098dd31..6e9f2ef6d 100644 --- a/tiff/libtiff/tif_strip.c +++ b/tiff/libtiff/tif_strip.c @@ -1,4 +1,4 @@ -/* $Id: tif_strip.c,v 1.37 2016-11-09 23:00:49 erouault Exp $ */ +/* $Id: tif_strip.c,v 1.38 2016-12-03 11:02:15 erouault Exp $ */ /* * Copyright (c) 1991-1997 Sam Leffler @@ -63,15 +63,6 @@ TIFFNumberOfStrips(TIFF* tif) TIFFDirectory *td = &tif->tif_dir; uint32 nstrips; - /* If the value was already computed and store in td_nstrips, then return it, - since ChopUpSingleUncompressedStrip might have altered and resized the - since the td_stripbytecount and td_stripoffset arrays to the new value - after the initial affectation of td_nstrips = TIFFNumberOfStrips() in - tif_dirread.c ~line 3612. - See http://bugzilla.maptools.org/show_bug.cgi?id=2587 */ - if( td->td_nstrips ) - return td->td_nstrips; - nstrips = (td->td_rowsperstrip == (uint32) -1 ? 1 : TIFFhowmany_32(td->td_imagelength, td->td_rowsperstrip)); if (td->td_planarconfig == PLANARCONFIG_SEPARATE) diff --git a/tiff/libtiff/tif_swab.c b/tiff/libtiff/tif_swab.c index 211dc576e..4b2e5f16d 100644 --- a/tiff/libtiff/tif_swab.c +++ b/tiff/libtiff/tif_swab.c @@ -1,4 +1,4 @@ -/* $Id: tif_swab.c,v 1.14 2016-09-04 21:32:56 erouault Exp $ */ +/* $Id: tif_swab.c,v 1.15 2017-06-08 16:39:50 erouault Exp $ */ /* * Copyright (c) 1988-1997 Sam Leffler @@ -31,7 +31,7 @@ */ #include "tiffiop.h" -#ifndef TIFFSwabShort +#if defined(DISABLE_CHECK_TIFFSWABMACROS) || !defined(TIFFSwabShort) void TIFFSwabShort(uint16* wp) { @@ -42,7 +42,7 @@ TIFFSwabShort(uint16* wp) } #endif -#ifndef TIFFSwabLong +#if defined(DISABLE_CHECK_TIFFSWABMACROS) || !defined(TIFFSwabLong) void TIFFSwabLong(uint32* lp) { @@ -54,7 +54,7 @@ TIFFSwabLong(uint32* lp) } #endif -#ifndef TIFFSwabLong8 +#if defined(DISABLE_CHECK_TIFFSWABMACROS) || !defined(TIFFSwabLong8) void TIFFSwabLong8(uint64* lp) { @@ -68,7 +68,7 @@ TIFFSwabLong8(uint64* lp) } #endif -#ifndef TIFFSwabArrayOfShort +#if defined(DISABLE_CHECK_TIFFSWABMACROS) || !defined(TIFFSwabArrayOfShort) void TIFFSwabArrayOfShort(register uint16* wp, tmsize_t n) { @@ -84,7 +84,7 @@ TIFFSwabArrayOfShort(register uint16* wp, tmsize_t n) } #endif -#ifndef TIFFSwabArrayOfTriples +#if defined(DISABLE_CHECK_TIFFSWABMACROS) || !defined(TIFFSwabArrayOfTriples) void TIFFSwabArrayOfTriples(register uint8* tp, tmsize_t n) { @@ -100,7 +100,7 @@ TIFFSwabArrayOfTriples(register uint8* tp, tmsize_t n) } #endif -#ifndef TIFFSwabArrayOfLong +#if defined(DISABLE_CHECK_TIFFSWABMACROS) || !defined(TIFFSwabArrayOfLong) void TIFFSwabArrayOfLong(register uint32* lp, tmsize_t n) { @@ -117,7 +117,7 @@ TIFFSwabArrayOfLong(register uint32* lp, tmsize_t n) } #endif -#ifndef TIFFSwabArrayOfLong8 +#if defined(DISABLE_CHECK_TIFFSWABMACROS) || !defined(TIFFSwabArrayOfLong8) void TIFFSwabArrayOfLong8(register uint64* lp, tmsize_t n) { @@ -136,7 +136,7 @@ TIFFSwabArrayOfLong8(register uint64* lp, tmsize_t n) } #endif -#ifndef TIFFSwabFloat +#if defined(DISABLE_CHECK_TIFFSWABMACROS) || !defined(TIFFSwabFloat) void TIFFSwabFloat(float* fp) { @@ -148,7 +148,7 @@ TIFFSwabFloat(float* fp) } #endif -#ifndef TIFFSwabArrayOfFloat +#if defined(DISABLE_CHECK_TIFFSWABMACROS) || !defined(TIFFSwabArrayOfFloat) void TIFFSwabArrayOfFloat(register float* fp, tmsize_t n) { @@ -165,7 +165,7 @@ TIFFSwabArrayOfFloat(register float* fp, tmsize_t n) } #endif -#ifndef TIFFSwabDouble +#if defined(DISABLE_CHECK_TIFFSWABMACROS) || !defined(TIFFSwabDouble) void TIFFSwabDouble(double *dp) { @@ -179,7 +179,7 @@ TIFFSwabDouble(double *dp) } #endif -#ifndef TIFFSwabArrayOfDouble +#if defined(DISABLE_CHECK_TIFFSWABMACROS) || !defined(TIFFSwabArrayOfDouble) void TIFFSwabArrayOfDouble(double* dp, tmsize_t n) { diff --git a/tiff/libtiff/tif_unix.c b/tiff/libtiff/tif_unix.c index 81e9d6653..80c437cfa 100644 --- a/tiff/libtiff/tif_unix.c +++ b/tiff/libtiff/tif_unix.c @@ -1,4 +1,4 @@ -/* $Id: tif_unix.c,v 1.27 2015-08-19 02:31:04 bfriesen Exp $ */ +/* $Id: tif_unix.c,v 1.28 2017-01-11 19:02:49 erouault Exp $ */ /* * Copyright (c) 1988-1997 Sam Leffler @@ -316,6 +316,14 @@ _TIFFmalloc(tmsize_t s) return (malloc((size_t) s)); } +void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz) +{ + if( nmemb == 0 || siz == 0 ) + return ((void *) NULL); + + return calloc((size_t) nmemb, (size_t)siz); +} + void _TIFFfree(void* p) { diff --git a/tiff/libtiff/tif_warning.c b/tiff/libtiff/tif_warning.c index 423b636e6..dc79f1445 100644 --- a/tiff/libtiff/tif_warning.c +++ b/tiff/libtiff/tif_warning.c @@ -1,4 +1,4 @@ -/* $Header: /cvs/maptools/cvsroot/libtiff/libtiff/tif_warning.c,v 1.3 2010-03-10 18:56:49 bfriesen Exp $ */ +/* $Header: /cvs/maptools/cvsroot/libtiff/libtiff/tif_warning.c,v 1.4 2017-07-04 12:54:42 erouault Exp $ */ /* * Copyright (c) 1988-1997 Sam Leffler @@ -51,24 +51,32 @@ void TIFFWarning(const char* module, const char* fmt, ...) { va_list ap; - va_start(ap, fmt); - if (_TIFFwarningHandler) + if (_TIFFwarningHandler) { + va_start(ap, fmt); (*_TIFFwarningHandler)(module, fmt, ap); - if (_TIFFwarningHandlerExt) + va_end(ap); + } + if (_TIFFwarningHandlerExt) { + va_start(ap, fmt); (*_TIFFwarningHandlerExt)(0, module, fmt, ap); - va_end(ap); + va_end(ap); + } } void TIFFWarningExt(thandle_t fd, const char* module, const char* fmt, ...) { va_list ap; - va_start(ap, fmt); - if (_TIFFwarningHandler) + if (_TIFFwarningHandler) { + va_start(ap, fmt); (*_TIFFwarningHandler)(module, fmt, ap); - if (_TIFFwarningHandlerExt) + va_end(ap); + } + if (_TIFFwarningHandlerExt) { + va_start(ap, fmt); (*_TIFFwarningHandlerExt)(fd, module, fmt, ap); - va_end(ap); + va_end(ap); + } } diff --git a/tiff/libtiff/tif_win32.c b/tiff/libtiff/tif_win32.c index 24b824f1b..090baed87 100644 --- a/tiff/libtiff/tif_win32.c +++ b/tiff/libtiff/tif_win32.c @@ -1,4 +1,4 @@ -/* $Id: tif_win32.c,v 1.41 2015-08-23 20:12:44 bfriesen Exp $ */ +/* $Id: tif_win32.c,v 1.42 2017-01-11 19:02:49 erouault Exp $ */ /* * Copyright (c) 1988-1997 Sam Leffler @@ -360,6 +360,14 @@ _TIFFmalloc(tmsize_t s) return (malloc((size_t) s)); } +void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz) +{ + if( nmemb == 0 || siz == 0 ) + return ((void *) NULL); + + return calloc((size_t) nmemb, (size_t)siz); +} + void _TIFFfree(void* p) { diff --git a/tiff/libtiff/tif_write.c b/tiff/libtiff/tif_write.c index 34c4d81a0..4c216ec20 100644 --- a/tiff/libtiff/tif_write.c +++ b/tiff/libtiff/tif_write.c @@ -1,4 +1,4 @@ -/* $Id: tif_write.c,v 1.45 2016-09-23 22:12:18 erouault Exp $ */ +/* $Id: tif_write.c,v 1.46 2016-12-03 21:57:44 erouault Exp $ */ /* * Copyright (c) 1988-1997 Sam Leffler @@ -476,22 +476,22 @@ TIFFWriteEncodedTile(TIFF* tif, uint32 tile, void* data, tmsize_t cc) sample = (uint16)(tile/td->td_stripsperimage); if (!(*tif->tif_preencode)(tif, sample)) return ((tmsize_t)(-1)); - /* swab if needed - note that source buffer will be altered */ - tif->tif_postdecode( tif, (uint8*) data, cc ); + /* swab if needed - note that source buffer will be altered */ + tif->tif_postdecode( tif, (uint8*) data, cc ); - if (!(*tif->tif_encodetile)(tif, (uint8*) data, cc, sample)) - return ((tmsize_t) -1); - if (!(*tif->tif_postencode)(tif)) - return ((tmsize_t)(-1)); - if (!isFillOrder(tif, td->td_fillorder) && - (tif->tif_flags & TIFF_NOBITREV) == 0) - TIFFReverseBits((uint8*)tif->tif_rawdata, tif->tif_rawcc); - if (tif->tif_rawcc > 0 && !TIFFAppendToStrip(tif, tile, - tif->tif_rawdata, tif->tif_rawcc)) - return ((tmsize_t)(-1)); - tif->tif_rawcc = 0; - tif->tif_rawcp = tif->tif_rawdata; - return (cc); + if (!(*tif->tif_encodetile)(tif, (uint8*) data, cc, sample)) + return ((tmsize_t) -1); + if (!(*tif->tif_postencode)(tif)) + return ((tmsize_t)(-1)); + if (!isFillOrder(tif, td->td_fillorder) && + (tif->tif_flags & TIFF_NOBITREV) == 0) + TIFFReverseBits((uint8*)tif->tif_rawdata, tif->tif_rawcc); + if (tif->tif_rawcc > 0 && !TIFFAppendToStrip(tif, tile, + tif->tif_rawdata, tif->tif_rawcc)) + return ((tmsize_t)(-1)); + tif->tif_rawcc = 0; + tif->tif_rawcp = tif->tif_rawdata; + return (cc); } /* diff --git a/tiff/libtiff/tif_zip.c b/tiff/libtiff/tif_zip.c index 8c35aea83..42943fbb1 100644 --- a/tiff/libtiff/tif_zip.c +++ b/tiff/libtiff/tif_zip.c @@ -1,4 +1,4 @@ -/* $Id: tif_zip.c,v 1.36 2016-11-12 16:48:28 erouault Exp $ */ +/* $Id: tif_zip.c,v 1.37 2017-05-10 15:21:16 erouault Exp $ */ /* * Copyright (c) 1995-1997 Sam Leffler @@ -107,7 +107,11 @@ ZIPSetupDecode(TIFF* tif) sp->state = 0; } - if (inflateInit(&sp->stream) != Z_OK) { + /* This function can possibly be called several times by */ + /* PredictorSetupDecode() if this function succeeds but */ + /* PredictorSetup() fails */ + if ((sp->state & ZSTATE_INIT_DECODE) == 0 && + inflateInit(&sp->stream) != Z_OK) { TIFFErrorExt(tif->tif_clientdata, module, "%s", SAFE_MSG(sp)); return (0); } else { diff --git a/tiff/libtiff/tiffio.h b/tiff/libtiff/tiffio.h index 6a84d803a..ef61b5c06 100644 --- a/tiff/libtiff/tiffio.h +++ b/tiff/libtiff/tiffio.h @@ -1,4 +1,4 @@ -/* $Id: tiffio.h,v 1.92 2016-01-23 21:20:34 erouault Exp $ */ +/* $Id: tiffio.h,v 1.94 2017-01-11 19:02:49 erouault Exp $ */ /* * Copyright (c) 1988-1997 Sam Leffler @@ -293,6 +293,7 @@ extern TIFFCodec* TIFFGetConfiguredCODECs(void); */ extern void* _TIFFmalloc(tmsize_t s); +extern void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz); extern void* _TIFFrealloc(void* p, tmsize_t s); extern void _TIFFmemset(void* p, int v, tmsize_t c); extern void _TIFFmemcpy(void* d, const void* s, tmsize_t c); @@ -430,6 +431,8 @@ extern int TIFFReadRGBAImageOriented(TIFF*, uint32, uint32, uint32*, int, int); extern int TIFFReadRGBAStrip(TIFF*, uint32, uint32 * ); extern int TIFFReadRGBATile(TIFF*, uint32, uint32, uint32 * ); +extern int TIFFReadRGBAStripExt(TIFF*, uint32, uint32 *, int stop_on_error ); +extern int TIFFReadRGBATileExt(TIFF*, uint32, uint32, uint32 *, int stop_on_error ); extern int TIFFRGBAImageOK(TIFF*, char [1024]); extern int TIFFRGBAImageBegin(TIFFRGBAImage*, TIFF*, int, char [1024]); extern int TIFFRGBAImageGet(TIFFRGBAImage*, uint32*, uint32, uint32); diff --git a/tiff/libtiff/tiffiop.h b/tiff/libtiff/tiffiop.h index cf020d077..80d58747d 100644 --- a/tiff/libtiff/tiffiop.h +++ b/tiff/libtiff/tiffiop.h @@ -1,4 +1,4 @@ -/* $Id: tiffiop.h,v 1.89 2016-01-23 21:20:34 erouault Exp $ */ +/* $Id: tiffiop.h,v 1.95 2017-09-07 14:02:52 erouault Exp $ */ /* * Copyright (c) 1988-1997 Sam Leffler @@ -256,8 +256,7 @@ struct tiff { (TIFFReadFile((tif),(buf),(size))==(size)) #endif #ifndef SeekOK -#define SeekOK(tif, off) \ - (TIFFSeekFile((tif),(off),SEEK_SET)==(off)) +#define SeekOK(tif, off) _TIFFSeekOK(tif, off) #endif #ifndef WriteOK #define WriteOK(tif, buf, size) \ @@ -268,6 +267,10 @@ struct tiff { #define TIFFhowmany_32(x, y) (((uint32)x < (0xffffffff - (uint32)(y-1))) ? \ ((((uint32)(x))+(((uint32)(y))-1))/((uint32)(y))) : \ 0U) +/* Variant of TIFFhowmany_32() that doesn't return 0 if x close to MAXUINT. */ +/* Caution: TIFFhowmany_32_maxuint_compat(x,y)*y might overflow */ +#define TIFFhowmany_32_maxuint_compat(x, y) \ + (((uint32)(x) / (uint32)(y)) + ((((uint32)(x) % (uint32)(y)) != 0) ? 1 : 0)) #define TIFFhowmany8_32(x) (((x)&0x07)?((uint32)(x)>>3)+1:(uint32)(x)>>3) #define TIFFroundup_32(x, y) (TIFFhowmany_32(x,y)*(y)) #define TIFFhowmany_64(x, y) ((((uint64)(x))+(((uint64)(y))-1))/((uint64)(y))) @@ -329,6 +332,13 @@ typedef size_t TIFFIOSize_t; #define _TIFF_off_t off_t #endif +#if __clang_major__ >= 4 || (__clang_major__ == 3 && __clang_minor__ >= 8) +#define TIFF_NOSANITIZE_UNSIGNED_INT_OVERFLOW __attribute__((no_sanitize("unsigned-integer-overflow"))) +#else +#define TIFF_NOSANITIZE_UNSIGNED_INT_OVERFLOW +#endif + + #if defined(__cplusplus) extern "C" { #endif @@ -379,6 +389,20 @@ extern void* _TIFFCheckRealloc(TIFF*, void*, tmsize_t, tmsize_t, const char*); extern double _TIFFUInt64ToDouble(uint64); extern float _TIFFUInt64ToFloat(uint64); +extern tmsize_t +_TIFFReadEncodedStripAndAllocBuffer(TIFF* tif, uint32 strip, + void **buf, tmsize_t bufsizetoalloc, + tmsize_t size_to_read); +extern tmsize_t +_TIFFReadEncodedTileAndAllocBuffer(TIFF* tif, uint32 tile, + void **buf, tmsize_t bufsizetoalloc, + tmsize_t size_to_read); +extern tmsize_t +_TIFFReadTileAndAllocBuffer(TIFF* tif, + void **buf, tmsize_t bufsizetoalloc, + uint32 x, uint32 y, uint32 z, uint16 s); +extern int _TIFFSeekOK(TIFF* tif, toff_t off); + extern int TIFFInitDumpMode(TIFF*, int); #ifdef PACKBITS_SUPPORT extern int TIFFInitPackBits(TIFF*, int); @@ -401,6 +425,7 @@ extern int TIFFInitOJPEG(TIFF*, int); #endif #ifdef JPEG_SUPPORT extern int TIFFInitJPEG(TIFF*, int); +extern int TIFFJPEGIsFullStripRequired(TIFF*); #endif #ifdef JBIG_SUPPORT extern int TIFFInitJBIG(TIFF*, int); diff --git a/tiff/libtiff/tiffvers.h b/tiff/libtiff/tiffvers.h index fe55c726c..7c415740f 100644 --- a/tiff/libtiff/tiffvers.h +++ b/tiff/libtiff/tiffvers.h @@ -1,4 +1,4 @@ -#define TIFFLIB_VERSION_STR "LIBTIFF, Version 4.0.7\nCopyright (c) 1988-1996 Sam Leffler\nCopyright (c) 1991-1996 Silicon Graphics, Inc." +#define TIFFLIB_VERSION_STR "LIBTIFF, Version 4.0.9\nCopyright (c) 1988-1996 Sam Leffler\nCopyright (c) 1991-1996 Silicon Graphics, Inc." /* * This define can be used in code that requires * compilation-related definitions specific to a @@ -6,4 +6,4 @@ * version checking should be done based on the * string returned by TIFFGetVersion. */ -#define TIFFLIB_VERSION 20161119 +#define TIFFLIB_VERSION 20171118 diff --git a/tiff/m4/libtool.m4 b/tiff/m4/libtool.m4 index a3bc337b7..10ab2844c 100644 --- a/tiff/m4/libtool.m4 +++ b/tiff/m4/libtool.m4 @@ -2887,6 +2887,18 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) dynamic_linker='GNU/Linux ld.so' ;; +netbsdelf*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='NetBSD ld.elf_so' + ;; + netbsd*) version_type=sunos need_lib_prefix=no @@ -3546,7 +3558,7 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) lt_cv_deplibs_check_method=pass_all ;; -netbsd*) +netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' else @@ -4424,7 +4436,7 @@ m4_if([$1], [CXX], [ ;; esac ;; - netbsd*) + netbsd* | netbsdelf*-gnu) ;; *qnx* | *nto*) # QNX uses GNU C++, but need to define -shared option too, otherwise @@ -4936,6 +4948,9 @@ m4_if([$1], [CXX], [ ;; esac ;; + linux* | k*bsd*-gnu | gnu*) + _LT_TAGVAR(link_all_deplibs, $1)=no + ;; *) _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' ;; @@ -4998,6 +5013,9 @@ dnl Note also adjust exclude_expsyms for C++ above. openbsd* | bitrig*) with_gnu_ld=no ;; + linux* | k*bsd*-gnu | gnu*) + _LT_TAGVAR(link_all_deplibs, $1)=no + ;; esac _LT_TAGVAR(ld_shlibs, $1)=yes @@ -5252,7 +5270,7 @@ _LT_EOF fi ;; - netbsd*) + netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' wlarc= @@ -5773,6 +5791,7 @@ _LT_EOF if test yes = "$lt_cv_irix_exported_symbol"; then _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib' fi + _LT_TAGVAR(link_all_deplibs, $1)=no else _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib' @@ -5794,7 +5813,7 @@ _LT_EOF esac ;; - netbsd*) + netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out else diff --git a/tiff/man/CMakeLists.txt b/tiff/man/CMakeLists.txt index 1db7556d5..be5e2949e 100644 --- a/tiff/man/CMakeLists.txt +++ b/tiff/man/CMakeLists.txt @@ -28,8 +28,6 @@ set(man1_MANS pal2rgb.1 ppm2tiff.1 raw2tiff.1 - rgb2ycbcr.1 - thumbnail.1 tiff2bw.1 tiff2pdf.1 tiff2ps.1 diff --git a/tiff/man/Makefile.am b/tiff/man/Makefile.am index 08b8749b0..0fe9e4d08 100644 --- a/tiff/man/Makefile.am +++ b/tiff/man/Makefile.am @@ -29,8 +29,6 @@ dist_man1_MANS = \ pal2rgb.1 \ ppm2tiff.1 \ raw2tiff.1 \ - rgb2ycbcr.1 \ - thumbnail.1 \ tiff2bw.1 \ tiff2pdf.1 \ tiff2ps.1 \ diff --git a/tiff/man/Makefile.in b/tiff/man/Makefile.in index 3f19b8c36..212905b64 100644 --- a/tiff/man/Makefile.in +++ b/tiff/man/Makefile.in @@ -335,8 +335,6 @@ dist_man1_MANS = \ pal2rgb.1 \ ppm2tiff.1 \ raw2tiff.1 \ - rgb2ycbcr.1 \ - thumbnail.1 \ tiff2bw.1 \ tiff2pdf.1 \ tiff2ps.1 \ diff --git a/tiff/man/TIFFGetField.3tiff b/tiff/man/TIFFGetField.3tiff index bdf41a259..528019e15 100644 --- a/tiff/man/TIFFGetField.3tiff +++ b/tiff/man/TIFFGetField.3tiff @@ -1,4 +1,4 @@ -.\" $Id: TIFFGetField.3tiff,v 1.7 2016-09-25 20:05:49 bfriesen Exp $ +.\" $Id: TIFFGetField.3tiff,v 1.8 2017-06-30 17:40:02 erouault Exp $ .\" .\" Copyright (c) 1988-1997 Sam Leffler .\" Copyright (c) 1991-1997 Silicon Graphics, Inc. @@ -160,7 +160,7 @@ TIFFTAG_STONITS 1 double** TIFFTAG_STRIPBYTECOUNTS 1 uint32** TIFFTAG_STRIPOFFSETS 1 uint32** TIFFTAG_SUBFILETYPE 1 uint32* -TIFFTAG_SUBIFD 2 uint16*,uint32** count & offsets array +TIFFTAG_SUBIFD 2 uint16*,uint64** count & offsets array TIFFTAG_TARGETPRINTER 1 char** TIFFTAG_THRESHHOLDING 1 uint16* TIFFTAG_TILEBYTECOUNTS 1 uint32** diff --git a/tiff/man/TIFFSetDirectory.3tiff b/tiff/man/TIFFSetDirectory.3tiff index 93faf1930..0f109f66a 100644 --- a/tiff/man/TIFFSetDirectory.3tiff +++ b/tiff/man/TIFFSetDirectory.3tiff @@ -1,4 +1,4 @@ -.\" $Id: TIFFSetDirectory.3tiff,v 1.3 2016-09-25 20:05:50 bfriesen Exp $ +.\" $Id: TIFFSetDirectory.3tiff,v 1.4 2017-06-30 17:40:02 erouault Exp $ .\" .\" Copyright (c) 1988-1997 Sam Leffler .\" Copyright (c) 1991-1997 Silicon Graphics, Inc. @@ -33,7 +33,7 @@ file .sp .BI "int TIFFSetDirectory(TIFF *" tif ", tdir_t " dirnum ")" .br -.BI "int TIFFSetSubDirectory(TIFF *" tif ", uint32 " diroff ")" +.BI "int TIFFSetSubDirectory(TIFF *" tif ", uint64 " diroff ")" .SH DESCRIPTION .I TIFFSetDirectory changes the current directory and reads its contents with diff --git a/tiff/man/TIFFSetField.3tiff b/tiff/man/TIFFSetField.3tiff index 1754827cc..695a199e7 100644 --- a/tiff/man/TIFFSetField.3tiff +++ b/tiff/man/TIFFSetField.3tiff @@ -1,4 +1,4 @@ -.\" $Id: TIFFSetField.3tiff,v 1.6 2016-09-25 20:05:50 bfriesen Exp $ +.\" $Id: TIFFSetField.3tiff,v 1.7 2017-06-30 17:40:02 erouault Exp $ .\" .\" Copyright (c) 1988-1997 Sam Leffler .\" Copyright (c) 1991-1997 Silicon Graphics, Inc. @@ -157,7 +157,7 @@ TIFFTAG_SMINSAMPLEVALUE 1 double TIFFTAG_SOFTWARE 1 char* TIFFTAG_STONITS 1 double \(dg TIFFTAG_SUBFILETYPE 1 uint32 -TIFFTAG_SUBIFD 2 uint16,uint32* count & offsets array +TIFFTAG_SUBIFD 2 uint16,uint64* count & offsets array TIFFTAG_TARGETPRINTER 1 char* TIFFTAG_THRESHHOLDING 1 uint16 TIFFTAG_TILEDEPTH 1 uint32 \(dg diff --git a/tiff/man/rgb2ycbcr.1 b/tiff/man/rgb2ycbcr.1 deleted file mode 100644 index e3be491e9..000000000 --- a/tiff/man/rgb2ycbcr.1 +++ /dev/null @@ -1,99 +0,0 @@ -.\" $Header: /cvs/maptools/cvsroot/libtiff/man/rgb2ycbcr.1,v 1.5 2016-09-25 20:05:51 bfriesen Exp $ -.\" -.\" Copyright (c) 1991-1997 Sam Leffler -.\" Copyright (c) 1991-1997 Silicon Graphics, Inc. -.\" -.\" Permission to use, copy, modify, distribute, and sell this software and -.\" its documentation for any purpose is hereby granted without fee, provided -.\" that (i) the above copyright notices and this permission notice appear in -.\" all copies of the software and related documentation, and (ii) the names of -.\" Sam Leffler and Silicon Graphics may not be used in any advertising or -.\" publicity relating to the software without the specific, prior written -.\" permission of Sam Leffler and Silicon Graphics. -.\" -.\" THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, -.\" EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY -.\" WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. -.\" -.\" IN NO EVENT SHALL SAM LEFFLER OR SILICON GRAPHICS BE LIABLE FOR -.\" ANY SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, -.\" OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, -.\" WHETHER OR NOT ADVISED OF THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF -.\" LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE -.\" OF THIS SOFTWARE. -.\" -.if n .po 0 -.TH RGB2YCBCR 1 "November 2, 2005" "libtiff" -.SH NAME -rgb2ycbcr \- convert non-YCbCr -.SM TIFF -images to a YCbCr -.SM TIFF -image -.SH SYNOPSIS -.B rgb2ycbcr -[ -.I options -] -.I "src1.tif src2.tif ... dst.tif" -.SH DESCRIPTION -.I rgb2ycbcr -converts -.SM RGB -color, greyscale, or bi-level -.SM TIFF -images to YCbCr images by transforming and sampling pixel data. If multiple -files are specified on the command line each source file is converted to a -separate directory in the destination file. -.PP -By default, chrominance samples are created by sampling -2 by 2 blocks of luminance values; this can be changed with the -.B \-h -and -.B \-v -options. -Output data are compressed with the -.SM PackBits -compression scheme, by default; an alternate scheme can be selected with the -.B \-c -option. -By default, output data are compressed in strips with -the number of rows in each strip selected so that the -size of a strip is never more than 8 kilobytes; -the -.B \-r -option can be used to explicitly set the number of -rows per strip. -.SH OPTIONS -.TP -.B \-c -Specify a compression scheme to use when writing image data: -.B "\-c none" -for no compression, -.B "\-c packbits" -for the PackBits compression algorithm (the default), -.B "\-c jpeg" -for the JPEG compression algorithm, -.B "\-c zip" -for the deflate compression algorithm, -and -.B "\-c lzw" -for Lempel-Ziv & Welch. -.TP -.B \-h -Set the horizontal sampling dimension to one of: 1, 2 (default), or 4. -.TP -.B \-r -Write data with a specified number of rows per strip; -by default the number of rows/strip is selected so that each strip -is approximately 8 kilobytes. -.TP -.B \-v -Set the vertical sampling dimension to one of: 1, 2 (default), or 4. -.SH "SEE ALSO" -.BR tiffinfo (1), -.BR tiffcp (1), -.BR libtiff (3) -.PP -Libtiff library home page: -.BR http://www.simplesystems.org/libtiff diff --git a/tiff/man/thumbnail.1 b/tiff/man/thumbnail.1 deleted file mode 100644 index 5ae87eda7..000000000 --- a/tiff/man/thumbnail.1 +++ /dev/null @@ -1,90 +0,0 @@ -.\" $Id: thumbnail.1,v 1.3 2016-09-25 20:05:51 bfriesen Exp $ -.\" -.\" Copyright (c) 1994-1997 Sam Leffler -.\" Copyright (c) 1994-1997 Silicon Graphics, Inc. -.\" -.\" Permission to use, copy, modify, distribute, and sell this software and -.\" its documentation for any purpose is hereby granted without fee, provided -.\" that (i) the above copyright notices and this permission notice appear in -.\" all copies of the software and related documentation, and (ii) the names of -.\" Sam Leffler and Silicon Graphics may not be used in any advertising or -.\" publicity relating to the software without the specific, prior written -.\" permission of Sam Leffler and Silicon Graphics. -.\" -.\" THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, -.\" EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY -.\" WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. -.\" -.\" IN NO EVENT SHALL SAM LEFFLER OR SILICON GRAPHICS BE LIABLE FOR -.\" ANY SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, -.\" OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, -.\" WHETHER OR NOT ADVISED OF THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF -.\" LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE -.\" OF THIS SOFTWARE. -.\" -.if n .po 0 -.TH THUMBNAIL 1 "November 2, 2005" "libtiff" -.SH NAME -thumbnail \- create a -.SM TIFF -file with thumbnail images -.SH SYNOPSIS -.B thumbnail -[ -.I options -] -.I input.tif -.I output.tif -.SH DESCRIPTION -.I thumbnail -is a program written to show how one might use the -SubIFD tag (#330) to store thumbnail images. -.I thumbnail -copies a -.SM TIFF -Class F facsimile file to the output file -and for each image an 8-bit greyscale -.IR "thumbnail sketch" . -The output file contains the thumbnail image with the associated -full-resolution page linked below with the SubIFD tag. -.PP -By default, thumbnail images are 216 pixels wide by 274 pixels high. -Pixels are calculated by sampling and filtering the input image -with each pixel value passed through a contrast curve. -.SH OPTIONS -.TP -.B \-w -Specify the width of thumbnail images in pixels. -.TP -.B \-h -Specify the height of thumbnail images in pixels. -.TP -.B \-c -Specify a contrast curve to apply in generating the thumbnail images. -By default pixels values are passed through a linear contrast curve -that simply maps the pixel value ranges. -Alternative curves are: -.B exp50 -for a 50% exponential curve, -.B exp60 -for a 60% exponential curve, -.B exp70 -for a 70% exponential curve, -.B exp80 -for a 80% exponential curve, -.B exp90 -for a 90% exponential curve, -.B exp -for a pure exponential curve, -.B linear -for a linear curve. -.SH BUGS -There are no options to control the format of the saved thumbnail images. -.SH "SEE ALSO" -.BR tiffdump (1), -.BR tiffgt (1), -.BR tiffinfo (1), -.BR libtiff (3) -.PP -Libtiff library home page: -.BR http://www.simplesystems.org/libtiff/ diff --git a/tiff/nmake.opt b/tiff/nmake.opt index 74b97007b..ec45e779f 100644 --- a/tiff/nmake.opt +++ b/tiff/nmake.opt @@ -1,4 +1,4 @@ -# $Id: nmake.opt,v 1.19 2015-08-28 22:19:26 bfriesen Exp $ +# $Id: nmake.opt,v 1.20 2017-10-10 14:39:43 erouault Exp $ # # Copyright (C) 2004, Andrey Kiselev <dron@ak4719.spb.edu> # @@ -24,6 +24,13 @@ # Compile time parameters for MS Visual C++ compiler. # You may edit this file to specify building options. +# Options: +# DEBUG - set to disable optimizations and link with debug runtimes +# +# Usage examples (see details below): +# nmake -f makefile.vc +# nmake -f makefile.vc DEBUG=1 +# # ###### Edit the following lines to choose a feature set you need. ####### # @@ -114,7 +121,11 @@ CHECK_JPEG_YCBCR_SUBSAMPLING = 1 # with no debugging information. # NOTE: /EHsc option required if you want to build the C++ stream API # +!IFDEF DEBUG +OPTFLAGS = /MDd /EHsc /W3 /D_CRT_SECURE_NO_DEPRECATE +!ELSE OPTFLAGS = /Ox /MD /EHsc /W3 /D_CRT_SECURE_NO_DEPRECATE +!ENDIF #OPTFLAGS = /Zi # diff --git a/tiff/test/CMakeLists.txt b/tiff/test/CMakeLists.txt index b9e373f96..912be19ca 100644 --- a/tiff/test/CMakeLists.txt +++ b/tiff/test/CMakeLists.txt @@ -43,6 +43,7 @@ set(TESTSCRIPTS tiffcp-g4.sh tiffcp-logluv.sh tiffcp-thumbnail.sh + tiffcp-lzw-compat.sh tiffdump.sh tiffinfo.sh tiffcp-split.sh @@ -118,7 +119,8 @@ set(TIFFIMAGES images/palette-1c-8b.tiff images/rgb-3c-16b.tiff images/rgb-3c-8b.tiff - images/quad-tile.jpg.tiff) + images/quad-tile.jpg.tiff + images/quad-lzw-compat.tiff) set(BMPIMAGES images/palette-1c-8b.bmp @@ -185,6 +187,18 @@ target_link_libraries(custom_dir tiff port) set(TEST_OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/output") file(MAKE_DIRECTORY "${TEST_OUTPUT}") +set(tiff_test_extra_args + "-DTIFFCP=$<TARGET_FILE:tiffcp>" + "-DTIFFINFO=$<TARGET_FILE:tiffinfo>" + "-DTIFFSPLIT=$<TARGET_FILE:tiffsplit>" + "-DLIBTIFF=$<TARGET_FILE:tiff>") +if(WIN32) + list(APPEND tiff_test_extra_args "-DWIN32=${WIN32}") +endif() +if(CYGWIN) + list(APPEND tiff_test_extra_args "-DCYGWIN=${CYGWIN}") +endif() + macro(tiff_test_convert name command1 command2 command3 infile outfile validate) add_test(NAME "${name}" COMMAND "${CMAKE_COMMAND}" @@ -193,9 +207,8 @@ macro(tiff_test_convert name command1 command2 command3 infile outfile validate) "-DCONVERT_COMMAND3=${command3}" "-DINFILE=${infile}" "-DOUTFILE=${outfile}" - "-DTIFFINFO=$<TARGET_FILE:tiffinfo>" - "-DLIBTIFF=$<TARGET_FILE:tiff>" "-DVALIDATE=${validate}" + ${tiff_test_extra_args} -P "${CMAKE_CURRENT_SOURCE_DIR}/TiffTest.cmake") endmacro() @@ -205,8 +218,7 @@ macro(tiff_test_stdout name command infile outfile) "-DSTDOUT_COMMAND=${command}" "-DINFILE=${infile}" "-DOUTFILE=${outfile}" - "-DTIFFINFO=$<TARGET_FILE:tiffinfo>" - "-DLIBTIFF=$<TARGET_FILE:tiff>" + ${tiff_test_extra_args} -P "${CMAKE_CURRENT_SOURCE_DIR}/TiffTest.cmake") endmacro() @@ -215,8 +227,7 @@ macro(tiff_test_reader name command infile) COMMAND "${CMAKE_COMMAND}" "-DREADER_COMMAND=${command}" "-DINFILE=${infile}" - "-DTIFFINFO=$<TARGET_FILE:tiffinfo>" - "-DLIBTIFF=$<TARGET_FILE:tiff>" + ${tiff_test_extra_args} -P "${CMAKE_CURRENT_SOURCE_DIR}/TiffTest.cmake") endmacro() @@ -323,6 +334,7 @@ add_convert_test(tiffcp g31dfill "-c g3:1d:fill" "images/miniswhite-1c-1b.ti add_convert_test(tiffcp g32d "-c g3:2d" "images/miniswhite-1c-1b.tiff" FALSE) add_convert_test(tiffcp g32dfill "-c g3:2d:fill" "images/miniswhite-1c-1b.tiff" FALSE) add_convert_test(tiffcp g4 "-c g4" "images/miniswhite-1c-1b.tiff" FALSE) +add_convert_test(tiffcp none "-c none" "images/quad-lzw-compat.tiff" FALSE) add_convert_test_multi(tiffcp tiffcp "" logluv "-c none" "-c sgilog" "" "images/logluv-3c-16b.tiff" FALSE) add_convert_test_multi(tiffcp thumbnail "" thumbnail "g3:1d" "" "" @@ -344,9 +356,7 @@ add_test(NAME "tiffcp-split" "-DTESTFILES=${ESCAPED_UNCOMPRESSED}" "-DCONJOINED=${TEST_OUTPUT}/tiffcp-split-conjoined.tif" "-DSPLITFILE=${TEST_OUTPUT}/tiffcp-split-split-" - "-DTIFFCP=$<TARGET_FILE:tiffcp>" - "-DTIFFSPLIT=$<TARGET_FILE:tiffsplit>" - "-DLIBTIFF=$<TARGET_FILE:tiff>" + ${tiff_test_extra_args} -P "${CMAKE_CURRENT_SOURCE_DIR}/TiffSplitTest.cmake") add_test(NAME "tiffcp-split-join" COMMAND "${CMAKE_COMMAND}" @@ -354,9 +364,7 @@ add_test(NAME "tiffcp-split-join" "-DCONJOINED=${TEST_OUTPUT}/tiffcp-split-join-conjoined.tif" "-DSPLITFILE=${TEST_OUTPUT}/tiffcp-split-join-split-" "-DRECONJOINED=${TEST_OUTPUT}/tiffcp-split-join-reconjoined.tif" - "-DTIFFCP=$<TARGET_FILE:tiffcp>" - "-DTIFFSPLIT=$<TARGET_FILE:tiffsplit>" - "-DLIBTIFF=$<TARGET_FILE:tiff>" + ${tiff_test_extra_args} -P "${CMAKE_CURRENT_SOURCE_DIR}/TiffSplitTest.cmake") # PDF diff --git a/tiff/test/Makefile.am b/tiff/test/Makefile.am index df5c082d7..2052487ca 100644 --- a/tiff/test/Makefile.am +++ b/tiff/test/Makefile.am @@ -53,7 +53,8 @@ CLEANFILES = test_packbits.tif o-* if HAVE_JPEG JPEG_DEPENDENT_CHECK_PROG=raw_decode -JPEG_DEPENDENT_TESTSCRIPTS=tiff2rgba-quad-tile.jpg.sh +JPEG_DEPENDENT_TESTSCRIPTS=\ + tiff2rgba-quad-tile.jpg.sh else JPEG_DEPENDENT_CHECK_PROG= JPEG_DEPENDENT_TESTSCRIPTS= @@ -77,6 +78,7 @@ TESTSCRIPTS = \ tiffcp-g4.sh \ tiffcp-logluv.sh \ tiffcp-thumbnail.sh \ + tiffcp-lzw-compat.sh \ tiffdump.sh \ tiffinfo.sh \ tiffcp-split.sh \ @@ -126,6 +128,9 @@ TESTSCRIPTS = \ tiffcrop-R90-palette-1c-8b.sh \ tiffcrop-R90-rgb-3c-16b.sh \ tiffcrop-R90-rgb-3c-8b.sh \ + tiff2bw-palette-1c-8b.sh \ + tiff2bw-quad-lzw-compat.sh \ + tiff2bw-rgb-3c-8b.sh \ tiff2rgba-logluv-3c-16b.sh \ tiff2rgba-minisblack-1c-16b.sh \ tiff2rgba-minisblack-1c-8b.sh \ @@ -152,7 +157,8 @@ TIFFIMAGES = \ images/palette-1c-8b.tiff \ images/rgb-3c-16b.tiff \ images/rgb-3c-8b.tiff \ - images/quad-tile.jpg.tiff + images/quad-tile.jpg.tiff \ + images/quad-lzw-compat.tiff PNMIMAGES = \ images/minisblack-1c-8b.pgm \ @@ -207,6 +213,26 @@ memcheck: ptrcheck: $(MAKE) MEMCHECK='valgrind --tool=exp-ptrcheck --quiet $(VALGRIND_EXTRA_OPTS)' check +# tiff2bw is pretty lame so currently only the generated scripts +# tiff2bw-palette-1c-8b.sh, tiff2bw-quad-lzw-compat.sh, and +# tiff2bw-rgb-3c-8b.sh pass tests. +generate-tiff2bw-tests: + for file in $(TIFFIMAGES) ; \ + do \ + base=`basename $$file .tiff` ; \ + testscript=$(srcdir)/tiff2bw-$$base.sh ; \ + ( \ + echo "#!/bin/sh" ; \ + echo "# Generated file, master is Makefile.am" ; \ + echo ". \$${srcdir:-.}/common.sh" ; \ + echo "infile=\"\$$srcdir/$$file\"" ; \ + echo "outfile=\"o-tiff2bw-$$base.tiff\"" ; \ + echo "f_test_convert \"\$$TIFF2BW\" \$$infile \$$outfile" ; \ + echo "f_tiffinfo_validate \$$outfile" ; \ + ) > $$testscript ; \ + chmod +x $$testscript ; \ + done + generate-tiff2rgba-tests: for file in $(TIFFIMAGES) ; \ do \ @@ -303,5 +329,6 @@ generate-tiffcrop-tests: \ generate-tiffcrop-extractz14-tests generate-tests: \ + generate-tiff2bw-tests \ generate-tiff2rgba-tests \ generate-tiffcrop-tests diff --git a/tiff/test/Makefile.in b/tiff/test/Makefile.in index 92a416536..15c0147b1 100644 --- a/tiff/test/Makefile.in +++ b/tiff/test/Makefile.in @@ -413,10 +413,10 @@ AM_RECURSIVE_TARGETS = check recheck am__EXEEXT_3 = ppm2tiff_pbm.sh ppm2tiff_pgm.sh ppm2tiff_ppm.sh \ tiffcp-g3.sh tiffcp-g3-1d.sh tiffcp-g3-1d-fill.sh \ tiffcp-g3-2d.sh tiffcp-g3-2d-fill.sh tiffcp-g4.sh \ - tiffcp-logluv.sh tiffcp-thumbnail.sh tiffdump.sh tiffinfo.sh \ - tiffcp-split.sh tiffcp-split-join.sh tiff2ps-PS1.sh \ - tiff2ps-PS2.sh tiff2ps-PS3.sh tiff2ps-EPS1.sh tiff2pdf.sh \ - tiffcrop-doubleflip-logluv-3c-16b.sh \ + tiffcp-logluv.sh tiffcp-thumbnail.sh tiffcp-lzw-compat.sh \ + tiffdump.sh tiffinfo.sh tiffcp-split.sh tiffcp-split-join.sh \ + tiff2ps-PS1.sh tiff2ps-PS2.sh tiff2ps-PS3.sh tiff2ps-EPS1.sh \ + tiff2pdf.sh tiffcrop-doubleflip-logluv-3c-16b.sh \ tiffcrop-doubleflip-minisblack-1c-16b.sh \ tiffcrop-doubleflip-minisblack-1c-8b.sh \ tiffcrop-doubleflip-minisblack-2c-8b-alpha.sh \ @@ -451,8 +451,9 @@ am__EXEEXT_3 = ppm2tiff_pbm.sh ppm2tiff_pgm.sh ppm2tiff_ppm.sh \ tiffcrop-R90-miniswhite-1c-1b.sh tiffcrop-R90-palette-1c-1b.sh \ tiffcrop-R90-palette-1c-4b.sh tiffcrop-R90-palette-1c-8b.sh \ tiffcrop-R90-rgb-3c-16b.sh tiffcrop-R90-rgb-3c-8b.sh \ - tiff2rgba-logluv-3c-16b.sh tiff2rgba-minisblack-1c-16b.sh \ - tiff2rgba-minisblack-1c-8b.sh \ + tiff2bw-palette-1c-8b.sh tiff2bw-quad-lzw-compat.sh \ + tiff2bw-rgb-3c-8b.sh tiff2rgba-logluv-3c-16b.sh \ + tiff2rgba-minisblack-1c-16b.sh tiff2rgba-minisblack-1c-8b.sh \ tiff2rgba-minisblack-2c-8b-alpha.sh \ tiff2rgba-miniswhite-1c-1b.sh tiff2rgba-palette-1c-1b.sh \ tiff2rgba-palette-1c-4b.sh tiff2rgba-palette-1c-8b.sh \ @@ -653,7 +654,9 @@ CLEANFILES = test_packbits.tif o-* @HAVE_JPEG_FALSE@JPEG_DEPENDENT_CHECK_PROG = @HAVE_JPEG_TRUE@JPEG_DEPENDENT_CHECK_PROG = raw_decode @HAVE_JPEG_FALSE@JPEG_DEPENDENT_TESTSCRIPTS = -@HAVE_JPEG_TRUE@JPEG_DEPENDENT_TESTSCRIPTS = tiff2rgba-quad-tile.jpg.sh +@HAVE_JPEG_TRUE@JPEG_DEPENDENT_TESTSCRIPTS = \ +@HAVE_JPEG_TRUE@ tiff2rgba-quad-tile.jpg.sh + # Test scripts to execute TESTSCRIPTS = \ @@ -668,6 +671,7 @@ TESTSCRIPTS = \ tiffcp-g4.sh \ tiffcp-logluv.sh \ tiffcp-thumbnail.sh \ + tiffcp-lzw-compat.sh \ tiffdump.sh \ tiffinfo.sh \ tiffcp-split.sh \ @@ -717,6 +721,9 @@ TESTSCRIPTS = \ tiffcrop-R90-palette-1c-8b.sh \ tiffcrop-R90-rgb-3c-16b.sh \ tiffcrop-R90-rgb-3c-8b.sh \ + tiff2bw-palette-1c-8b.sh \ + tiff2bw-quad-lzw-compat.sh \ + tiff2bw-rgb-3c-8b.sh \ tiff2rgba-logluv-3c-16b.sh \ tiff2rgba-minisblack-1c-16b.sh \ tiff2rgba-minisblack-1c-8b.sh \ @@ -744,7 +751,8 @@ TIFFIMAGES = \ images/palette-1c-8b.tiff \ images/rgb-3c-16b.tiff \ images/rgb-3c-8b.tiff \ - images/quad-tile.jpg.tiff + images/quad-tile.jpg.tiff \ + images/quad-lzw-compat.tiff PNMIMAGES = \ images/minisblack-1c-8b.pgm \ @@ -1210,6 +1218,13 @@ tiffcp-thumbnail.sh.log: tiffcp-thumbnail.sh --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) +tiffcp-lzw-compat.sh.log: tiffcp-lzw-compat.sh + @p='tiffcp-lzw-compat.sh'; \ + b='tiffcp-lzw-compat.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) tiffdump.sh.log: tiffdump.sh @p='tiffdump.sh'; \ b='tiffdump.sh'; \ @@ -1553,6 +1568,27 @@ tiffcrop-R90-rgb-3c-8b.sh.log: tiffcrop-R90-rgb-3c-8b.sh --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) +tiff2bw-palette-1c-8b.sh.log: tiff2bw-palette-1c-8b.sh + @p='tiff2bw-palette-1c-8b.sh'; \ + b='tiff2bw-palette-1c-8b.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tiff2bw-quad-lzw-compat.sh.log: tiff2bw-quad-lzw-compat.sh + @p='tiff2bw-quad-lzw-compat.sh'; \ + b='tiff2bw-quad-lzw-compat.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tiff2bw-rgb-3c-8b.sh.log: tiff2bw-rgb-3c-8b.sh + @p='tiff2bw-rgb-3c-8b.sh'; \ + b='tiff2bw-rgb-3c-8b.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) tiff2rgba-logluv-3c-16b.sh.log: tiff2rgba-logluv-3c-16b.sh @p='tiff2rgba-logluv-3c-16b.sh'; \ b='tiff2rgba-logluv-3c-16b.sh'; \ @@ -1826,6 +1862,26 @@ memcheck: ptrcheck: $(MAKE) MEMCHECK='valgrind --tool=exp-ptrcheck --quiet $(VALGRIND_EXTRA_OPTS)' check +# tiff2bw is pretty lame so currently only the generated scripts +# tiff2bw-palette-1c-8b.sh, tiff2bw-quad-lzw-compat.sh, and +# tiff2bw-rgb-3c-8b.sh pass tests. +generate-tiff2bw-tests: + for file in $(TIFFIMAGES) ; \ + do \ + base=`basename $$file .tiff` ; \ + testscript=$(srcdir)/tiff2bw-$$base.sh ; \ + ( \ + echo "#!/bin/sh" ; \ + echo "# Generated file, master is Makefile.am" ; \ + echo ". \$${srcdir:-.}/common.sh" ; \ + echo "infile=\"\$$srcdir/$$file\"" ; \ + echo "outfile=\"o-tiff2bw-$$base.tiff\"" ; \ + echo "f_test_convert \"\$$TIFF2BW\" \$$infile \$$outfile" ; \ + echo "f_tiffinfo_validate \$$outfile" ; \ + ) > $$testscript ; \ + chmod +x $$testscript ; \ + done + generate-tiff2rgba-tests: for file in $(TIFFIMAGES) ; \ do \ @@ -1922,6 +1978,7 @@ generate-tiffcrop-tests: \ generate-tiffcrop-extractz14-tests generate-tests: \ + generate-tiff2bw-tests \ generate-tiff2rgba-tests \ generate-tiffcrop-tests diff --git a/tiff/test/TiffTestCommon.cmake b/tiff/test/TiffTestCommon.cmake index 50a4c34a4..a0db67820 100644 --- a/tiff/test/TiffTestCommon.cmake +++ b/tiff/test/TiffTestCommon.cmake @@ -101,3 +101,8 @@ if(WIN32) file(TO_NATIVE_PATH "${LIBTIFF_DIR}" LIBTIFF_DIR) set(ENV{PATH} "${LIBTIFF_DIR};$ENV{PATH}") endif() +if(CYGWIN) + get_filename_component(LIBTIFF_DIR "${LIBTIFF}" DIRECTORY) + file(TO_NATIVE_PATH "${LIBTIFF_DIR}" LIBTIFF_DIR) + set(ENV{PATH} "${LIBTIFF_DIR}:$ENV{PATH}") +endif() diff --git a/tiff/test/common.sh b/tiff/test/common.sh index 6f9b28202..6b1380dd2 100644 --- a/tiff/test/common.sh +++ b/tiff/test/common.sh @@ -40,6 +40,7 @@ IMG_PALETTE_1C_8B=${IMAGES}/palette-1c-8b.tiff IMG_RGB_3C_16B=${IMAGES}/rgb-3c-16b.tiff IMG_RGB_3C_8B=${IMAGES}/rgb-3c-8b.tiff IMG_MINISBLACK_2C_8B_ALPHA=${IMAGES}/minisblack-2c-8b-alpha.tiff +IMG_QUAD_LZW_COMPAT=${IMAGES}/quad-lzw-compat.tiff IMG_MINISWHITE_1C_1B_PBM=${IMAGES}/miniswhite-1c-1b.pbm IMG_MINISBLACK_1C_8B_PGM=${IMAGES}/minisblack-1c-8b.pgm diff --git a/tiff/test/images/quad-lzw-compat.tiff b/tiff/test/images/quad-lzw-compat.tiff Binary files differnew file mode 100644 index 000000000..ec614bf6f --- /dev/null +++ b/tiff/test/images/quad-lzw-compat.tiff diff --git a/tiff/test/tiff2bw-palette-1c-8b.sh b/tiff/test/tiff2bw-palette-1c-8b.sh new file mode 100755 index 000000000..45fe63bdf --- /dev/null +++ b/tiff/test/tiff2bw-palette-1c-8b.sh @@ -0,0 +1,7 @@ +#!/bin/sh +# Generated file, master is Makefile.am +. ${srcdir:-.}/common.sh +infile="$srcdir/images/palette-1c-8b.tiff" +outfile="o-tiff2bw-palette-1c-8b.tiff" +f_test_convert "$TIFF2BW" $infile $outfile +f_tiffinfo_validate $outfile diff --git a/tiff/test/tiff2bw-quad-lzw-compat.sh b/tiff/test/tiff2bw-quad-lzw-compat.sh new file mode 100755 index 000000000..bf5d5c944 --- /dev/null +++ b/tiff/test/tiff2bw-quad-lzw-compat.sh @@ -0,0 +1,7 @@ +#!/bin/sh +# Generated file, master is Makefile.am +. ${srcdir:-.}/common.sh +infile="$srcdir/images/quad-lzw-compat.tiff" +outfile="o-tiff2bw-quad-lzw-compat.tiff" +f_test_convert "$TIFF2BW" $infile $outfile +f_tiffinfo_validate $outfile diff --git a/tiff/test/tiff2bw-rgb-3c-8b.sh b/tiff/test/tiff2bw-rgb-3c-8b.sh new file mode 100755 index 000000000..8379f5a79 --- /dev/null +++ b/tiff/test/tiff2bw-rgb-3c-8b.sh @@ -0,0 +1,7 @@ +#!/bin/sh +# Generated file, master is Makefile.am +. ${srcdir:-.}/common.sh +infile="$srcdir/images/rgb-3c-8b.tiff" +outfile="o-tiff2bw-rgb-3c-8b.tiff" +f_test_convert "$TIFF2BW" $infile $outfile +f_tiffinfo_validate $outfile diff --git a/tiff/test/tiffcp-lzw-compat.sh b/tiff/test/tiffcp-lzw-compat.sh new file mode 100755 index 000000000..bfc8d841e --- /dev/null +++ b/tiff/test/tiffcp-lzw-compat.sh @@ -0,0 +1,6 @@ +#!/bin/sh +# +# Basic sanity check for tiffcp with LZW Old-LZW decompression +# +. ${srcdir:-.}/common.sh +f_test_convert "${TIFFCP} -c none" "${IMG_QUAD_LZW_COMPAT}" "o-tiffcp-lzw-compat.tiff"
\ No newline at end of file diff --git a/tiff/tools/fax2tiff.c b/tiff/tools/fax2tiff.c index e00de5277..f23374e0d 100644 --- a/tiff/tools/fax2tiff.c +++ b/tiff/tools/fax2tiff.c @@ -1,4 +1,4 @@ -/* $Id: fax2tiff.c,v 1.25 2016-10-25 22:22:45 erouault Exp $ */ +/* $Id: fax2tiff.c,v 1.28 2017-10-29 18:28:45 bfriesen Exp $ */ /* * Copyright (c) 1990-1997 Sam Leffler @@ -370,6 +370,10 @@ copyFaxFile(TIFF* tifin, TIFF* tifout) int ok; tifin->tif_rawdatasize = (tmsize_t)TIFFGetFileSize(tifin); + if (tifin->tif_rawdatasize == 0) { + TIFFError(tifin->tif_name, "Empty input file"); + return (0); + } tifin->tif_rawdata = _TIFFmalloc(tifin->tif_rawdatasize); if (tifin->tif_rawdata == NULL) { TIFFError(tifin->tif_name, "Not enough memory"); diff --git a/tiff/tools/raw2tiff.c b/tiff/tools/raw2tiff.c index 7298e80a9..083e9ee73 100644 --- a/tiff/tools/raw2tiff.c +++ b/tiff/tools/raw2tiff.c @@ -1,4 +1,4 @@ -/* $Id: raw2tiff.c,v 1.28 2015-08-19 02:31:04 bfriesen Exp $ +/* $Id: raw2tiff.c,v 1.29 2017-01-14 13:12:33 erouault Exp $ * * Project: libtiff tools * Purpose: Convert raw byte sequences in TIFF images @@ -408,8 +408,14 @@ guessSize(int fd, TIFFDataType dtype, _TIFF_off_t hdr_size, uint32 nbands, } else if (*width == 0 && *length == 0) { unsigned int fail = 0; fprintf(stderr, "Image width and height are not specified.\n"); + w = (uint32) sqrt(imagesize / longt); + if( w == 0 ) + { + fprintf(stderr, "Too small image size.\n"); + return -1; + } - for (w = (uint32) sqrt(imagesize / longt); + for (; w < sqrt(imagesize * longt); w++) { if (imagesize % w == 0) { diff --git a/tiff/tools/tiff2bw.c b/tiff/tools/tiff2bw.c index 743f455c2..dad54afa1 100644 --- a/tiff/tools/tiff2bw.c +++ b/tiff/tools/tiff2bw.c @@ -1,4 +1,4 @@ -/* $Id: tiff2bw.c,v 1.19 2016-08-15 22:01:31 erouault Exp $ */ +/* $Id: tiff2bw.c,v 1.21 2017-11-01 13:41:58 bfriesen Exp $ */ /* * Copyright (c) 1988-1997 Sam Leffler @@ -131,6 +131,11 @@ main(int argc, char* argv[]) extern int optind; extern char *optarg; #endif + + in = (TIFF *) NULL; + out = (TIFF *) NULL; + inbuf = (unsigned char *) NULL; + outbuf = (unsigned char *) NULL; while ((c = getopt(argc, argv, "c:r:R:G:B:")) != -1) switch (c) { @@ -165,24 +170,24 @@ main(int argc, char* argv[]) fprintf(stderr, "%s: Bad photometric; can only handle RGB and Palette images.\n", argv[optind]); - return (-1); + goto tiff2bw_error; } TIFFGetField(in, TIFFTAG_SAMPLESPERPIXEL, &samplesperpixel); if (samplesperpixel != 1 && samplesperpixel != 3) { fprintf(stderr, "%s: Bad samples/pixel %u.\n", argv[optind], samplesperpixel); - return (-1); + goto tiff2bw_error; } if( photometric == PHOTOMETRIC_RGB && samplesperpixel != 3) { fprintf(stderr, "%s: Bad samples/pixel %u for PHOTOMETRIC_RGB.\n", argv[optind], samplesperpixel); - return (-1); + goto tiff2bw_error; } TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bitspersample); if (bitspersample != 8) { fprintf(stderr, " %s: Sorry, only handle 8-bit samples.\n", argv[optind]); - return (-1); + goto tiff2bw_error; } TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &w); TIFFGetField(in, TIFFTAG_IMAGELENGTH, &h); @@ -190,7 +195,9 @@ main(int argc, char* argv[]) out = TIFFOpen(argv[optind+1], "w"); if (out == NULL) - return (-1); + { + goto tiff2bw_error; + } TIFFSetField(out, TIFFTAG_IMAGEWIDTH, w); TIFFSetField(out, TIFFTAG_IMAGELENGTH, h); TIFFSetField(out, TIFFTAG_BITSPERSAMPLE, 8); @@ -264,7 +271,7 @@ main(int argc, char* argv[]) for (s = 0; s < 3; s++) if (TIFFReadScanline(in, inbuf+s*rowsize, row, s) < 0) - return (-1); + goto tiff2bw_error; compresssep(outbuf, inbuf, inbuf+rowsize, inbuf+2*rowsize, w); if (TIFFWriteScanline(out, outbuf, row, 0) < 0) @@ -273,8 +280,24 @@ main(int argc, char* argv[]) break; } #undef pack + if (inbuf) + _TIFFfree(inbuf); + if (outbuf) + _TIFFfree(outbuf); + TIFFClose(in); TIFFClose(out); return (0); + + tiff2bw_error: + if (inbuf) + _TIFFfree(inbuf); + if (outbuf) + _TIFFfree(outbuf); + if (out) + TIFFClose(out); + if (in) + TIFFClose(in); + return (-1); } static int diff --git a/tiff/tools/tiff2pdf.c b/tiff/tools/tiff2pdf.c index fe8a6ea7e..454befbd0 100644 --- a/tiff/tools/tiff2pdf.c +++ b/tiff/tools/tiff2pdf.c @@ -1,4 +1,4 @@ -/* $Id: tiff2pdf.c,v 1.97 2016-11-11 21:28:24 erouault Exp $ +/* $Id: tiff2pdf.c,v 1.103 2017-10-29 18:50:41 bfriesen Exp $ * * tiff2pdf - converts a TIFF image to a PDF document * @@ -1737,7 +1737,12 @@ void t2p_read_tiff_data(T2P* t2p, TIFF* input){ return; t2p->pdf_transcode = T2P_TRANSCODE_ENCODE; - if(t2p->pdf_nopassthrough==0){ + /* It seems that T2P_TRANSCODE_RAW mode doesn't support separate->contig */ + /* conversion. At least t2p_read_tiff_size and t2p_read_tiff_size_tile */ + /* do not take into account the number of samples, and thus */ + /* that can cause heap buffer overflows such as in */ + /* http://bugzilla.maptools.org/show_bug.cgi?id=2715 */ + if(t2p->pdf_nopassthrough==0 && t2p->tiff_planar!=PLANARCONFIG_SEPARATE){ #ifdef CCITT_SUPPORT if(t2p->tiff_compression==COMPRESSION_CCITTFAX4 ){ @@ -2895,7 +2900,8 @@ tsize_t t2p_readwrite_pdf_image_tile(T2P* t2p, TIFF* input, TIFF* output, ttile_ return(0); } if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) { - if (count >= 4) { + if (count > 4) { + int retTIFFReadRawTile; /* Ignore EOI marker of JpegTables */ _TIFFmemcpy(buffer, jpt, count - 2); bufferoffset += count - 2; @@ -2903,22 +2909,23 @@ tsize_t t2p_readwrite_pdf_image_tile(T2P* t2p, TIFF* input, TIFF* output, ttile_ table_end[0] = buffer[bufferoffset-2]; table_end[1] = buffer[bufferoffset-1]; xuint32 = bufferoffset; - bufferoffset -= 2; - bufferoffset += TIFFReadRawTile( + bufferoffset -= 2; + retTIFFReadRawTile= TIFFReadRawTile( input, tile, (tdata_t) &(((unsigned char*)buffer)[bufferoffset]), -1); + if( retTIFFReadRawTile < 0 ) + { + _TIFFfree(buffer); + t2p->t2p_error = T2P_ERR_ERROR; + return(0); + } + bufferoffset += retTIFFReadRawTile; /* Overwrite SOI marker of image scan with previously */ /* saved end of JpegTables */ buffer[xuint32-2]=table_end[0]; buffer[xuint32-1]=table_end[1]; - } else { - bufferoffset += TIFFReadRawTile( - input, - tile, - (tdata_t) &(((unsigned char*)buffer)[bufferoffset]), - -1); } } t2pWriteFile(output, (tdata_t) buffer, bufferoffset); @@ -3593,7 +3600,8 @@ void t2p_tile_collapse_left( edgescanwidth = (scanwidth * edgetilewidth + (tilewidth - 1))/ tilewidth; for(i=0;i<tilelength;i++){ - _TIFFmemcpy( + /* We use memmove() since there can be overlaps in src and dst buffers for the first items */ + memmove( &(((char*)buffer)[edgescanwidth*i]), &(((char*)buffer)[scanwidth*i]), edgescanwidth); @@ -3652,8 +3660,18 @@ tsize_t t2p_sample_realize_palette(T2P* t2p, unsigned char* buffer){ uint32 sample_offset=0; uint32 i=0; uint32 j=0; + size_t data_size; sample_count=t2p->tiff_width*t2p->tiff_length; component_count=t2p->tiff_samplesperpixel; + data_size=TIFFSafeMultiply(size_t,sample_count,component_count); + if( (data_size == 0U) || (t2p->tiff_datasize < 0) || + (data_size > (size_t) t2p->tiff_datasize) ) + { + TIFFError(TIFF2PDF_MODULE, + "Error: sample_count * component_count > t2p->tiff_datasize"); + t2p->t2p_error = T2P_ERR_ERROR; + return 1; + } for(i=sample_count;i>0;i--){ palette_offset=buffer[i-1] * component_count; diff --git a/tiff/tools/tiff2ps.c b/tiff/tools/tiff2ps.c index 82a5d84b4..f1f0b3726 100644 --- a/tiff/tools/tiff2ps.c +++ b/tiff/tools/tiff2ps.c @@ -1,4 +1,4 @@ -/* $Id: tiff2ps.c,v 1.54 2015-06-21 01:09:10 bfriesen Exp $ */ +/* $Id: tiff2ps.c,v 1.56 2017-04-27 15:46:22 erouault Exp $ */ /* * Copyright (c) 1988-1997 Sam Leffler @@ -466,10 +466,16 @@ main(int argc, char* argv[]) if (tif != NULL) { if (dirnum != -1 && !TIFFSetDirectory(tif, (tdir_t)dirnum)) + { + TIFFClose(tif); return (-1); + } else if (diroff != 0 && !TIFFSetSubDirectory(tif, diroff)) + { + TIFFClose(tif); return (-1); + } np = TIFF2PS(output, tif, pageWidth, pageHeight, leftmargin, bottommargin, centered); if (np < 0) @@ -2440,6 +2446,11 @@ PSDataColorContig(FILE* fd, TIFF* tif, uint32 w, uint32 h, int nc) unsigned char *cp, c; (void) w; + if( es <= 0 ) + { + TIFFError(filename, "Inconsistent value of es: %d", es); + return; + } tf_buf = (unsigned char *) _TIFFmalloc(tf_bytesperrow); if (tf_buf == NULL) { TIFFError(filename, "No space for scanline buffer"); @@ -2692,7 +2703,7 @@ PSDataBW(FILE* fd, TIFF* tif, uint32 w, uint32 h) if (alpha) { int adjust; - while (cc-- > 0) { + while (cc-- > 1) { DOBREAK(breaklen, 1, fd); /* * For images with alpha, matte against diff --git a/tiff/tools/tiffcp.c b/tiff/tools/tiffcp.c index 338a3d113..489459a7f 100644 --- a/tiff/tools/tiffcp.c +++ b/tiff/tools/tiffcp.c @@ -1,4 +1,4 @@ -/* $Id: tiffcp.c,v 1.55 2016-10-08 15:54:57 erouault Exp $ */ +/* $Id: tiffcp.c,v 1.61 2017-01-11 19:26:14 erouault Exp $ */ /* * Copyright (c) 1988-1997 Sam Leffler @@ -45,7 +45,6 @@ #include <string.h> #include <ctype.h> -#include <assert.h> #ifdef HAVE_UNISTD_H # include <unistd.h> @@ -592,7 +591,7 @@ static copyFunc pickCopyFunc(TIFF*, TIFF*, uint16, uint16); static int tiffcp(TIFF* in, TIFF* out) { - uint16 bitspersample, samplesperpixel = 1; + uint16 bitspersample = 1, samplesperpixel = 1; uint16 input_compression, input_photometric = PHOTOMETRIC_MINISBLACK; copyFunc cf; uint32 width, length; @@ -985,7 +984,7 @@ DECLAREcpFunc(cpDecodedStrips) tstrip_t s, ns = TIFFNumberOfStrips(in); uint32 row = 0; _TIFFmemset(buf, 0, stripsize); - for (s = 0; s < ns; s++) { + for (s = 0; s < ns && row < imagelength; s++) { tsize_t cc = (row + rowsperstrip > imagelength) ? TIFFVStripSize(in, imagelength - row) : stripsize; if (TIFFReadEncodedStrip(in, s, buf, cc) < 0 @@ -1068,6 +1067,16 @@ DECLAREcpFunc(cpContig2SeparateByRow) register uint32 n; uint32 row; tsample_t s; + uint16 bps = 0; + + (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps); + if( bps != 8 ) + { + TIFFError(TIFFFileName(in), + "Error, can only handle BitsPerSample=8 in %s", + "cpContig2SeparateByRow"); + return 0; + } inbuf = _TIFFmalloc(scanlinesizein); outbuf = _TIFFmalloc(scanlinesizeout); @@ -1121,6 +1130,16 @@ DECLAREcpFunc(cpSeparate2ContigByRow) register uint32 n; uint32 row; tsample_t s; + uint16 bps = 0; + + (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps); + if( bps != 8 ) + { + TIFFError(TIFFFileName(in), + "Error, can only handle BitsPerSample=8 in %s", + "cpSeparate2ContigByRow"); + return 0; + } inbuf = _TIFFmalloc(scanlinesizein); outbuf = _TIFFmalloc(scanlinesizeout); @@ -1163,7 +1182,7 @@ bad: static void cpStripToTile(uint8* out, uint8* in, - uint32 rows, uint32 cols, int outskew, int inskew) + uint32 rows, uint32 cols, int outskew, int64 inskew) { while (rows-- > 0) { uint32 j = cols; @@ -1320,7 +1339,7 @@ DECLAREreadFunc(readContigTilesIntoBuffer) tdata_t tilebuf; uint32 imagew = TIFFScanlineSize(in); uint32 tilew = TIFFTileRowSize(in); - int iskew = imagew - tilew; + int64 iskew = (int64)imagew - (int64)tilew; uint8* bufp = (uint8*) buf; uint32 tw, tl; uint32 row; @@ -1348,7 +1367,7 @@ DECLAREreadFunc(readContigTilesIntoBuffer) status = 0; goto done; } - if (colb + tilew > imagew) { + if (colb > iskew) { uint32 width = imagew - colb; uint32 oskew = tilew - width; cpStripToTile(bufp + colb, @@ -1378,7 +1397,7 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer) uint8* bufp = (uint8*) buf; uint32 tw, tl; uint32 row; - uint16 bps, bytes_per_sample; + uint16 bps = 0, bytes_per_sample; tilebuf = _TIFFmalloc(tilesize); if (tilebuf == 0) @@ -1387,7 +1406,18 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer) (void) TIFFGetField(in, TIFFTAG_TILEWIDTH, &tw); (void) TIFFGetField(in, TIFFTAG_TILELENGTH, &tl); (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps); - assert( bps % 8 == 0 ); + if( bps == 0 ) + { + TIFFError(TIFFFileName(in), "Error, cannot read BitsPerSample"); + status = 0; + goto done; + } + if( (bps % 8) != 0 ) + { + TIFFError(TIFFFileName(in), "Error, cannot handle BitsPerSample that is not a multiple of 8"); + status = 0; + goto done; + } bytes_per_sample = bps/8; for (row = 0; row < imagelength; row += tl) { @@ -1563,7 +1593,7 @@ DECLAREwriteFunc(writeBufferToSeparateTiles) uint8* bufp = (uint8*) buf; uint32 tl, tw; uint32 row; - uint16 bps, bytes_per_sample; + uint16 bps = 0, bytes_per_sample; obuf = _TIFFmalloc(TIFFTileSize(out)); if (obuf == NULL) @@ -1572,7 +1602,18 @@ DECLAREwriteFunc(writeBufferToSeparateTiles) (void) TIFFGetField(out, TIFFTAG_TILELENGTH, &tl); (void) TIFFGetField(out, TIFFTAG_TILEWIDTH, &tw); (void) TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps); - assert( bps % 8 == 0 ); + if( bps == 0 ) + { + TIFFError(TIFFFileName(out), "Error, cannot read BitsPerSample"); + _TIFFfree(obuf); + return 0; + } + if( (bps % 8) != 0 ) + { + TIFFError(TIFFFileName(out), "Error, cannot handle BitsPerSample that is not a multiple of 8"); + _TIFFfree(obuf); + return 0; + } bytes_per_sample = bps/8; for (row = 0; row < imagelength; row += tl) { @@ -1763,7 +1804,7 @@ pickCopyFunc(TIFF* in, TIFF* out, uint16 bitspersample, uint16 samplesperpixel) uint32 w, l, tw, tl; int bychunk; - (void) TIFFGetField(in, TIFFTAG_PLANARCONFIG, &shortv); + (void) TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &shortv); if (shortv != config && bitspersample != 8 && samplesperpixel > 1) { fprintf(stderr, "%s: Cannot handle different planar configuration w/ bits/sample != 8\n", diff --git a/tiff/tools/tiffcrop.c b/tiff/tools/tiffcrop.c index 722b132ce..c69177e05 100644 --- a/tiff/tools/tiffcrop.c +++ b/tiff/tools/tiffcrop.c @@ -1,4 +1,4 @@ -/* $Id: tiffcrop.c,v 1.46 2016-11-18 14:58:46 erouault Exp $ */ +/* $Id: tiffcrop.c,v 1.50 2017-01-11 12:51:59 erouault Exp $ */ /* tiffcrop.c -- a port of tiffcp.c extended to include manipulations of * the image data through additional options listed below @@ -1164,7 +1164,7 @@ writeBufferToSeparateStrips (TIFF* out, uint8* buf, tdata_t obuf; (void) TIFFGetFieldDefaulted(out, TIFFTAG_ROWSPERSTRIP, &rowsperstrip); - (void) TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps); + (void) TIFFGetFieldDefaulted(out, TIFFTAG_BITSPERSAMPLE, &bps); bytes_per_sample = (bps + 7) / 8; if( width == 0 || (uint32)bps * (uint32)spp > TIFF_UINT32_MAX / width || @@ -3698,7 +3698,7 @@ static int readContigStripsIntoBuffer (TIFF* in, uint8* buf) (unsigned long) strip, (unsigned long)rows); return 0; } - bufp += bytes_read; + bufp += stripsize; } return 1; @@ -4760,7 +4760,7 @@ static int readSeparateStripsIntoBuffer (TIFF *in, uint8 *obuf, uint32 length, int i, bytes_per_sample, bytes_per_pixel, shift_width, result = 1; uint32 j; int32 bytes_read = 0; - uint16 bps, planar; + uint16 bps = 0, planar; uint32 nstrips; uint32 strips_per_sample; uint32 src_rowsize, dst_rowsize, rows_processed, rps; @@ -4780,7 +4780,7 @@ static int readSeparateStripsIntoBuffer (TIFF *in, uint8 *obuf, uint32 length, } memset (srcbuffs, '\0', sizeof(srcbuffs)); - TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps); + TIFFGetFieldDefaulted(in, TIFFTAG_BITSPERSAMPLE, &bps); TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &planar); TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rps); if (rps > length) @@ -4815,10 +4815,17 @@ static int readSeparateStripsIntoBuffer (TIFF *in, uint8 *obuf, uint32 length, nstrips = TIFFNumberOfStrips(in); strips_per_sample = nstrips /spp; + /* Add 3 padding bytes for combineSeparateSamples32bits */ + if( (size_t) stripsize > 0xFFFFFFFFU - 3U ) + { + TIFFError("readSeparateStripsIntoBuffer", "Integer overflow when calculating buffer size."); + exit(-1); + } + for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) { srcbuffs[s] = NULL; - buff = _TIFFmalloc(stripsize); + buff = _TIFFmalloc(stripsize + 3); if (!buff) { TIFFError ("readSeparateStripsIntoBuffer", @@ -4827,6 +4834,9 @@ static int readSeparateStripsIntoBuffer (TIFF *in, uint8 *obuf, uint32 length, _TIFFfree (srcbuffs[i]); return 0; } + buff[stripsize] = 0; + buff[stripsize+1] = 0; + buff[stripsize+2] = 0; srcbuffs[s] = buff; } @@ -7986,7 +7996,6 @@ writeCroppedImage(TIFF *in, TIFF *out, struct image_data *image, if (!TIFFWriteDirectory(out)) { TIFFError("","Failed to write IFD for page number %d", pagenum); - TIFFClose(out); return (-1); } diff --git a/tiff/tools/tiffinfo.c b/tiff/tools/tiffinfo.c index b02c7d46b..4d58055de 100644 --- a/tiff/tools/tiffinfo.c +++ b/tiff/tools/tiffinfo.c @@ -1,4 +1,4 @@ -/* $Id: tiffinfo.c,v 1.25 2016-11-12 20:06:05 bfriesen Exp $ */ +/* $Id: tiffinfo.c,v 1.26 2016-12-03 14:18:49 erouault Exp $ */ /* * Copyright (c) 1988-1997 Sam Leffler @@ -417,7 +417,7 @@ TIFFReadRawData(TIFF* tif, int bitrev) uint64* stripbc=NULL; TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &stripbc); - if (nstrips > 0) { + if (stripbc != NULL && nstrips > 0) { uint32 bufsize = (uint32) stripbc[0]; tdata_t buf = _TIFFmalloc(bufsize); tstrip_t s; diff --git a/tiff/tools/tiffset.c b/tiff/tools/tiffset.c index 7044d2ba7..894c9f1f1 100644 --- a/tiff/tools/tiffset.c +++ b/tiff/tools/tiffset.c @@ -1,5 +1,5 @@ /****************************************************************************** - * $Id: tiffset.c,v 1.18 2012-12-04 03:02:37 bfriesen Exp $ + * $Id: tiffset.c,v 1.19 2017-10-01 17:38:12 erouault Exp $ * * Project: libtiff tools * Purpose: Mainline for setting metadata in existing TIFF files. @@ -155,7 +155,7 @@ main(int argc, char* argv[]) return 4; } - if (wc > 1) { + if (wc > 1 || TIFFFieldWriteCount(fip) == TIFF_VARIABLE) { int i, size; void *array; |