1. 11 Nov, 2019 1 commit
  2. 03 Nov, 2019 2 commits
  3. 26 Oct, 2019 1 commit
  4. 23 Oct, 2019 1 commit
  5. 22 Oct, 2019 3 commits
  6. 03 Oct, 2019 1 commit
  7. 17 Sep, 2019 1 commit
  8. 03 Sep, 2019 1 commit
  9. 02 Sep, 2019 2 commits
  10. 01 Sep, 2019 1 commit
  11. 27 Aug, 2019 1 commit
  12. 26 Aug, 2019 2 commits
  13. 25 Aug, 2019 1 commit
  14. 23 Aug, 2019 6 commits
  15. 22 Aug, 2019 2 commits
  16. 21 Aug, 2019 1 commit
  17. 20 Aug, 2019 2 commits
  18. 16 Aug, 2019 2 commits
  19. 15 Aug, 2019 1 commit
  20. 13 Aug, 2019 1 commit
    • Even Rouault's avatar
      Fix integer overflow in _TIFFCheckMalloc() and other implementation-defined... · 1b5e3b6a
      Even Rouault authored
      Fix integer overflow in _TIFFCheckMalloc() and other implementation-defined behaviour (CVE-2019-14973)
      
      _TIFFCheckMalloc()/_TIFFCheckRealloc() used a unsafe way to detect overflow
      in the multiplication of nmemb and elem_size (which are of type tmsize_t, thus
      signed), which was especially easily triggered on 32-bit builds (with recent
      enough compilers that assume that signed multiplication cannot overflow, since
      this is undefined behaviour by the C standard). The original issue which lead to
      this fix was trigged from tif_fax3.c
      
      There were also unsafe (implementation defied), and broken in practice on 64bit
      builds, ways of checking that a uint64 fits of a (signed) tmsize_t by doing
      (uint64)(tmsize_t)uint64_var != uint64_var comparisons. Those have no known
      at that time exploits, but are better to fix in a more bullet-proof way.
      Or similarly use of (int64)uint64_var <= 0.
      1b5e3b6a
  21. 12 Aug, 2019 2 commits
  22. 10 Aug, 2019 1 commit
  23. 04 Aug, 2019 1 commit
    • Su Laus's avatar
      Reading of Tiff tags with ID = 0 (like GPSVERSIONID) corrected. · 6f5c9477
      Su Laus authored
        IGNORE placeholder in tif_dirread.c is now replaced by a field dir_ignore in the TIFFDirEntry structure
      
        Currently, in tif_dirread.c a special IGNORE value for the tif tags is defined
        in order to flag status preventing already processed tags from further processing.
        This irrational behaviour prevents reading of custom tags with id code 0 - like tag GPSVERSIONID from EXIF 2.31 definition.
      
        An additional field 'tdir_ignore' is now added to the TIFFDirEntry structure and code is changed
        to allow tags with id code 0 to be read correctly.
      
        This change was already proposed as pending improvement in tif_dirread.c around line 32.
      
          Reference is also made to:
      	- Discussion in !39
      	- http://bugzilla.maptools.org/show_bug.cgi?id=2540
      
      Comments and indention adapted.
      
      Preparation to rebase onto master
      6f5c9477
  24. 09 Jul, 2019 1 commit
  25. 05 Jul, 2019 1 commit
  26. 29 Jun, 2019 1 commit