9 Commits

Author SHA1 Message Date
James Zern
dd7e83cca7 tiffdec,ReadTIFF: ensure data_size is < tsize_t max
Change-Id: I0ad9589a7f994294100e1c5a38abf6ebe417f8a9
2017-05-17 13:02:06 -07:00
James Zern
d988eb7b39 tiffdec,MyRead: quiet -Wshorten-64-to-32 warning
Change-Id: I7e2c7a9b80278b3056151c74a939b0f55bbbc90c
2017-05-17 12:06:53 -07:00
James Zern
1923ff0222 tiffdec: fix EXTRASAMPLES check
the TIFFGetField() return for TIFFTAG_EXTRASAMPLES is defined as (count,
types array) [1]. previously the count was being checked rather than the
first element of the array to determine whether the alpha was associated
(pre-multiplied) and the result needed to be unmultiplied.

since:
9273e441 fix TIFF encoder regarding rgbA/RGBA

[1] http://www.libtiff.org/man/TIFFSetField.3t.html

Change-Id: I6e41be9d038fe8afb6d0aa3c8048925dc901113b
2017-04-26 22:49:11 -07:00
James Zern
97cce5ba83 tiffdec: only request EXTRASAMPLES w/> 3 samples/px
Change-Id: I820e7de34e500c42ab51c97a70f25319807d58eb
2017-04-25 19:10:08 -07:00
Pascal Massimino
9273e441da fix TIFF encoder regarding rgbA/RGBA
Encoder:
We were always using ExtraSamples=1, which means associated-alpha.
But we don't need the (lossy) excursion to rgbA format. We can save
the samples as RGBA directly, by changing ExtraSamples to '2'.
The TIFF encoder now checks the colorspace properly, to handle
premultiplied format as well as non-premultiplied.

Decoder:
The result of TIFFReadRGBAImageOriented() is always pre-multiply.
So, in case an alpha channel is present, we need to unmultiply it before
calling WebPPictureImportRGBA().

See:
https://www.itu.int/itudoc/itu-t/com16/tiff-fx/docs/tiff6.pdf (page 31)
and also http://www.asmail.be/msg0055469184.html

Change-Id: I3258bfdb0eb2e1a53d6c04414f55edb2926c938c
2017-03-03 10:36:29 -08:00
James Zern
f04eb37603 libwebp-0.5.2
- 12/13/2016: version 0.5.2
   This is a binary compatible release.
   This release covers CVE-2016-8888 and CVE-2016-9085.
   * further security related hardening in the tools; fixes to
     gif2webp/AnimEncoder (issues , , , ), cwebp/libwebp (issue
     )
   * full libwebp (encoder & decoder) iOS framework; libwebpdecoder
     WebP.framework renamed to WebPDecoder.framework (issue )
   * CMake support for Android Studio (2.2)
   * miscellaneous build related fixes (issue , )
   * miscellaneous documentation improvements (issue )
   * minor lossy encoder fixes and improvements
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJYWfopAAoJEPnD1r24Iytd0gAQALhTSEjJVmKfHxyPNDduc3kn
 QeiVaVwPiOS/a266+ZnWHzCvkR3zgqZxNlyKzRty378gM8/P7r2dMCmfdnVFbF4O
 a7M1lld9yYldNpAxvHDnY9u2RzmRfVD1yYu27gv77uT7gR2IybQ81FHi1pn56tFA
 2g4yHdrC2tXud22ZUb9Bgqe7YW06gWND4EmeJgxF38S98gdrtJla5rmlUcuEhbIl
 SHpkbEgJX4nZxWggyCJ61/OxeEwwWBtI3kpSLkEqmCVSnFb7WBC7pITq59n8hg2U
 SaYCfWGRJ/oQQvxUxuPYYtzq26dYOxd2vT9S1mcE1be9jMGxKp9vgE8jNflvtza1
 wTPUajaPUjsTLAvFikQRo+34W9QxOKp9jCX9Be0V4wvBClfM13toBgKolzPGGUuo
 zlcZ0/GgzwfQ+sD7bs/p/7ToiH+GejBUK7FUR8ZB7EHZrDynszSzEevx5SUzPWV3
 1q4TyD5eclUOjb4S2yplcKp0kwkwtOA5ETboPzA+b8TQnfTFM3GP7fMoYvORbSZp
 39/H5hi1bjlOE4m3mp3qqfR2DMWZlla7YNZiuuTEeY3ztrlqeakC2ma1Fhi6ZmbG
 TrqmAaDTueRizry4E7Fr9sBw0mee14v/xcTFcDcSI1BRFclFc1KAw0ObzdaN2iEt
 L5tjlqzH0XEH4fl5OnD3
 =x+Y3
 -----END PGP SIGNATURE-----

Merge tag 'v0.5.2'

libwebp-0.5.2
- 12/13/2016: version 0.5.2
  This is a binary compatible release.
  This release covers CVE-2016-8888 and CVE-2016-9085.
  * further security related hardening in the tools; fixes to
    gif2webp/AnimEncoder (issues , , , ), cwebp/libwebp (issue
    )
  * full libwebp (encoder & decoder) iOS framework; libwebpdecoder
    WebP.framework renamed to WebPDecoder.framework (issue )
  * CMake support for Android Studio (2.2)
  * miscellaneous build related fixes (issue , )
  * miscellaneous documentation improvements (issue )
  * minor lossy encoder fixes and improvements

* tag 'v0.5.2': (54 commits)
  update ChangeLog
  anim_util: quiet implicit conv warnings in 32-bit
  jpegdec: correct ContextFill signature
  Remove some errors when compiling the code as C++.
  vwebp: clear canvas during resize w/o animation
  tiffdec: restore libtiff 3.9.x compatibility
  update NEWS
  AnimEncoder: avoid freeing uninitialized memory pointer.
  WebPAnimEncoder: If 'minimize_size' and 'allow_mixed' on, try lossy + lossless.
  fix a potential overflow with MALLOC_LIMIT
  bump version to 0.5.2
  update AUTHORS & .mailmap
  iosbuild.sh: add WebPDecoder.framework + encoder
  AnimEncoder: Correctly skip a frame when sub-rectangle is empty.
  Fix assertions in WebPRescalerExportRow()
  fix a typo in WebPPictureYUVAToARGB's doc
  systematically call WebPDemuxReleaseIterator() on dec->prev_iter_
  doc: use two's complement explicitly for uint8->int8 conversion
  Anim_encoder: correctly handle enc->prev_candidate_undecided_
  WebPPictureDistortion(): free() -> WebPSafeFree()
  ...

Change-Id: I16bcf54af41ce8fad98d4fbc8aa1df58f338fc23
2016-12-20 20:14:55 -08:00
James Zern
2a2773ea29 imageio/*dec,Read*: add input parameter checks
Change-Id: I5e069d6ea4da9d8c71be03ef99aad679dd1aad21
2016-10-12 20:49:30 -07:00
James Zern
bc86b7a8a1 imageio_util: add ImgIoUtilCheckSizeArgumentsOverflow
and use it to validate decoder allocations. fixes a crash in jpegdec at
least.

BUG=webp:312

Change-Id: Ia940590098f29510add6aad10a8dfe9e9ea46bf4
2016-10-07 14:41:48 -07:00
James Zern
c379b55a93 move examples/{example_util,image_dec} to imageio/
Change-Id: I2508c786a095a2a75bebf766210c64e2af88f9b6
2016-07-19 19:06:29 -07:00