summaryrefslogtreecommitdiff
path: root/ChangeLog
Commit message (Collapse)AuthorAgeFilesLines
...
* * libtiff/tif_swab.c: if DISABLE_CHECK_TIFFSWABMACROS is defined, do not doerouault2017-06-081-0/+6
| | | | | the #ifdef TIFFSwabXXX checks. Make it easier for GDAL to rename the symbols of its internal libtiff copy.
* * libtiff/tif_dirinfo.c, tif_dirread.c: add _TIFFCheckFieldIsValidForCodec(),erouault2017-06-011-0/+20
| | | | | | | | | | | | | | | | | | | and use it in TIFFReadDirectory() so as to ignore fields whose tag is a codec-specified tag but this codec is not enabled. This avoids TIFFGetField() to behave differently depending on whether the codec is enabled or not, and thus can avoid stack based buffer overflows in a number of TIFF utilities such as tiffsplit, tiffcmp, thumbnail, etc. Patch derived from 0063-Handle-properly-CODEC-specific-tags.patch (http://bugzilla.maptools.org/show_bug.cgi?id=2580) by Raphaël Hertzog. Fixes: http://bugzilla.maptools.org/show_bug.cgi?id=2580 http://bugzilla.maptools.org/show_bug.cgi?id=2693 http://bugzilla.maptools.org/show_bug.cgi?id=2625 (CVE-2016-10095) http://bugzilla.maptools.org/show_bug.cgi?id=2564 (CVE-2015-7554) http://bugzilla.maptools.org/show_bug.cgi?id=2561 (CVE-2016-5318) http://bugzilla.maptools.org/show_bug.cgi?id=2499 (CVE-2014-8128) http://bugzilla.maptools.org/show_bug.cgi?id=2441 http://bugzilla.maptools.org/show_bug.cgi?id=2433
* * libtiff/tif_getimage.c: initYCbCrConversion(): stricter validation forerouault2017-05-291-0/+8
| | | | | | | refBlackWhite coefficients values. To avoid invalid float->int32 conversion (when refBlackWhite[0] == 2147483648.f) Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1907 Credit to OSS Fuzz
* Fix date in changelog entryerouault2017-05-291-1/+1
|
* * libtiff/tif_color.c: TIFFYCbCrToRGBInit(): stricter clamping to avoiderouault2017-05-291-0/+7
| | | | | | int32 overflow in TIFFYCbCrtoRGB(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1844 Credit to OSS Fuzz
* libtiff 4.0.8 releasedRelease-v4-0-8bfriesen2017-05-211-0/+2
|
* html/v4.0.8.html: Add description of changes targeting the 4.0.8 release.bfriesen2017-05-211-0/+5
|
* * libtiff/tif_getimage.c: initYCbCrConversion(): stricter validation forerouault2017-05-201-1/+8
| | | | | | | | refBlackWhite coefficients values. To avoid invalid float->int32 conversion. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1718 Credit to OSS Fuzz Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1663
* * libtiff/tif_getimage.c: initYCbCrConversion(): check luma[1] is not zeroerouault2017-05-181-0/+7
| | | | | | to avoid division by zero. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1665 Credit to OSS Fuzz
* * libtiff/tif_read.c: _TIFFVSetField(): fix outside range cast of double toerouault2017-05-171-0/+6
| | | | | float. Credit to Google Autofuzz project
* * libtiff/tif_getimage.c: initYCbCrConversion(): add basic validation oferouault2017-05-171-0/+8
| | | | | | | luma and refBlackWhite coefficients (just check they are not NaN for now), to avoid potential float to int overflows. Fixes ://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1663 Credit to OSS Fuzz
* * libtiff/tif_pixarlog.c: PixarLogDecode(): resync tif_rawcp witherouault2017-05-171-0/+8
| | | | | | | next_in and tif_rawcc with avail_in at beginning and end of function, similarly to what is done in LZWDecode(). Likely needed so that it works properly with latest chnges in tif_read.c in CHUNKY_STRIP_READ_SUPPORT mode. But untested...
* * libtiff/tif_lzw.c: update dec_bitsleft at beginning of LZWDecode(),erouault2017-05-171-0/+7
| | | | | | and update tif_rawcc at end of LZWDecode(). This is needed to properly work with the latest chnges in tif_read.c in CHUNKY_STRIP_READ_SUPPORT mode.
* * libtiff/tif_luv.c: LogL16InitState(): avoid excessive memoryerouault2017-05-141-0/+6
| | | | | allocation when RowsPerStrip tag is missing. Credit to OSS-Fuzz (locally run, on GDAL)
* * libtiff/tif_packbits.c: fix out-of-buffer read in PackBitsDecode()erouault2017-05-141-0/+6
| | | | | Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1563 Credit to OSS-Fuzz
* * libtiff/tif_pixarlog.c, tif_luv.c: avoid potential int32erouault2017-05-131-0/+7
| | | | | | overflows in multiply_ms() and add_ms(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1558 Credit to OSS-Fuzz
* * libtiff/tif_color.c: avoid potential int32 overflow inerouault2017-05-131-0/+7
| | | | | | TIFFYCbCrToRGBInit() Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1533 Credit to OSS-Fuzz
* * libtiff/tif_read.c: update tif_rawcc in CHUNKY_STRIP_READ_SUPPORTerouault2017-05-131-0/+9
| | | | | | | | mode with tif_rawdataloaded when calling TIFFStartStrip() or TIFFFillStripPartial(). This avoids reading beyond tif_rawdata when bytecount > tif_rawdatasize. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1545. Credit to OSS-Fuzz
* * libtiff/tif_read.c: TIFFFillStripPartial():erouault2017-05-121-0/+7
| | | | | | avoid excessive memory allocation in case of shorten files. Only effective on 64 bit builds. Credit to OSS-Fuzz (locally run, on GDAL)
* * libtiff/tif_read.c: TIFFFillStripPartial() / TIFFSeek(),erouault2017-05-121-0/+7
| | | | | | avoid potential integer overflows with read_ahead in CHUNKY_STRIP_READ_SUPPORT mode. Should especially occur on 32 bit platforms.
* * libtiff/tif_read.c: TIFFFillStrip() and TIFFFillTile():erouault2017-05-101-0/+7
| | | | | | avoid excessive memory allocation in case of shorten files. Only effective on 64 bit builds and non-mapped cases. Credit to OSS-Fuzz (locally run, on GDAL)
* * libtiff/tif_zip.c, tif_pixarlog.c, tif_predict.c: fix memoryerouault2017-05-101-0/+7
| | | | | | leak when the underlying codec (ZIP, PixarLog) succeeds its setupdecode() method, but PredictorSetup fails. Credit to OSS-Fuzz (locally run, on GDAL)
* * libtiff/tif_read.c: TIFFFillStrip(): add limitation to the numbererouault2017-05-101-0/+6
| | | | | of bytes read in case td_stripbytecount[strip] is bigger than reasonable, so as to avoid excessive memory allocation.
* * tools/tiff2bw.c: close TIFF handle in error code path.erouault2017-04-281-0/+5
| | | | Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2677
* * litiff/tif_fax3.c: avoid crash in Fax3Close() on empty file.erouault2017-04-271-0/+9
| | | | | | | | Patch by Alan Coopersmith + complement by myself. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2673 * tools/fax2tiff.c: emit appropriate message if the input file is empty. Patch by Alan Coopersmith. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2672
* * libtiff/tif_ojpeg.c: fix potential memory leak inerouault2017-04-271-1/+10
| | | | | | | OJPEGReadHeaderInfoSecTablesQTable, OJPEGReadHeaderInfoSecTablesDcTable and OJPEGReadHeaderInfoSecTablesAcTable Patch by Nicolás Peña. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2670
* * libtiff/tif_dirread.c: fix memory leak in non DEFER_STRILE_LOADerouault2017-04-271-0/+7
| | | | | | | mode (ie default) when there is both a StripOffsets and TileOffsets tag, or a StripByteCounts and TileByteCounts Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2689 * tools/tiff2ps.c: call TIFFClose() in error code paths.
* * libtiff/tif_fax3.c, tif_predict.c, tif_getimage.c: fix GCC 7erouault2017-02-251-0/+5
| | | | -Wimplicit-fallthrough warnings.
* * libtiff/tif_pixarlog.c: fix memory leak in error code path oferouault2017-02-181-0/+6
| | | | | PixarLogSetupDecode(). Patch by Nicolás Peña. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2665
* * libtiff/tif_lzw.c: in LZWPostEncode(), increase, if necessary, theerouault2017-02-181-0/+7
| | | | | | code bit-width after flushing the remaining code and before emitting the EOI code. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=1982
* * libtiff/tif_jpeg.c: only run JPEGFixupTagsSubsampling() if theerouault2017-01-311-0/+6
| | | | | YCbCrSubsampling tag is not explicitly present. This helps a bit to reduce the I/O amount when te tag is present (especially on cloud hosted files).
* * tools/raw2tiff.c: avoid integer division by zero.erouault2017-01-141-0/+5
| | | | Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2631
* * libtiff/tif_ojpeg.c: fix leak in OJPEGReadHeaderInfoSecTablesQTable,erouault2017-01-121-1/+2
| | | | OJPEGReadHeaderInfoSecTablesDcTable and OJPEGReadHeaderInfoSecTablesAcTable
* * libtiff/tif_ojpeg.c: fix leak in OJPEGReadHeaderInfoSecTablesAcTableerouault2017-01-121-0/+7
| | | | | | when read fails. Patch by Nicolás Peña. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659
* * libtiff/tif_luv.c, tif_lzw.c, tif_packbits.c: return 0 in Encodeerouault2017-01-111-0/+6
| | | | | functions instead of -1 when TIFFFlushData1() fails. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2130
* * tools/tiffcp.c: error out cleanly in cpContig2SeparateByRow anderouault2017-01-111-0/+7
| | | | | | cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap based overflow. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2656 and http://bugzilla.maptools.org/show_bug.cgi?id=2657
* Fix commit messageerouault2017-01-111-1/+1
|
* * libtiff/tiffiop.h, tif_unix.c, tif_win32.c, tif_vms.c: add _TIFFcalloc()erouault2017-01-111-0/+8
| | | | | | * libtiff/tif_read.c: TIFFReadBufferSetup(): use _TIFFcalloc() to zero initialize tif_rawdata. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2651
* * libtiff/tif_getimage.c: add explicit uint32 cast in putagreytile toerouault2017-01-111-0/+7
| | | | | | avoid UndefinedBehaviorSanitizer warning. Patch by Nicolás Peña. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2658
* * libtiff/tif_read.c: avoid potential undefined behaviour on signed integererouault2017-01-111-0/+6
| | | | | addition in TIFFReadRawStrip1() in isMapped() case. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2650
* * libtiff/tif_jpeg.c: validate BitsPerSample in JPEGSetupEncode() to avoiderouault2017-01-111-0/+6
| | | | | undefined behaviour caused by invalid shift exponent. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648
* * libtiff/tif_dir.c, tif_dirread.c, tif_dirwrite.c: implement various clampingserouault2017-01-111-0/+10
| | | | | | | | | of double to other data types to avoid undefined behaviour if the output range isn't big enough to hold the input value. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2643 http://bugzilla.maptools.org/show_bug.cgi?id=2642 http://bugzilla.maptools.org/show_bug.cgi?id=2646 http://bugzilla.maptools.org/show_bug.cgi?id=2647
* * libtiff/tif_dirread.c: avoid division by floating point 0 inerouault2017-01-111-0/+8
| | | | | | | TIFFReadDirEntryCheckedRational() and TIFFReadDirEntryCheckedSrational(), and return 0 in that case (instead of infinity as before presumably) Apparently some sanitizers do not like those divisions by zero. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2644
* * libtiff/tif_dirwrite.c: in TIFFWriteDirectoryTagCheckedRational, replaceerouault2017-01-111-0/+11
| | | | | | | | | | assertion by runtime check to error out if passed value is strictly negative. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2535 * tools/tiffcrop.c: remove extraneous TIFFClose() in error code path, that caused double free. Related to http://bugzilla.maptools.org/show_bug.cgi?id=2535
* * libtiff/tif_jpeg.c: avoid integer division by zero inerouault2017-01-111-0/+6
| | | | | JPEGSetupEncode() when horizontal or vertical sampling is set to 0. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2653
* * libtiff/tif_jpeg.c: increase libjpeg max memory usable toerouault2017-01-031-0/+7
| | | | | | 10 MB instead of libjpeg 1MB default. This helps when creating files with "big" tile, without using libjpeg temporary files. Related to https://trac.osgeo.org/gdal/ticket/6757
* * tools/tiff2pdf.c: avoid potential heap-based overflow inerouault2016-12-201-0/+6
| | | | | t2p_readwrite_pdf_image_tile(). Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2640
* * tools/tiff2pdf.c: avoid potential invalid memory read inerouault2016-12-201-0/+6
| | | | | t2p_writeproc. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2639
* * tools/tiff2pdf.c: fix wrong usage of memcpy() that can triggererouault2016-12-201-0/+6
| | | | | unspecified behaviour. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2638
* * libtiff/tif_getimage.c: fix potential memory leaks in error codeerouault2016-12-181-0/+6
| | | | | path of TIFFRGBAImageBegin(). Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2627
View Lorry Controller Status