Changes in TIFF v3.9.5¶
v3.9.5 (tag Release-v3-9-5)
Master Download Site
Master HTTP Site
This document describes the changes made to the software between the previous and current versions (see above). If you don't find something listed here, then it was not done in this timeframe, or it was not considered important enough to be mentioned. The following information is located here:
Software configuration changes¶
configure.ac: Should use
AC_CANONICAL_HOSTsince host specifies the run-time target whereas target is used to specify the final output target if the package is a build tool (like a compiler), which libtiff is not. Resolves MapTools bugzilla #2307 "Use AC_CANONICAL_HOST macro".
libtiff/tif_getimage.c: Check the number of samples per pixel when working with YCbCr image in
PickContigCase(). As per bug MapTools bugzilla #2216
libtiff/tif_dir.c: Set the bogus post-decoding hook when processing
_TIFFVSetField()for the case of 8 bit when we don't need any post-processing. That helps to reset the hook if we previously set this field to some other value and the hook was initialized accordingly. As per bug MapTools bugzilla #2035
libtiff/tif_getimage.c: Avoid wrong math du to the signed/unsigned integer type conversions. As per bug MapTools bugzilla #2207
libtiff/tif_dirinfo.c: Don't use assertions in
_TIFFFieldWithName()if the tag is not found in the tag table. This should be normal situation and returned
NULLvalue should be properly handled by the caller.
libtiff/tif_dirwrite.c, tif_print.c: Properly handle
DotRangetag as it can be either byte or short size and should be set and read by value, not as an array. As per bug MapTools bugzilla #2116
libtiff/tif_dirread.c: Really reset the tag count in
CheckDirCount()to expected value as the warning message suggests. As per bug MapTools bugzilla #1963
libtiff/tif_open.c: Fix mode check before opening a file. MapTools bugzilla #1906
libtiff/tif_dirread.c: fix crash when reading a badly-constructed TIFF per MapTools bugzilla #1994
libtiff/tif_ojpeg.c: fix buffer overflow on problem data MapTools bugzilla #1999
libtiff/tif_dirread.c: modify warnings MapTools bugzilla #2016
libtiff/tif_jpeg.c: fix use of clumplines calculation MapTools bugzilla #2149
libtiff/tif_dirread.c: fix needless tag ordering warning MapTools bugzilla #2210
libtiff/tif_jpeg.c: reduce usage of
JCS_UNKNOWNin order to improve compatibility with various viewers submitted by e-mail from Dwight Kelly
libtiff/tif_dirread.c: tolerate some cases where
FIELD_COLORMAPis missing MapTools bugzilla #2189
libtiff/tif_jpeg.c: Fix regressions with 2 and 3 band images caused by commit on 2010-12-14. Submitted by e-mail from Even Rouault
libtiff/tif_dirwrite.c: Avoid undefined behaviour when casting from float to unsigned int in
TIFFWriteRationalArray()as reported by Kareem Shehata.
libtiff/tif_fax3.h: Protect against a fax
VL(n)codeword commanding a move left. Without this, a malicious input file can generate an indefinitely large series of runs without
a0ever reaching the right margin, thus overrunning our buffer of run lengths. Per CVE-2011-0192. This is a modified version of a patch proposed by Drew Yao of Apple Product Security. It adds an
unexpected()report, and disallows the equality case, since emitting a run without increasing
a0still allows buffer overrun.
libtiff/tif_fax3.h: Fix to last change allowing zero length runs at the start of a scanline---needed for legal cases.
libtiff/tif_thunder.c: Correct potential buffer overflow with thunder encoded files with wrong bitspersample set. The libtiff development team would like to thank Marin Barbella and TippingPoint's Zero Day Initiative for reporting this vulnerability (ZDI-CAN-1004, CVE-2011-1167). MapTools bugzilla #2300
libtiff/tiffiop.h: avoid declaring
uint64on AIX with XLC where they are already available. (MapTools bugzilla #2301)
tools/tiffcrop.c: Patch from Richard Nolde. Reject YCbCr subsampled data since tiffcrop currently doesn't support it. Fix JPEG support.
tools/tiffcp.c: Initialize buffer arrays with zero to avoid referencing to uninitialized memory in some cases (e.g. when tile size set bigger than the image size).
tools/tiff2pdf.c: Better generation of ID field in
t2p_write_pdf_trailer(). Get rid of GCC aliasing warnings.
tools/tiff2pdf.c: Fixed computation of the tile buffer size when converting JPEG encoded tiles.
tools/tiff2pdf.c: Better handling of string fields, use static string buffers instead of dynamically allocated, use
strcpy(), control the string lengths.
tools/pal2rgb.c: Fix the count for
WhitePointtag as per bug MapTools bugzilla #2042
PrintData()function instead of
PrintLong(). Should fix an issue reported at MapTools bugzilla #2116
tools/tiffset.c: Properly handle
TIFFTAG_DOTRANGEwhich should be set by value.
tools/tiffdump.c: Avoid integer overflows computing the buffer size for large directories. As per bug MapTools bugzilla #2218
tools/tiff2pdf.c: Fixed ID buffer filling in
t2p_write_pdf_trailer(), thanks to Dmitry V. Levin.
tools/tiffcrop.c: Patch from Richard Nolde to avoid a potentially unterminated buffer due to using an exceptionally long file name.
tools/tiff2ps.c: improvements and enhancements from Richard Nolde with additional command line options for Document Title, Document Creator, and Page Orientation
tools/tiffsplit.c: abort when reading a TIFF without a byte-count per MapTools bugzilla #1996
tools/tiff2pdf.c: add fill-page option MapTools bugzilla #2051
tools/fax2ps.c: replace unsafe
mkstemp()MapTools bugzilla #2118
tools/tiff2pdf.c: fix colors for images with RGBA interleaved data MapTools bugzilla #2250
tools/tiffcrop.c: new release by Richard Nolde MapTools bugzilla #2004
tools/fax2ps.c: be consistent with page-numbering MapTools bugzilla #2225
tools/gif2tiff.c: fix buffer overrun MapTools bugzilla #2270
mkstemp()since it is much more portable. Tmpfile is included in ISO/IEC 9899:1990 and the WIN32 CRT.
Contributed software changes¶