Changes in TIFF v4.7.2¶
Current Version |
v4.7.2 (tag v4.7.2) |
Previous Version |
|
Primary Download Site |
|
Home HTTP Site #1 |
|
Home HTTP Site #2 |
This document provides a summary of significant changes made to the
software between the previous and current versions (see
above). A fully-detailed change summary is provided by the ChangeLog file
included in the release package and by the Git commit history.
Major changes¶
None
Software configuration changes¶
cmake: Fix bundle identifiers to use reverse-DNS format
cmake: Fix and improve Apple framework build support
cmake: Use TurboJPEG CONFIG by default (issue #767)
cmake: changes related to 8-/12-bit modes
cmake: Replace CMath::CMath with direct link to avoid export.
Support for iOS-derived builds
Simplify cmake byte order version check
Add additional warnings, primarily floating precision conversions and integer arithmetic conversions
configure.ac: Require bootstrap with at least Autoconf 2.71.
Library changes¶
New/improved functionalities:
Add TIFFGetMaxCompressionRatio() and use it in _TIFFReadEncoded[Tile|Strip)AndAllocBuffer() (issue #781)
API/ABI breaks:
None
Bug fixes:
Handle negative TIFFReadFile results before state updates (issue #854)
tif_dirread.c: fix copy-paste bug in ChopUpSingleUncompressedStrip
tif_read.c: Fixed division by zero in TIFFStartStrip() (issue #777)
tif_dirwrite.c: add integer overflow checks to allocation size calculations
tif_print.c: add integer overflow checks to allocation size calculations
tif_write.c: fix OOB read and underflow in TIFFAppendToStrip copy loop
DumpModeSeek: add bounds check to prevent OOB pointer advance
TIFFGrowStrips: fix use-after-free on partial realloc failure.
Fix NULL dereference in _TIFFReserveLargeEnoughWriteBuffer() by validating the strip bytecount array before accessing it.
TIFFRGBAImage: avoid int overflows in put functions (issue #830)
tif_getimage: fix inconsistent fromskew handling in put16bitbwtile (issue #792)
tif_getimage: Widen pointer-offset arithmetic in tif_getimage
putcontig8bitYCbCr44tile: fix wrong fromskew computation (issue #798)
putcontig8bitYCbCr42tile: Reject invalid YCbCr subsampling when image dimensions are smaller than the subsampling block to prevent out-of-bounds writes. (issue #753)
TIFFReadRGBAImage(): prevent integer overflow and later heap overflow (issue #787)
TIFFFillStrip/Tile(): avoid excessive memory allocation (issue #831)
TIFFLinkDirectory() checks for IFD loops (issue #788)
Check result of _TIFFCheckRealloc to prevent memory leaks and segmentation fault when reallocation fails.
TIFFVTileSize64(): in YCbCr contig non upsampled mode, validate td_samplesperpixel==3 (issue #805)
TIFFReadDirEntryPersampleShort(): be tolerant to tags like SampleFormat not having 1 or SamplesPerPixel values (https://github.com/OSGeo/gdal/issues/13465)
tif_getimage: reject tile widths that would overflow toskew (issue #808)
Fix integer overflow in _TIFFPartialReadStripArray on 32-bit.
TIFFAppendToStrip(): add some checks to avoid null-pointer-dereferencing (issue #777).
- _TIFFGetStrileOffsetOrByteCountValue(): fix potential crash on corrupted files
when file opened in 'O' mode (https://issues.oss-fuzz.com/issues/471328917)
TIFFReadDirectory(): re-set TIFF_LAZYSTRILELOAD if file opened in 'O' mode
_TIFFMergeFields(): avoid NULL ptr dereference (issue #755).
- Check td_stripbytecount_p and td_stripoffset_p for NULL pointer before (re-)writing to file.
- JPEGDecodeRaw: initialize output buffer to avoid returning uninitialized memory
JPEG decompressor: initialize output buffer when JPEG image is smaller than strile dimension to avoid heap memory disclosure (issue #826)
- JPEG: fix generation of tiled 12-bit JPEG compressed files with libjpeg-turbo 3.0.3
JPEGDecode(): fix memory leak in error code path (https://issues.oss-fuzz.com/issues/471945501)
tif_jpeg: reject mismatched JPEG data precision to avoid write overflow
Fix signed left-shift UB in LogLuv RANDITHER encoding (issue #850)
PixarLog: error out on invalid ABGR output buffer sizes.
PixarLog: complete ABGR bounds check for multi-row strip decoding.
PixarLog: fix heap-buffer-overflow in 8BITABGR decode with stride 3 (issue #824)
PixarLog: fix undoing horizontal differencing when SamplesPerPixel != 3 and 4 (issue #789).
PixarLog codec: fix potential integer overflow/out-of-bounds access (issue #797)
TIFFAdvanceDirectory(): avoid potential read heap-buffer-overflow in mmap code path on 32 bit builds (https://issues.oss-fuzz.com/issues/506737072)
OJPEG: fix integer overflow in subsampling buffer allocation.
OJPEG: fix nullptr deref when changing compression method from OJPEG to something else (issue #795).
OJPEG fix potential integer overflow/out-of-bounds access (issue #796).
ojpeg: prevent EOF infinite loop (fixes commit 2a3d55b)
fix null pointer deference in issue #782.
fix stack-overflow in issue #784.
Other changes:
Change EXIF and GPS tag type from IFD8 to LONG8 per EXIF-specification (issue #739).
Harden integer size and offset calculations (issue #897)
TIFFComputeTile/TIFFComputeStrip: use overflow-checked multiplication
Move widening casts inside multiplication scope.
Lots of compiler warning fixes related to enabling more warning flags
Align writing and reading of TIFF_LONG8 and TIFF_IFD8 tags (issue #773)
TIFFFillStrip(): prevent harmless unsigned integer overflow
Documentation¶
Doc: TIFFFdOpen(): clarify role of filename parameter (issue #823)
Add libtiff/README_for_libtiff_developpers.md
Tools changes¶
New/improved functionality:
None
Bug fixes:
tools: validate numeric command-line arguments (issue #799)
tiff2pdf: add overflow checks to RGBA/RGBAA sample count computation
tiff2pdf: Fix integer overflow in RGBA raster allocation in tiff2pdf by validating size computation before _TIFFrealloc() (issue #804)
tiffcrop: fix integer overflow in extractImageSection.
tiffcrop: fix byte carry for left/right composite bit offsets.
tiffcrop: recompute composite crop dimensions before allocation.
tiffcrop: fix uint32 overflows in writeImageSections and getCropOffsets (issue #834, issue #835, issue #836)
tiffcrop: size separated region buffers from actual dimensions
tiffcrop: Fix heap-buffer-overflow in composite mode by allocating buffer based on final image layout instead of region-based bufftotal (issue #803)
tiffcrop: fix undefined behaviour (issue #790)
tiffcrop: avoid dangling pointer in loadImage by clearing *read_ptr after free (issue #751)
tiffcrop: fix undefined behaviour in reverseSamples32bits() (issue #752)
Fix integer wraparound checks in raw2tiff/tiffcrop and add missing zero-divisor guards in tiff2rgba (issue #832)
tiffsplit: use 7-digit numbered output names.
tiffsplit: fix global-buffer-overflow (issue #790)
tiffsplit: check filename length (issue #769)
tiffcmp: validate scanline buffer sizes in mixed planar comparison to prevent out-of-bounds reads (issue #802)
tiffmedian: fix use after free (issue #790)
tiffcp: avoid integer overflow in iskew and oskew (issue #770)
fax2tiff: avoid endless loop on corrupt input (issue #759)
tiffdump: Avoid unaligned memory access for tag field values.
tiff2ps: Checking the range of double values in before converting to int32_t. (issue #679)
Changes to contributed and unsupported tools¶
thumbnail: prevent integer overflow by capping row count at 256
thumbnail: add/improve integer overflow check for image memory allocation.
thumbnail: add error handling for missing strip and tile byte counts.
thumbnail: fix Out-of-Bounds Write (issue #790)
rgb2ycbcr: fix integer overflow check for pixel count calculation.
iptcutil: out-of-bound read fix (issue #750)