Changes in TIFF v4.7.2 ====================== .. table:: References :widths: auto ====================== ========================================== Current Version v4.7.2 (:tag:`v4.7.2`) Previous Version :doc:`v4.7.1 ` Primary Download Site ``_ Home HTTP Site #1 ``_ Home HTTP Site #2 ``_ ====================== ========================================== This document provides a summary of significant changes made to the software between the *previous* and *current* versions (see above). A fully-detailed change summary is provided by the :file:`ChangeLog` file included in the release package and by the Git commit history. Major changes ------------- None Software configuration changes ------------------------------ * cmake: Fix bundle identifiers to use reverse-DNS format * cmake: Fix and improve Apple framework build support * cmake: Use TurboJPEG CONFIG by default (:issue:`767`) * cmake: changes related to 8-/12-bit modes * cmake: Replace CMath::CMath with direct link to avoid export. * Support for iOS-derived builds * Simplify cmake byte order version check * Add additional warnings, primarily floating precision conversions and integer arithmetic conversions * configure.ac: Require bootstrap with at least Autoconf 2.71. Library changes --------------- New/improved functionalities: * Add TIFFGetMaxCompressionRatio() and use it in _TIFFReadEncoded[Tile|Strip)AndAllocBuffer() (:issue:`781`) API/ABI breaks: * None Bug fixes: * Handle negative TIFFReadFile results before state updates (:issue:`854`) * tif_dirread.c: fix copy-paste bug in ChopUpSingleUncompressedStrip * tif_read.c: Fixed division by zero in TIFFStartStrip() (:issue:`777`) * tif_dirwrite.c: add integer overflow checks to allocation size calculations * tif_print.c: add integer overflow checks to allocation size calculations * tif_write.c: fix OOB read and underflow in TIFFAppendToStrip copy loop * DumpModeSeek: add bounds check to prevent OOB pointer advance * TIFFGrowStrips: fix use-after-free on partial realloc failure. * Fix NULL dereference in _TIFFReserveLargeEnoughWriteBuffer() by validating the strip bytecount array before accessing it. * TIFFRGBAImage: avoid int overflows in put functions (:issue:`830`) * tif_getimage: fix inconsistent fromskew handling in put16bitbwtile (:issue:`792`) * tif_getimage: Widen pointer-offset arithmetic in tif_getimage * putcontig8bitYCbCr44tile: fix wrong fromskew computation (:issue:`798`) * putcontig8bitYCbCr42tile: Reject invalid YCbCr subsampling when image dimensions are smaller than the subsampling block to prevent out-of-bounds writes. (:issue:`753`) * TIFFReadRGBAImage(): prevent integer overflow and later heap overflow (:issue:`787`) * TIFFFillStrip/Tile(): avoid excessive memory allocation (:issue:`831`) * TIFFLinkDirectory() checks for IFD loops (:issue:`788`) * Check result of _TIFFCheckRealloc to prevent memory leaks and segmentation fault when reallocation fails. * TIFFVTileSize64(): in YCbCr contig non upsampled mode, validate td_samplesperpixel==3 (:issue:`805`) * TIFFReadDirEntryPersampleShort(): be tolerant to tags like SampleFormat not having 1 or SamplesPerPixel values (https://github.com/OSGeo/gdal/issues/13465) * tif_getimage: reject tile widths that would overflow toskew (:issue:`808`) * Fix integer overflow in _TIFFPartialReadStripArray on 32-bit. * TIFFAppendToStrip(): add some checks to avoid null-pointer-dereferencing (:issue:`777`). * _TIFFGetStrileOffsetOrByteCountValue(): fix potential crash on corrupted files when file opened in 'O' mode (https://issues.oss-fuzz.com/issues/471328917) * TIFFReadDirectory(): re-set TIFF_LAZYSTRILELOAD if file opened in 'O' mode * _TIFFMergeFields(): avoid NULL ptr dereference (:issue:`755`). * Check td_stripbytecount_p and td_stripoffset_p for NULL pointer before (re-)writing to file. (:issue:`749`) * JPEGDecodeRaw: initialize output buffer to avoid returning uninitialized memory (:issue:`892`) * JPEG decompressor: initialize output buffer when JPEG image is smaller than strile dimension to avoid heap memory disclosure (:issue:`826`) * JPEG: fix generation of tiled 12-bit JPEG compressed files with libjpeg-turbo 3.0.3 (:issue:`773`) * JPEGDecode(): fix memory leak in error code path (https://issues.oss-fuzz.com/issues/471945501) * tif_jpeg: reject mismatched JPEG data precision to avoid write overflow * Fix signed left-shift UB in LogLuv RANDITHER encoding (:issue:`850`) * PixarLog: error out on invalid ABGR output buffer sizes. * PixarLog: complete ABGR bounds check for multi-row strip decoding. * PixarLog: fix heap-buffer-overflow in 8BITABGR decode with stride 3 (:issue:`824`) * PixarLog: fix undoing horizontal differencing when SamplesPerPixel != 3 and 4 (:issue:`789`). * PixarLog codec: fix potential integer overflow/out-of-bounds access (:issue:`797`) * TIFFAdvanceDirectory(): avoid potential read heap-buffer-overflow in mmap code path on 32 bit builds (https://issues.oss-fuzz.com/issues/506737072) * OJPEG: fix integer overflow in subsampling buffer allocation. * OJPEG: fix nullptr deref when changing compression method from OJPEG to something else (:issue:`795`). * OJPEG fix potential integer overflow/out-of-bounds access (:issue:`796`). * ojpeg: prevent EOF infinite loop (fixes commit 2a3d55b) * fix null pointer deference in :issue:`782`. * fix stack-overflow in :issue:`784`. Other changes: * Change EXIF and GPS tag type from IFD8 to LONG8 per EXIF-specification (:issue:`739`). * Harden integer size and offset calculations (:issue:`897`) * TIFFComputeTile/TIFFComputeStrip: use overflow-checked multiplication * Move widening casts inside multiplication scope. * Lots of compiler warning fixes related to enabling more warning flags * Align writing and reading of TIFF_LONG8 and TIFF_IFD8 tags (:issue:`773`) * TIFFFillStrip(): prevent harmless unsigned integer overflow Documentation ------------- * Doc: TIFFFdOpen(): clarify role of filename parameter (:issue:`823`) * Add libtiff/README_for_libtiff_developpers.md Tools changes ------------- New/improved functionality: None Bug fixes: * tools: validate numeric command-line arguments (:issue:`799`) * tiff2pdf: add overflow checks to RGBA/RGBAA sample count computation * tiff2pdf: Fix integer overflow in RGBA raster allocation in tiff2pdf by validating size computation before _TIFFrealloc() (:issue:`804`) * tiffcrop: fix integer overflow in extractImageSection. * tiffcrop: fix byte carry for left/right composite bit offsets. * tiffcrop: recompute composite crop dimensions before allocation. * tiffcrop: fix uint32 overflows in writeImageSections and getCropOffsets (:issue:`834`, :issue:`835`, :issue:`836`) * tiffcrop: size separated region buffers from actual dimensions * tiffcrop: Fix heap-buffer-overflow in composite mode by allocating buffer based on final image layout instead of region-based bufftotal (:issue:`803`) * tiffcrop: fix undefined behaviour (:issue:`790`) * tiffcrop: avoid dangling pointer in loadImage by clearing *read_ptr after free (:issue:`751`) * tiffcrop: fix undefined behaviour in reverseSamples32bits() (:issue:`752`) * Fix integer wraparound checks in raw2tiff/tiffcrop and add missing zero-divisor guards in tiff2rgba (:issue:`832`) * tiffsplit: use 7-digit numbered output names. * tiffsplit: fix global-buffer-overflow (:issue:`790`) * tiffsplit: check filename length (:issue:`769`) * tiffcmp: validate scanline buffer sizes in mixed planar comparison to prevent out-of-bounds reads (:issue:`802`) * tiffmedian: fix use after free (:issue:`790`) * tiffcp: avoid integer overflow in iskew and oskew (:issue:`770`) * fax2tiff: avoid endless loop on corrupt input (:issue:`759`) * tiffdump: Avoid unaligned memory access for tag field values. * tiff2ps: Checking the range of double values in before converting to int32_t. (:issue:`679`) Changes to contributed and unsupported tools -------------------------------------------- * thumbnail: prevent integer overflow by capping row count at 256 * thumbnail: add/improve integer overflow check for image memory allocation. * thumbnail: add error handling for missing strip and tile byte counts. * thumbnail: fix Out-of-Bounds Write (:issue:`790`) * rgb2ycbcr: fix integer overflow check for pixel count calculation. * iptcutil: out-of-bound read fix (:issue:`750`)