head 1.6; access; symbols pkgsrc-2013Q2:1.6.0.10 pkgsrc-2013Q2-base:1.6 pkgsrc-2012Q4:1.6.0.8 pkgsrc-2012Q4-base:1.6 pkgsrc-2011Q4:1.6.0.6 pkgsrc-2011Q4-base:1.6 pkgsrc-2011Q2:1.6.0.4 pkgsrc-2011Q2-base:1.6 pkgsrc-2009Q4:1.6.0.2 pkgsrc-2009Q4-base:1.6 pkgsrc-2009Q2:1.5.0.28 pkgsrc-2009Q2-base:1.5 pkgsrc-2009Q1:1.5.0.26 pkgsrc-2009Q1-base:1.5 pkgsrc-2008Q4:1.5.0.24 pkgsrc-2008Q4-base:1.5 pkgsrc-2008Q3:1.5.0.22 pkgsrc-2008Q3-base:1.5 cube-native-xorg:1.5.0.20 cube-native-xorg-base:1.5 pkgsrc-2008Q2:1.5.0.18 pkgsrc-2008Q2-base:1.5 cwrapper:1.5.0.16 pkgsrc-2008Q1:1.5.0.14 pkgsrc-2008Q1-base:1.5 pkgsrc-2007Q4:1.5.0.12 pkgsrc-2007Q4-base:1.5 pkgsrc-2007Q3:1.5.0.10 pkgsrc-2007Q3-base:1.5 pkgsrc-2007Q2:1.5.0.8 pkgsrc-2007Q2-base:1.5 pkgsrc-2007Q1:1.5.0.6 pkgsrc-2007Q1-base:1.5 pkgsrc-2006Q4:1.5.0.4 pkgsrc-2006Q4-base:1.5 pkgsrc-2006Q3:1.5.0.2 pkgsrc-2006Q3-base:1.5 pkgsrc-2006Q2:1.4.0.6 pkgsrc-2006Q2-base:1.4 pkgsrc-2006Q1:1.4.0.4 pkgsrc-2006Q1-base:1.4 pkgsrc-2005Q4:1.4.0.2 pkgsrc-2005Q4-base:1.4 pkgsrc-2005Q3:1.3.0.2 pkgsrc-2005Q3-base:1.3 pkgsrc-2005Q2:1.2.0.4 pkgsrc-2005Q2-base:1.2 pkgsrc-2005Q1:1.2.0.2 pkgsrc-2005Q1-base:1.2 pkgsrc-2004Q4:1.1.0.4 pkgsrc-2004Q4-base:1.1 pkgsrc-2004Q3:1.1.0.2; locks; strict; comment @# @; 1.6 date 2009.08.24.08.50.33; author wiz; state dead; branches; next 1.5; 1.5 date 2006.08.02.15.42.25; author salo; state Exp; branches; next 1.4; 1.4 date 2005.10.15.17.11.51; author wiz; state dead; branches 1.4.6.1; next 1.3; 1.3 date 2005.07.14.14.59.10; author wiz; state Exp; branches; next 1.2; 1.2 date 2004.12.28.23.10.09; author reed; state dead; branches; next 1.1; 1.1 date 2004.10.18.14.37.24; author tron; state Exp; branches 1.1.2.1; next ; 1.4.6.1 date 2006.08.02.17.56.46; author ghen; state Exp; branches; next ; 1.1.2.1 date 2004.10.18.14.37.24; author agc; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2004.10.18.17.03.48; author agc; state Exp; branches; next ; desc @@ 1.6 log @Update to 3.9.0: MAJOR CHANGES: * New tiffcrop utility contributed by Richard Nolde. tiffcrop does the same as tiffcp, but also can crop, extract, rotate and mirror images. * tif_jbig.c: Added support for JBIG compression scheme (34661 code), contributed by Lee Howard. * Totally new implementation of OJPEG module from Joris Van Damme. No need to patch libjpeg anymore. Many OJPEG files should be supported now that was not supported previously. ------------------------------------------------ CHANGES IN THE SOFTWARE CONFIGURATION: * tif_config.wince.h, tiffconf.wince.h, tif_wince.c: WinCE-specific compatibility stuff from Mateusz Loskot. * Rename config.h.vc and tif_config.h.vc to config.vc.h and tif_config.vc.h for easier identification by folks using an IDE. * configure, configure.ac: OJPEG support enabled by default (i.e., whe the conformant JPEG support enabled). * README.vms, Makefile.am, configure.com, libtiff/{Makefile.am, tif_config.h-vms, tif_stream.cxx, tif_vms.c, tiffconf.h-vms}: Added support for OpenVMS by Alexey Chupahin. * nmake.opt: use /EHsc for VS2005 compatibility. Also define _CRT_SECURE_NO_DEPRECATE to avoid noise on VS2005. ------------------------------------------------ CHANGES IN LIBTIFF: * tif_dirinfo.c (_TIFFFindFieldInfo): Don't attempt to bsearch() on a NULL fieldinfo list. (_TIFFFindFieldInfoByName): Don't attempt to lfind() on a NULL fieldinfo list. * tif_jpeg.c: Changed JPEGInitializeLibJPEG() so that it will convert from decompressor to compressor or compress to decompress if required by the force arguments. This works around a problem in where the JPEGFixupTestSubsampling() may cause a decompressor to be setup on a directory when later a compressor is required with the force flag set. Occurs with the addtiffo program for instance. * tif_dirwrite.c: Fixed swapping of byte arrays stored in-place in tag offsets as per bug http://bugzilla.remotesensing.org/show_bug.cgi?id=1363 * tif_getimage.c: workaround for 'Fractional scanline' error reading OJPEG images with rowsperstrip that is not a multiple of vertical subsampling factor. This bug is mentioned in http://bugzilla.remotesensing.org/show_bug.cgi?id=1390 and http://www.asmail.be/msg0054766825.html * tif_dirread.c: Added special function to handle SubjectDistance EXIF tag as per bug http://bugzilla.remotesensing.org/show_bug.cgi?id=1362 * tif_dirread.c, tif_read.c: Type of the byte counters changed from tsize_t to uint32 to be able to work with data arrays larger than 2GB. Fixes bug http://bugzilla.remotesensing.org/show_bug.cgi?id=89 Idea submitted by Matt Hancher. * tif_dir.c: Workaround for incorrect TIFFs with ExtraSamples == 999 produced by Corel Draw. As per bug http://bugzilla.remotesensing.org/show_bug.cgi?id=1490 * tif_write.c: TIFFAppendToStrip() - clear sorted flag if we move a strip. http://bugzilla.remotesensing.org/show_bug.cgi?id=1359 * tif_fax3.c: Save the state of printdir codec dependent method. * tif_jpeg.c: Save the state of printdir codec dependent method as per bug http://bugzilla.remotesensing.org/show_bug.cgi?id=1273 * tif_win32.c: Fixed problem with offset value manipulation as per bug http://bugzilla.remotesensing.org/show_bug.cgi?id=1322 * tif_fax3.c, tif_next.c, tif_pixarlog.c: Fixed multiple vulnerabilities, as per Gentoo bug (): http://bugs.gentoo.org/show_bug.cgi?id=142383 * tif_lzw.c, tif_zip.c: Fixed problems with mixing encoding and decoding on the same read-write TIFF handle. The LZW code can now maintain encode and decode state at the same time. The ZIP code will switch back and forth as needed. http://bugzilla.remotesensing.org/show_bug.cgi?id=757 * tif_msdos.c: Avoid handle leak for failed opens. c/o Thierry Pierron * tif_dirwrite.c: take care not to flush out buffer of strip/tile data in _TIFFWriteDirectory if TIFF_BEENWRITING not set. Relates to bug report by Peng Gao with black strip at bottom of images. * tif_dirwrite.c: make sure to use uint32 for wordcount in TIFFWriteNormanTag if writecount is VARIABLE2 for ASCII fields. It already seems to have been done for other field types. Needed for "tiffset" on files with geotiff ascii text. * tif_dirinfo.c: Added missed EXIF tag ColorSpace (40961). * tif_dirread.c: Move IFD fetching code in the separate function TIFFFetchDirectory() avoiding code duplication in TIFFReadDirectory() and TIFFReadCustomDirectory(). * tif_readdir.c: Added case in EstimateStripByteCounts() for tiled files. Modified TIFFReadDirectory() to not invoke EstimateStripByteCounts() for case where entry 0 and 1 are unequal but one of them is zero. http://bugzilla.remotesensing.org/show_bug.cgi?id=1204 * tif_open.c, tif_dirread.c, tiffiop.h: Move IFD looping checking code in the separate function TIFFCheckDirOffset(). * tif_aux.c: Added _TIFFCheckRealloc() function. * tif_fax3.c: Fixed problems in fax decoder as per bug http://bugzilla.remotesensing.org/show_bug.cgi?id=1194 * tif_jbig.c: Added support for JBIG compression scheme (34661 code) contributed by Lee Howard. As per bug http://bugzilla.remotesensing.org/show_bug.cgi?id=896 * tif_getimage.c: Added support for planarconfig separate non-subsampled YCbCr (i.e. separate YCbCr with subsampling [1,1]). * tif_getimage.c: Revision of all RGB(A) put routines: * Conversion of unassociated alpha to associated alpha now done with more performant LUT, and calculation more correct. * Conversion of 16bit data to 8bit data now done with more performant LUT, and calculation more correct * Bugfix of handling of 16bit RGB with unassociated alpha * tif_ojpeg.c: totally new implementation * tif_getimage.c: removed TIFFTAG_JPEGCOLORMODE handling of OJPEG images in favor of tif_getimage.c native handling of YCbCr and desubsampling. * tif_jpeg.c: JPEGVSetField() so that altering the photometric interpretation causes the "upsampled" flag to be recomputed. Fixes peculiar bug where photometric flag had to be set before jpegcolormode flag. ------------------------------------------------ CHANGES IN THE TOOLS: * tiff2ps.c: Added support 16-bit images as per bug http://bugzilla.remotesensing.org/show_bug.cgi?id=1566. Patch from William Bader. * tiff2pdf.c: Fix for TIFFTAG_JPEGTABLES tag fetching and significant upgrade of the whole utility as per bug http://bugzilla.remotesensing.org/show_bug.cgi?id=1560. Now we don't need tiffiop.h in tiff2pdf anymore and will open output PDF file using TIFFClientOpen() machinery as it is implemented by Leon Bottou. * tiffcrop.c: New tiffcrop utility contributed by Richard Nolde. As per bug http://bugzilla.remotesensing.org/show_bug.cgi?id=1383 * tiff2pdf.c: Do not assume inches when the resolution units do not specified. As per bug http://bugzilla.remotesensing.org/show_bug.cgi?id=1366 * tiffset.c: Properly handle tags with TIFF_VARIABLE writecount. As per bug http://bugzilla.remotesensing.org/show_bug.cgi?id=1350 * tif2rgba.c: This utility does not work properly on big-endian architectures. It was fixed including the bug http://bugzilla.remotesensing.org/show_bug.cgi?id=1149 * tiff2pdf.c: Fix handling of -q values. http://bugzilla.remotesensing.org/show_bug.cgi?id=587 * tiffcmp.c: Fixed floating point comparison logic as per bug http://bugzilla.remotesensing.org/show_bug.cgi?id=1191 * tiff2pdf.c: Fixed buffer overflow condition in t2p_write_pdf_string() as per bug http://bugzilla.remotesensing.org/show_bug.cgi?id=1196 ------------------------------------------------ CHANGES IN THE CONTRIB AREA: * contrib/addtiffo/tif_overview.c: Fix problems with odd sized output blocks in TIFF_DownSample_Subsampled() (bug 1542). * contrib/dbs/xtiff/xtiff.c: Make xtiff utility compilable. Though it is still far from the state of being working and useful. @ text @$NetBSD: patch-aw,v 1.5 2006/08/02 15:42:25 salo Exp $ Security fix for SA21304. --- libtiff/tif_dirinfo.c.orig 2006-02-07 14:51:03.000000000 +0100 +++ libtiff/tif_dirinfo.c 2006-08-02 17:18:41.000000000 +0200 @@@@ -775,7 +775,8 @@@@ _TIFFFieldWithTag(TIFF* tif, ttag_t tag) TIFFErrorExt(tif->tif_clientdata, "TIFFFieldWithTag", "Internal error, unknown tag 0x%x", (unsigned int) tag); - assert(fip != NULL); + /* assert(fip != NULL); */ + /*NOTREACHED*/ } return (fip); @@@@ -789,7 +790,8 @@@@ _TIFFFieldWithName(TIFF* tif, const char if (!fip) { TIFFErrorExt(tif->tif_clientdata, "TIFFFieldWithName", "Internal error, unknown tag %s", field_name); - assert(fip != NULL); + /* assert(fip != NULL); */ + /*NOTREACHED*/ } return (fip); @ 1.5 log @Security fixes for SA21304: "Some vulnerabilities have been reported in libTIFF, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. The vulnerabilities are caused due to various heap and integer overflows when processing TIFF images and can be exploited via a specially crafted TIFF image. Successful exploitation allows crashing applications linked against libTIFF and may also allow execution of arbitrary code." http://secunia.com/advisories/21304/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3459 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3460 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3461 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3462 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3463 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3464 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3465 Patches from Tavis Ormandy, Google Security Team via SUSE. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @ 1.4 log @Update to 3.7.4: MAJOR CHANGES: * Fixed important bug in custom tags handling code.. ------------------------------------------------ CHANGES IN THE SOFTWARE CONFIGURATION: * Applied patch from Patrick Welche (all scripts moved in the 'config' and 'm4' directories). * SConstruct, libtiff/SConstruct: Added the first very preliminary support for SCons software building tool (http://www.scons.org/). This is experimental infrastructure and it will exist along with the autotools stuff. * port/lfind.c: Added lfind() replacement module. ------------------------------------------------ CHANGES IN LIBTIFF: * tif_dir.c: When prefreeing tv->value in TIFFSetFieldV also set it to NULL to avoid double free when re-setting custom string fields as per: http://bugzilla.remotesensing.org/show_bug.cgi?id=922 * tif_dir.c: Fixed up support for swapping "double complex" values (128 bits as 2 64 bits doubles). GDAL gcore tests now pass on bigendian (macosx) system. * libtiff/{tif_dirread.c, tif_dirinfo.c}: Do not upcast BYTEs to SHORTs in the TIFFFetchByteArray(). Remove TIFFFetchExtraSamples() function, use TIFFFetchNormalTag() instead as per bug http://bugzilla.remotesensing.org/show_bug.cgi?id=831 Remove TIFFFetchExtraSamples() function, use TIFFFetchNormalTag() instead. * tif_print.c: Fixed printing of the BYTE and SBYTE arrays. * tif_write.c: Do not check the PlanarConfiguration field in the TIFFWriteCheck() function in case of single band images (as per TIFF spec). * libtiff/{tif_dir.c, tif_dir.h, tif_dirinfo.c, tif_print.c}: Make FieldOfViewCotangent, MatrixWorldToScreen, MatrixWorldToCamera, ImageFullWidth, ImageFullLength and PrimaryChromaticities tags custom. ------------------------------------------------ CHANGES IN THE TOOLS: * tiffcp.c: Fixed WhitePoint tag copying. ------------------------------------------------ CHANGES IN THE CONTRIB AREA: * tiffdump.c: Added support for TIFF_IFD datatype. * addtiffo/{tif_overview.c, tif_ovrcache.c, tif_ovrcache.h}: Make overviews working for contiguous images. @ text @d1 1 a1 1 $NetBSD: patch-aw,v 1.3 2005/07/14 14:59:10 wiz Exp $ d3 24 a26 57 --- port/lfind.c.orig 2005-07-14 16:42:34.000000000 +0200 +++ port/lfind.c @@@@ -0,0 +1,54 @@@@ + +/* + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * This code is derived from software contributed to Berkeley by + * Roger L. Snyder. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +#ifndef NULL +# define NULL 0 +#endif + +typedef int (*cmp_fn_t) __P((const void *, const void *)); + +void * +lfind(const void *key, const void *base, size_t *nmemb, size_t size, + cmp_fn_t compar) +{ + char *element, *end; + + end = (char *)base + *nmemb * size; + for (element = (char *)base; element < end; element += size) + if (!compar(element, key)) /* key found */ + return element; + + return NULL; +} @ 1.4.6.1 log @Pullup ticket 1774 - requested by salo security fix for tiff Revisions pulled up: - pkgsrc/graphics/tiff/Makefile 1.84 - pkgsrc/graphics/tiff/distinfo 1.39 - pkgsrc/graphics/tiff/patches/patch-av 1.5 - pkgsrc/graphics/tiff/patches/patch-aw 1.5 - pkgsrc/graphics/tiff/patches/patch-ax 1.5 - pkgsrc/graphics/tiff/patches/patch-ay 1.3 - pkgsrc/graphics/tiff/patches/patch-az 1.1 - pkgsrc/graphics/tiff/patches/patch-ba 1.1 - pkgsrc/graphics/tiff/patches/patch-bb 1.1 - pkgsrc/graphics/tiff/patches/patch-bc 1.1 Module Name: pkgsrc Committed By: salo Date: Wed Aug 2 15:42:25 UTC 2006 Modified Files: pkgsrc/graphics/tiff: Makefile distinfo Added Files: pkgsrc/graphics/tiff/patches: patch-av patch-aw patch-ax patch-ay patch-az patch-ba patch-bb patch-bc Log Message: Security fixes for SA21304: "Some vulnerabilities have been reported in libTIFF, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. The vulnerabilities are caused due to various heap and integer overflows when processing TIFF images and can be exploited via a specially crafted TIFF image. Successful exploitation allows crashing applications linked against libTIFF and may also allow execution of arbitrary code." http://secunia.com/advisories/21304/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3459 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3460 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3461 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3462 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3463 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3464 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3465 Patches from Tavis Ormandy, Google Security Team via SUSE. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: patch-aw,v 1.5 2006/08/02 15:42:25 salo Exp $ d3 57 a59 24 Security fix for SA21304. --- libtiff/tif_dirinfo.c.orig 2006-02-07 14:51:03.000000000 +0100 +++ libtiff/tif_dirinfo.c 2006-08-02 17:18:41.000000000 +0200 @@@@ -775,7 +775,8 @@@@ _TIFFFieldWithTag(TIFF* tif, ttag_t tag) TIFFErrorExt(tif->tif_clientdata, "TIFFFieldWithTag", "Internal error, unknown tag 0x%x", (unsigned int) tag); - assert(fip != NULL); + /* assert(fip != NULL); */ + /*NOTREACHED*/ } return (fip); @@@@ -789,7 +790,8 @@@@ _TIFFFieldWithName(TIFF* tif, const char if (!fip) { TIFFErrorExt(tif->tif_clientdata, "TIFFFieldWithName", "Internal error, unknown tag %s", field_name); - assert(fip != NULL); + /* assert(fip != NULL); */ + /*NOTREACHED*/ } return (fip); @ 1.3 log @Add lfind replacement function. From libtiff CVS. @ text @d1 1 a1 1 $NetBSD$ @ 1.2 log @Upgrade tiff to 3.7.1. Remove OpenWindows workaround in pkgsrc for this. Too many changes to include here. See http://www.remotesensing.org/libtiff/v3.7.1.html and http://www.remotesensing.org/libtiff/v3.7.0.html and previous change files for changes information. tiff-3.7.1 now includes the lzw compression code again. It also uses autoconf and libtool now. A new tool is bmp2tiff. Docs are placed under share/doc/tiff/html instead of share/doc/html/tiff. Many manpage symlinks are now missing. (This was reported to tiff list.) @ text @d1 1 a1 1 $NetBSD: patch-aw,v 1.1 2004/10/18 14:37:24 tron Exp $ d3 47 a49 8 --- libtiff/tif_tile.c.orig 2003-11-11 16:43:10.000000000 +0100 +++ libtiff/tif_tile.c 2004-10-18 16:25:33.000000000 +0200 @@@@ -31,6 +31,32 @@@@ */ #include "tiffiop.h" +static uint32 +summarize(TIFF* tif, size_t summand1, size_t summand2, const char* where) d51 1 a51 1 + uint32 bytes = summand1 + summand2; d53 4 a56 4 + if (bytes - summand1 != summand2) { + TIFFError(tif->tif_name, "Integer overflow in %s", where); + bytes = 0; + } d58 1 a58 1 + return (bytes); a59 80 + +static uint32 +multiply(TIFF* tif, size_t nmemb, size_t elem_size, const char* where) +{ + uint32 bytes = nmemb * elem_size; + + if (elem_size && bytes / elem_size != nmemb) { + TIFFError(tif->tif_name, "Integer overflow in %s", where); + bytes = 0; + } + + return (bytes); +} + /* * Compute which tile an (x,y,z,s) value is in. */ @@@@ -119,11 +145,13 @@@@ if (dz == (uint32) -1) dz = td->td_imagedepth; ntiles = (dx == 0 || dy == 0 || dz == 0) ? 0 : - (TIFFhowmany(td->td_imagewidth, dx) * - TIFFhowmany(td->td_imagelength, dy) * - TIFFhowmany(td->td_imagedepth, dz)); + multiply(tif, multiply(tif, TIFFhowmany(td->td_imagewidth, dx), + TIFFhowmany(td->td_imagelength, dy), + "TIFFNumberOfTiles"), + TIFFhowmany(td->td_imagedepth, dz), "TIFFNumberOfTiles"); if (td->td_planarconfig == PLANARCONFIG_SEPARATE) - ntiles *= td->td_samplesperpixel; + ntiles = multiply(tif, ntiles, td->td_samplesperpixel, + "TIFFNumberOfTiles"); return (ntiles); } @@@@ -138,10 +166,12 @@@@ if (td->td_tilelength == 0 || td->td_tilewidth == 0) return ((tsize_t) 0); - rowsize = td->td_bitspersample * td->td_tilewidth; + rowsize = multiply(tif, td->td_bitspersample, td->td_tilewidth, + "TIFFTileRowSize"); if (td->td_planarconfig == PLANARCONFIG_CONTIG) - rowsize *= td->td_samplesperpixel; - return ((tsize_t) TIFFhowmany(rowsize, 8)); + rowsize = multiply(tif, rowsize, td->td_samplesperpixel, + "TIFFTileRowSize"); + return ((tsize_t) TIFFhowmany8(rowsize)); } /* @@@@ -170,16 +200,24 @@@@ */ tsize_t w = TIFFroundup(td->td_tilewidth, td->td_ycbcrsubsampling[0]); - tsize_t rowsize = TIFFhowmany(w*td->td_bitspersample, 8); + tsize_t rowsize = + TIFFhowmany8(multiply(tif, w, td->td_bitspersample, + "TIFFVTileSize")); tsize_t samplingarea = td->td_ycbcrsubsampling[0]*td->td_ycbcrsubsampling[1]; nrows = TIFFroundup(nrows, td->td_ycbcrsubsampling[1]); /* NB: don't need TIFFhowmany here 'cuz everything is rounded */ - tilesize = nrows*rowsize + 2*(nrows*rowsize / samplingarea); + tilesize = multiply(tif, nrows, rowsize, "TIFFVTileSize"); + tilesize = summarize(tif, tilesize, + multiply(tif, 2, tilesize / samplingarea, + "TIFFVTileSize"), + "TIFFVTileSize"); } else #endif - tilesize = nrows * TIFFTileRowSize(tif); - return ((tsize_t)(tilesize * td->td_tiledepth)); + tilesize = multiply(tif, nrows, TIFFTileRowSize(tif), + "TIFFVTileSize"); + return ((tsize_t) + multiply(tif, tilesize, td->td_tiledepth, "TIFFVTileSize")); } /* @ 1.1 log @Add various bug fixes taken from Debian's unstable distribution which include fixes for CESA-2004-006. Bump package revision. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-aw was added on branch pkgsrc-2004Q3 on 2004-10-18 14:37:24 +0000 @ text @d1 100 @ 1.1.2.2 log @Pullup ticket 122 - requested by Matthias Scheler security fix for tiff Modified Files: pkgsrc/graphics/tiff: Makefile Log Message: Derive "PKGNAME" from "DISTNAME" instead of defining it manually. Modified Files: pkgsrc/graphics/tiff: Makefile Log Message: Add mirror on "ftp.fu-berlin.de" to master site list. Modified Files: pkgsrc/graphics/tiff: Makefile distinfo pkgsrc/graphics/tiff/patches: patch-ag Added Files: pkgsrc/graphics/tiff/patches: patch-ai patch-aj patch-ak patch-al patch-am patch-an patch-ao patch-ap patch-aq patch-ar patch-as patch-at patch-au patch-av patch-aw patch-ax Log Message: Add various bug fixes taken from Debian's unstable distribution which include fixes for CESA-2004-006. Bump package revision. @ text @a0 100 $NetBSD: patch-aw,v 1.1.2.1 2004/10/18 17:03:48 agc Exp $ --- libtiff/tif_tile.c.orig 2003-11-11 16:43:10.000000000 +0100 +++ libtiff/tif_tile.c 2004-10-18 16:25:33.000000000 +0200 @@@@ -31,6 +31,32 @@@@ */ #include "tiffiop.h" +static uint32 +summarize(TIFF* tif, size_t summand1, size_t summand2, const char* where) +{ + uint32 bytes = summand1 + summand2; + + if (bytes - summand1 != summand2) { + TIFFError(tif->tif_name, "Integer overflow in %s", where); + bytes = 0; + } + + return (bytes); +} + +static uint32 +multiply(TIFF* tif, size_t nmemb, size_t elem_size, const char* where) +{ + uint32 bytes = nmemb * elem_size; + + if (elem_size && bytes / elem_size != nmemb) { + TIFFError(tif->tif_name, "Integer overflow in %s", where); + bytes = 0; + } + + return (bytes); +} + /* * Compute which tile an (x,y,z,s) value is in. */ @@@@ -119,11 +145,13 @@@@ if (dz == (uint32) -1) dz = td->td_imagedepth; ntiles = (dx == 0 || dy == 0 || dz == 0) ? 0 : - (TIFFhowmany(td->td_imagewidth, dx) * - TIFFhowmany(td->td_imagelength, dy) * - TIFFhowmany(td->td_imagedepth, dz)); + multiply(tif, multiply(tif, TIFFhowmany(td->td_imagewidth, dx), + TIFFhowmany(td->td_imagelength, dy), + "TIFFNumberOfTiles"), + TIFFhowmany(td->td_imagedepth, dz), "TIFFNumberOfTiles"); if (td->td_planarconfig == PLANARCONFIG_SEPARATE) - ntiles *= td->td_samplesperpixel; + ntiles = multiply(tif, ntiles, td->td_samplesperpixel, + "TIFFNumberOfTiles"); return (ntiles); } @@@@ -138,10 +166,12 @@@@ if (td->td_tilelength == 0 || td->td_tilewidth == 0) return ((tsize_t) 0); - rowsize = td->td_bitspersample * td->td_tilewidth; + rowsize = multiply(tif, td->td_bitspersample, td->td_tilewidth, + "TIFFTileRowSize"); if (td->td_planarconfig == PLANARCONFIG_CONTIG) - rowsize *= td->td_samplesperpixel; - return ((tsize_t) TIFFhowmany(rowsize, 8)); + rowsize = multiply(tif, rowsize, td->td_samplesperpixel, + "TIFFTileRowSize"); + return ((tsize_t) TIFFhowmany8(rowsize)); } /* @@@@ -170,16 +200,24 @@@@ */ tsize_t w = TIFFroundup(td->td_tilewidth, td->td_ycbcrsubsampling[0]); - tsize_t rowsize = TIFFhowmany(w*td->td_bitspersample, 8); + tsize_t rowsize = + TIFFhowmany8(multiply(tif, w, td->td_bitspersample, + "TIFFVTileSize")); tsize_t samplingarea = td->td_ycbcrsubsampling[0]*td->td_ycbcrsubsampling[1]; nrows = TIFFroundup(nrows, td->td_ycbcrsubsampling[1]); /* NB: don't need TIFFhowmany here 'cuz everything is rounded */ - tilesize = nrows*rowsize + 2*(nrows*rowsize / samplingarea); + tilesize = multiply(tif, nrows, rowsize, "TIFFVTileSize"); + tilesize = summarize(tif, tilesize, + multiply(tif, 2, tilesize / samplingarea, + "TIFFVTileSize"), + "TIFFVTileSize"); } else #endif - tilesize = nrows * TIFFTileRowSize(tif); - return ((tsize_t)(tilesize * td->td_tiledepth)); + tilesize = multiply(tif, nrows, TIFFTileRowSize(tif), + "TIFFVTileSize"); + return ((tsize_t) + multiply(tif, tilesize, td->td_tiledepth, "TIFFVTileSize")); } /* @