summaryrefslogtreecommitdiff
path: root/third_party/libtiff/tif_dirread.c
AgeCommit message (Collapse)Author
2017-07-20LibTIFF: remove a couple of patchesNicolas Pena
This CL removes two patches that correspond to non-security CF bugs. There are now only a few patches left: two patches to prevent overflow in _TIFFCheckRealloc (overflows here are dangerous as they can cause heap-buffer-overflows), one patch to prevent integer overflows which CF reported as a security issue, and one recent upstream patch (which would be removed in the next LibTIFF upgrade). Next steps: * Figure out how to reproduce the security issue from _TIFFCheckRealloc (samples from the bugs seem to just timeout on asan) and report bug upstream once it's confirmed that a change is needed. * Ditto integer overflow, except it was already reported upstream, so ping upstream once reproduction without the patch is possible again. Change-Id: I6f9096a6e69698d5ded6a59c4aca5e07b351e716 Reviewed-on: https://pdfium-review.googlesource.com/8532 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-07-20Upgrade LibTIFF to 4.0.8Nicolas Pena
This CL upgrades LibTIFF, removing patch files that correspond to bugs that have been resolved in 4.0.8. Change-Id: Id99d2fc9b3f25993dcb60cf1558b73674eb725bf Reviewed-on: https://pdfium-review.googlesource.com/8490 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-04-18Libtiff upstream security fixesNicolas Pena
Upstream patches applied: https://github.com/vadz/libtiff/commit/47f2fb61a3a64667bce1a8398a8fcb1b348ff122 https://github.com/vadz/libtiff/commit/0abd094b6e5079c4d8be733829240491cb230f3d https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490 https://github.com/vadz/libtiff/commit/3cfd62d77c2a7e147a05bd678524c345fa9c2bb8 https://github.com/vadz/libtiff/commit/0a76a8c765c7b8327c59646284fa78c3c27e5490 https://github.com/vadz/libtiff/commit/66e7bd59520996740e4df5495a830b42fae48bc4 Bug: chromium:711638 Change-Id: I017bfa91f7682c190bd7f8dbe36c2c3d1ac68728 Reviewed-on: https://pdfium-review.googlesource.com/4313 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-03-30Libtiff security upstream patchesNicolas Pena
CL list: https://github.com/vadz/libtiff/commit/438274f938e046d33cb0e1230b41da32ffe223e1 https://github.com/vadz/libtiff/commit/43bc256d8ae44b92d2734a3c5bc73957a4d7c1ec https://github.com/vadz/libtiff/commit/1044b43637fa7f70fb19b93593777b78bd20da86 https://github.com/vadz/libtiff/commit/9a72a69e035ee70ff5c41541c8c61cd97990d018 https://github.com/vadz/libtiff/commit/b4b41925115059b49f97432bda0613411df2f686 Bug: chromium:706349 Change-Id: I782156e7486919a62e25eeb95cb8699f1b2c5ee1 Reviewed-on: https://pdfium-review.googlesource.com/3374 Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-03-29Do more checks before big allocs in TIFFReadDirEntryArrayNicolas Pena
This CL fixes the only caller to TIFFReadDirEntryData with potentially large size so that we avoid big mallocs when we know we will fail. It does this as follows: - Avoid the unnecessary computations if datasize is very small. We don't want to be slower in this case. - If !isMapped(tif), we will Seek and Read. Check that ending position is reachable. In the other case, do a simple check for out of bounds. Bug: chromium:681311 Change-Id: Ia172d8b4d401753b7c8d5455dc1ada5335f6fa6b Reviewed-on: https://pdfium-review.googlesource.com/3253 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-03-21Upgrade libtiff to 4.0.7.Lei Zhang
Change-Id: If3f67767f738b7f23230ca8c37c9af2e31696e82 Reviewed-on: https://pdfium-review.googlesource.com/3117 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-02-09Libtiff upstream fix for large td_bitspersampleNicolas Pena
Commit: https://github.com/vadz/libtiff/commit/b5065f39ebc8b125aaa790f9003988c0d675f814 BUG=681305 Change-Id: I4e6c166f892bdac83b45e5518302bfd9cbcbd332 Reviewed-on: https://pdfium-review.googlesource.com/2571 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-02-08Libtiff upstream fix for TIFFFetchNormalTagchromium/3007Nicolas Pena
Upstream commits: https://github.com/vadz/libtiff/commit/30c9234c7fd0dd5e8b1e83ad44370c875a0270ed https://github.com/vadz/libtiff/commit/89406285f318ffad27af4b200204394b2ee6ba5e BUG=690124 Change-Id: I8388ae37e94f4e62cd8f9688baf9cf5416348d0c Reviewed-on: https://pdfium-review.googlesource.com/2558 Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2016-10-03Fix potentially uninitialized value.chromium/2880dsinclair
Depending on what ReadOK does it's possible for |dircount16| to be used without being initialized. The read code calls back into PDFium specific code which then calls into the stream reading code. Initialize the value to be sure it is set. BUG=chromium:651632 Review-Url: https://codereview.chromium.org/2389993002
2016-08-01Fix a memory leak in libtiff.thestig
BUG=633387 Review-Url: https://codereview.chromium.org/2204793002
2016-01-07XFA: Upgrade to libtiff 4.0.6.Lei Zhang
R=jun_fang@foxitsoftware.com, tsepez@chromium.org Review URL: https://codereview.chromium.org/1563103002 .