<HTML>

<HEAD>

<TITLE>

	Changes in TIFF v4.0.8

</TITLE>

</HEAD>

<BODY BGCOLOR=white>

<FONT FACE="Helvetica, Arial, Sans">

<BASEFONT SIZE=4>

<FONT SIZE=+3>T</FONT>IFF <FONT SIZE=+2>C</FONT>HANGE <FONT SIZE=+2>I</FONT>NFORMATION

<BASEFONT SIZE=3>

Current Version: v4.0.8

Previous Version: v4.0.7

Master FTP Site: 

download.osgeo.org, directory pub/libtiff

Master HTTP Site #1: 

http://www.simplesystems.org/libtiff/

Master HTTP Site #2: 

http://libtiff.maptools.org/ 

This document describes the changes made to the software between the

previous and current versions (see above).  If you don't

find something listed here, then it was not done in this timeframe, or

it was not considered important enough to be mentioned.  The following

information is located here:

Major Changes

Changes in the software configuration

Changes in libtiff

Changes in the tools

Changes in the contrib area

<FONT SIZE=+3>M</FONT>AJOR CHANGES:

	
 None

<FONT SIZE=+3>C</FONT>HANGES IN THE SOFTWARE CONFIGURATION:

  
 None

<FONT SIZE=+3>C</FONT>HANGES IN LIBTIFF:

    
 libtiff/tif_getimage.c, libtiff/tif_open.c: add parenthesis

        to fix cppcheck clarifyCalculation warnings *

        libtiff/tif_predict.c, libtiff/tif_print.c: fix printf

        unsigned vs signed formatting (cppcheck

        invalidPrintfArgType_uint warnings)

    
 libtiff/tif_read.c, libtiff/tiffiop.h: fix uint32 overflow in

        TIFFReadEncodedStrip() that caused an integer division by

        zero.  Reported by Agostino Sarubbo.  Fixes

        http://bugzilla.maptools.org/show_bug.cgi?id=2596

    
 libtiff/tif_pixarlog.c, libtiff/tif_luv.c: fix heap-based

        buffer overflow on generation of PixarLog / LUV compressed

        files, with ColorMap, TransferFunction attached and nasty

        plays with bitspersample.  The fix for LUV has not been

        tested, but suffers from the same kind of issue of PixarLog.

        Reported by Agostino Sarubbo.  Fixes

        http://bugzilla.maptools.org/show_bug.cgi?id=2604

    
 libtiff/tif_strip.c: revert the change in

        TIFFNumberOfStrips() done for

        http://bugzilla.maptools.org/show_bug.cgi?id=2587 /

        CVE-2016-9273 since the above change is a better fix that

        makes it unnecessary.

    
 libtiff/tif_dirread.c: modify ChopUpSingleUncompressedStrip()

        to instanciate compute ntrips as

        TIFFhowmany_32(td->td_imagelength, rowsperstrip), instead of a

        logic based on the total size of data. Which is faulty is the

        total size of data is not sufficient to fill the whole image,

        and thus results in reading outside of the

        StripByCounts/StripOffsets arrays when using

        TIFFReadScanline().  Reported by Agostino Sarubbo.  Fixes

        http://bugzilla.maptools.org/show_bug.cgi?id=2608.

    
 libtiff/tif_ojpeg.c: make OJPEGDecode() early exit in case of

        failure in OJPEGPreDecode(). This will avoid a divide by zero,

        and potential other issues.  Reported by Agostino Sarubbo.

        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2611

    
 libtiff/tif_write.c: fix misleading indentation as warned by GCC.

    
 libtiff/tif_fax3.h: revert change done on 2016-01-09 that

        made Param member of TIFFFaxTabEnt structure a uint16 to

        reduce size of the binary. It happens that the Hylafax

        software uses the tables that follow this typedef

        (TIFFFaxMainTable, TIFFFaxWhiteTable, TIFFFaxBlackTable),

        although they are not in a public libtiff header.  Raised by

        Lee Howard.  Fixes

        http://bugzilla.maptools.org/show_bug.cgi?id=2636

    
 libtiff/tiffio.h, libtiff/tif_getimage.c: add

        TIFFReadRGBAStripExt() and TIFFReadRGBATileExt() variants of

        the functions without ext, with an extra argument to control

        the stop_on_error behaviour.

    
 libtiff/tif_getimage.c: fix potential memory leaks in error

        code path of TIFFRGBAImageBegin().  Fixes

        http://bugzilla.maptools.org/show_bug.cgi?id=2627

    
 libtiff/tif_jpeg.c: increase libjpeg max memory usable to 10

        MB instead of libjpeg 1MB default. This helps when creating

        files with "big" tile, without using libjpeg temporary files.

        Related to https://trac.osgeo.org/gdal/ticket/6757

    
 libtiff/tif_jpeg.c: avoid integer division by zero in

        JPEGSetupEncode() when horizontal or vertical sampling is set

        to 0.  Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2653

    
 libtiff/tif_dirwrite.c: in

        TIFFWriteDirectoryTagCheckedRational, replace assertion by

        runtime check to error out if passed value is strictly

        negative.  Fixes

        http://bugzilla.maptools.org/show_bug.cgi?id=2535

    
 libtiff/tif_dirread.c: avoid division by floating point 0 in

        TIFFReadDirEntryCheckedRational() and

        TIFFReadDirEntryCheckedSrational(), and return 0 in that case

        (instead of infinity as before presumably) Apparently some

        sanitizers do not like those divisions by zero.  Fixes

        http://bugzilla.maptools.org/show_bug.cgi?id=2644

    
 libtiff/tif_dir.c, tif_dirread.c, tif_dirwrite.c: implement

        various clampings of double to other data types to avoid

        undefined behaviour if the output range isn't big enough to

        hold the input value.  Fixes

        http://bugzilla.maptools.org/show_bug.cgi?id=2643

        http://bugzilla.maptools.org/show_bug.cgi?id=2642

        http://bugzilla.maptools.org/show_bug.cgi?id=2646

        http://bugzilla.maptools.org/show_bug.cgi?id=2647

    
 libtiff/tif_jpeg.c: validate BitsPerSample in

        JPEGSetupEncode() to avoid undefined behaviour caused by

        invalid shift exponent.  Fixes

        http://bugzilla.maptools.org/show_bug.cgi?id=2648

    
 libtiff/tif_read.c: avoid potential undefined behaviour on

        signed integer addition in TIFFReadRawStrip1() in isMapped()

        case.  Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2650

    
 libtiff/tif_getimage.c: add explicit uint32 cast in

        putagreytile to avoid UndefinedBehaviorSanitizer warning.

        Patch by Nicolás Peña.  Fixes

        http://bugzilla.maptools.org/show_bug.cgi?id=2658

    
 libtiff/tif_read.c: TIFFReadBufferSetup(): use _TIFFcalloc()

        to zero initialize tif_rawdata.  Fixes

        http://bugzilla.maptools.org/show_bug.cgi?id=2651

    
 libtiff/tiffio.h, tif_unix.c, tif_win32.c, tif_vms.c: add

    _TIFFcalloc()

    
 libtiff/tif_luv.c, tif_lzw.c, tif_packbits.c: return 0 in

        Encode functions instead of -1 when TIFFFlushData1() fails.

        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2130

    
 libtiff/tif_ojpeg.c: fix leak in

        OJPEGReadHeaderInfoSecTablesQTable,

        OJPEGReadHeaderInfoSecTablesDcTable and

        OJPEGReadHeaderInfoSecTablesAcTable when read fails.  Patch by

        Nicolás Peña.  Fixes

        http://bugzilla.maptools.org/show_bug.cgi?id=2659

    
 libtiff/tif_jpeg.c: only run JPEGFixupTagsSubsampling() if

        the YCbCrSubsampling tag is not explicitly present. This helps

        a bit to reduce the I/O amount when the tag is present

        (especially on cloud hosted files).

    
 libtiff/tif_lzw.c: in LZWPostEncode(), increase, if

        necessary, the code bit-width after flushing the remaining

        code and before emitting the EOI code.  Fixes

        http://bugzilla.maptools.org/show_bug.cgi?id=1982

    
 libtiff/tif_pixarlog.c: fix memory leak in error code path of

        PixarLogSetupDecode(). Patch by Nicolás Peña.  Fixes

        http://bugzilla.maptools.org/show_bug.cgi?id=2665

    
 libtiff/tif_fax3.c, tif_predict.c, tif_getimage.c: fix GCC 7

        -Wimplicit-fallthrough warnings.

    
 libtiff/tif_dirread.c: fix memory leak in non

        DEFER_STRILE_LOAD mode (ie default) when there is both a

        StripOffsets and TileOffsets tag, or a StripByteCounts and

        TileByteCounts Fixes

        http://bugzilla.maptools.org/show_bug.cgi?id=2689

    
 libtiff/tif_ojpeg.c: fix potential memory leak in

        OJPEGReadHeaderInfoSecTablesQTable,

        OJPEGReadHeaderInfoSecTablesDcTable and

        OJPEGReadHeaderInfoSecTablesAcTable Patch by Nicolás Peña.

        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2670

    
 libtiff/tif_fax3.c: avoid crash in Fax3Close() on empty file.

        Patch by Alan Coopersmith + complement by myself.  Fixes

        http://bugzilla.maptools.org/show_bug.cgi?id=2673

    
 libtiff/tif_read.c: TIFFFillStrip(): add limitation to the

        number of bytes read in case td_stripbytecount[strip] is

        bigger than reasonable, so as to avoid excessive memory

        allocation.

    
 libtiff/tif_zip.c, tif_pixarlog.c, tif_predict.c: fix memory

        leak when the underlying codec (ZIP, PixarLog) succeeds its

        setupdecode() method, but PredictorSetup fails.  Credit to

        OSS-Fuzz (locally run, on GDAL)

    
 libtiff/tif_read.c: TIFFFillStrip() and TIFFFillTile(): avoid

        excessive memory allocation in case of shorten files.  Only

        effective on 64 bit builds and non-mapped cases.  Credit to

        OSS-Fuzz (locally run, on GDAL)

    
 libtiff/tif_read.c: TIFFFillStripPartial() / TIFFSeek(),

        avoid potential integer overflows with read_ahead in

        CHUNKY_STRIP_READ_SUPPORT mode. Should

        especially occur on 32 bit platforms.

    
 libtiff/tif_read.c: TIFFFillStripPartial(): avoid excessive

        memory allocation in case of shorten files.  Only effective on

        64 bit builds.  Credit to OSS-Fuzz (locally run, on GDAL)

    
 libtiff/tif_read.c: update tif_rawcc in

        CHUNKY_STRIP_READ_SUPPORT mode with tif_rawdataloaded when

        calling TIFFStartStrip() or TIFFFillStripPartial(). This

        avoids reading beyond tif_rawdata when bytecount >

        tif_rawdatasize.  Fixes

        https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1545.

        Credit to OSS-Fuzz

    
 libtiff/tif_color.c: avoid potential int32 overflow in

        TIFFYCbCrToRGBInit() Fixes

        https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1533

        Credit to OSS-Fuzz

    
 libtiff/tif_pixarlog.c, tif_luv.c: avoid potential int32

        overflows in multiply_ms() and add_ms().  Fixes

        https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1558

        Credit to OSS-Fuzz

    
 libtiff/tif_packbits.c: fix out-of-buffer read in

        PackBitsDecode() Fixes

        https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1563

        Credit to OSS-Fuzz

    
 libtiff/tif_luv.c: LogL16InitState(): avoid excessive memory

        allocation when RowsPerStrip tag is missing.

        Credit to OSS-Fuzz (locally run, on GDAL)

    
 libtiff/tif_lzw.c: update dec_bitsleft at beginning of

        LZWDecode(), and update tif_rawcc at end of LZWDecode(). This

        is needed to properly work with the latest chnges in

        tif_read.c in CHUNKY_STRIP_READ_SUPPORT mode.

    
 libtiff/tif_pixarlog.c: PixarLogDecode(): resync tif_rawcp

        with next_in and tif_rawcc with avail_in at beginning and end

        of function, similarly to what is done in LZWDecode(). Likely

        needed so that it works properly with latest chnges in

        tif_read.c in CHUNKY_STRIP_READ_SUPPORT mode. But untested...

    
 libtiff/tif_getimage.c: initYCbCrConversion(): add basic

        validation of luma and refBlackWhite coefficients (just check

        they are not NaN for now), to avoid potential float to int

        overflows.  Fixes

        https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1663

        Credit to OSS Fuzz

    
 libtiff/tif_read.c: _TIFFVSetField(): fix outside range cast

        of double to float.  Credit to Google Autofuzz project

    
 libtiff/tif_getimage.c: initYCbCrConversion(): check luma[1]

        is not zero to avoid division by zero.  Fixes

        https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1665

        Credit to OSS Fuzz

    
 libtiff/tif_read.c: _TIFFVSetField(): fix outside range cast

        of double to float.  Credit to Google Autofuzz project

    
 libtiff/tif_getimage.c: initYCbCrConversion(): check luma[1]

        is not zero to avoid division by zero.  Fixes

        https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1665

        Credit to OSS Fuzz

    
 libtiff/tif_getimage.c: initYCbCrConversion(): stricter

        validation for refBlackWhite coefficients values. To avoid

        invalid float->int32 conversion.  Fixes

        https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1718

        Credit to OSS Fuzz

<FONT SIZE=+3>C</FONT>HANGES IN THE TOOLS:

    
 tools/fax2tiff.c (main): Applied patch by Jörg Ahrens to fix

        passing client data for Win32 builds using tif_win32.c

        (USE_WIN32_FILEIO defined) for file I/O.  Patch was provided

        via email on November 20, 2016.

    
 tools/tiffcp.c: avoid uint32 underflow in cpDecodedStrips

        that can cause various issues, such as buffer overflows in the

        library.  Reported by Agostino Sarubbo.  Fixes

        http://bugzilla.maptools.org/show_bug.cgi?id=2598

    
 tools/tiffcrop.c: fix readContigStripsIntoBuffer() in -i

        (ignore) mode so that the output buffer is correctly

        incremented to avoid write outside bounds.  Reported by

        Agostino Sarubbo.  Fixes

        http://bugzilla.maptools.org/show_bug.cgi?id=2620

    
 tools/tiffcrop.c: add 3 extra bytes at end of strip buffer in

        readSeparateStripsIntoBuffer() to avoid read outside of heap

        allocated buffer.  Reported by Agostino Sarubbo.  Fixes

        http://bugzilla.maptools.org/show_bug.cgi?id=2621

    
 tools/tiffcrop.c: fix integer division by zero when

        BitsPerSample is missing.  Reported by Agostino Sarubbo.

        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2619

    
 tools/tiffinfo.c: fix null pointer dereference in -r mode

        when the image has no StripByteCount tag.  Reported by

        Agostino Sarubbo.  Fixes

        http://bugzilla.maptools.org/show_bug.cgi?id=2594

    
 tools/tiffcp.c: avoid potential division by zero is

        BitsPerSamples tag is missing.  Reported by Agostino Sarubbo.

        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2597

    
 tools/tif_dir.c: when TIFFGetField(, TIFFTAG_NUMBEROFINKS, )

        is called, limit the return number of inks to SamplesPerPixel,

        so that code that parses ink names doesn't go past the end of

        the buffer.  Reported by Agostino Sarubbo.  Fixes

        http://bugzilla.maptools.org/show_bug.cgi?id=2599

    
 tools/tiffcp.c: avoid potential division by zero is

        BitsPerSamples tag is missing.  Reported by Agostino Sarubbo.

        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2607

    
 tools/tiffcp.c: fix uint32 underflow/overflow that can cause

        heap-based buffer overflow.  Reported by Agostino Sarubbo.

        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2610

    
 tools/tiffcp.c: replace assert( (bps % 8) == 0 ) by a non

        assert check.  Reported by Agostino Sarubbo.  Fixes

        http://bugzilla.maptools.org/show_bug.cgi?id=2605

    
 tools/tiff2ps.c: fix 2 heap-based buffer overflows (in

        PSDataBW and PSDataColorContig). Reported by Agostino Sarubbo.

        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2633 and

        http://bugzilla.maptools.org/show_bug.cgi?id=2634.

    
 tools/tiff2pdf.c: prevent heap-based buffer overflow in -j

        mode on a paletted image. Note: this fix errors out before the

        overflow happens. There could probably be a better fix.  Fixes

        http://bugzilla.maptools.org/show_bug.cgi?id=2635

    
 tools/tiff2pdf.c: fix wrong usage of memcpy() that can

        trigger unspecified behaviour.  Fixes

        http://bugzilla.maptools.org/show_bug.cgi?id=2638

    
 tools/tiff2pdf.c: avoid potential invalid memory read in

        t2p_writeproc.  Fixes

        http://bugzilla.maptools.org/show_bug.cgi?id=2639

    
 tools/tiff2pdf.c: avoid potential heap-based overflow in

        t2p_readwrite_pdf_image_tile().  Fixes

        http://bugzilla.maptools.org/show_bug.cgi?id=2640

    
 tools/tiffcrop.c: remove extraneous TIFFClose() in error code

        path, that caused double free.  Related to

        http://bugzilla.maptools.org/show_bug.cgi?id=2535

    
 tools/tiffcp.c: error out cleanly in cpContig2SeparateByRow

        and cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap

        based overflow.  Fixes

        http://bugzilla.maptools.org/show_bug.cgi?id=2656 and

        http://bugzilla.maptools.org/show_bug.cgi?id=2657

    
 tools/raw2tiff.c: avoid integer division by zero.  Fixes

        http://bugzilla.maptools.org/show_bug.cgi?id=2631

    
 tools/tiff2ps.c: call TIFFClose() in error code paths.

    
 tools/fax2tiff.c: emit appropriate message if the input file

        is empty. Patch by Alan Coopersmith.  Fixes

        http://bugzilla.maptools.org/show_bug.cgi?id=2672

    
 tools/tiff2bw.c: close TIFF handle in error code path.  Fixes

        http://bugzilla.maptools.org/show_bug.cgi?id=2677

<FONT SIZE=+3>C</FONT>HANGES IN THE CONTRIB AREA:

  
 None

Last updated $Date: 2017-05-21 17:47:46 $.

</BODY>

</HTML>