"Roberto C. Sánchez" <robe...@debian.org> writes:
> I am nearly done with the package I am currently working on. Also, I
> previously did updates for tiff/tiff3, including looking into
> CVE-2017-9935. I would be glad to take over from here.
Ok, sure.
Please find attached my full diff. It includes lots of extra printf -
naturally these should be removed.
Also I removed comparisons of t2p->tiff_transferfunction[0] and
t2p->tiff_transferfunction[1] because I could not imagine how these
would help achieve the required goal.
--
Brian May <b...@debian.org>
--- tiff-4.0.8.orig/libtiff/tif_dir.c
+++ tiff-4.0.8/libtiff/tif_dir.c
@@ -1065,6 +1065,9 @@
if (td->td_samplesperpixel - td->td_extrasamples > 1) {
*va_arg(ap, uint16**) = td->td_transferfunction[1];
*va_arg(ap, uint16**) = td->td_transferfunction[2];
+ } else {
+ *va_arg(ap, uint16**) = NULL;
+ *va_arg(ap, uint16**) = NULL;
}
break;
case TIFFTAG_REFERENCEBLACKWHITE:
--- tiff-4.0.8.orig/tools/tiff2pdf.c
+++ tiff-4.0.8/tools/tiff2pdf.c
@@ -1047,6 +1047,8 @@
uint16 pagen=0;
uint16 paged=0;
uint16 xuint16=0;
+ uint16 tiff_transferfunctioncount=0;
+ float* tiff_transferfunction[3];
directorycount=TIFFNumberOfDirectories(input);
t2p->tiff_pages = (T2P_PAGE*) _TIFFmalloc(TIFFSafeMultiply(tmsize_t,directorycount,sizeof(T2P_PAGE)));
@@ -1127,14 +1129,20 @@
sizeof(T2P_PAGE), t2p_cmp_t2p_page);
for(i=0;i<t2p->tiff_pagecount;i++){
+ printf("--- +0 = %d\n", t2p->pdf_xrefcount);
t2p->pdf_xrefcount += 5;
+ printf("--- A+5 = %d\n", t2p->pdf_xrefcount);
+ printf("--- B0+0 = %d\n", t2p->pdf_xrefcount);
TIFFSetDirectory(input, t2p->tiff_pages[i].page_directory );
+ printf("--- B1+0 = %d\n", t2p->pdf_xrefcount);
if((TIFFGetField(input, TIFFTAG_PHOTOMETRIC, &xuint16)
&& (xuint16==PHOTOMETRIC_PALETTE))
|| TIFFGetField(input, TIFFTAG_INDEXED, &xuint16)) {
t2p->tiff_pages[i].page_extra++;
t2p->pdf_xrefcount++;
+ printf("--- B+1 = %d\n", t2p->pdf_xrefcount);
}
+ printf("--- B2+0 = %d\n", t2p->pdf_xrefcount);
#ifdef ZIP_SUPPORT
if (TIFFGetField(input, TIFFTAG_COMPRESSION, &xuint16)) {
if( (xuint16== COMPRESSION_DEFLATE ||
@@ -1146,27 +1154,57 @@
}
}
#endif
+ printf("--- C+0 = %d\n", t2p->pdf_xrefcount);
+ printf("01XXXXXXXXXXXX %p %p %p\n", tiff_transferfunction[0], tiff_transferfunction[1], tiff_transferfunction[2]);
if (TIFFGetField(input, TIFFTAG_TRANSFERFUNCTION,
- &(t2p->tiff_transferfunction[0]),
- &(t2p->tiff_transferfunction[1]),
- &(t2p->tiff_transferfunction[2]))) {
- if((t2p->tiff_transferfunction[1] != (float*) NULL) &&
- (t2p->tiff_transferfunction[2] != (float*) NULL) &&
- (t2p->tiff_transferfunction[1] !=
- t2p->tiff_transferfunction[0])) {
- t2p->tiff_transferfunctioncount = 3;
- t2p->tiff_pages[i].page_extra += 4;
- t2p->pdf_xrefcount += 4;
- } else {
- t2p->tiff_transferfunctioncount = 1;
- t2p->tiff_pages[i].page_extra += 2;
- t2p->pdf_xrefcount += 2;
- }
- if(t2p->pdf_minorversion < 2)
- t2p->pdf_minorversion = 2;
+ &(tiff_transferfunction[0]),
+ &(tiff_transferfunction[1]),
+ &(tiff_transferfunction[2]))) {
+
+ printf("02XXXXXXXXXXXX %p %p %p\n", tiff_transferfunction[0], tiff_transferfunction[1], tiff_transferfunction[2]);
+ if((tiff_transferfunction[1] != (float*) NULL) &&
+ (tiff_transferfunction[2] != (float*) NULL)
+ ) {
+ tiff_transferfunctioncount=3;
+ } else {
+ tiff_transferfunctioncount=1;
+ }
} else {
- t2p->tiff_transferfunctioncount=0;
+ tiff_transferfunctioncount=0;
}
+
+ printf("1XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX %d %d\n", i, tiff_transferfunctioncount);
+ if (i > 0){
+ printf("2XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX %d %d %d\n", i, t2p->tiff_transferfunctioncount, tiff_transferfunctioncount);
+ if (tiff_transferfunctioncount != t2p->tiff_transferfunctioncount){
+ printf("xxxxxxxxxxxxxxxxxxxxxxxxxxxx");
+ TIFFError(
+ TIFF2PDF_MODULE,
+ "Different transfer function on page %d",
+ i);
+ t2p->t2p_error = T2P_ERR_ERROR;
+ return;
+ }
+ }
+
+ t2p->tiff_transferfunctioncount = tiff_transferfunctioncount;
+ t2p->tiff_transferfunction[0] = tiff_transferfunction[0];
+ t2p->tiff_transferfunction[1] = tiff_transferfunction[1];
+ t2p->tiff_transferfunction[2] = tiff_transferfunction[2];
+ if(tiff_transferfunctioncount == 3){
+ t2p->tiff_pages[i].page_extra += 4;
+ t2p->pdf_xrefcount += 4;
+ printf("--- C+4 = %d\n", t2p->pdf_xrefcount);
+ if(t2p->pdf_minorversion < 2)
+ t2p->pdf_minorversion = 2;
+ } else if (tiff_transferfunctioncount == 1){
+ t2p->tiff_pages[i].page_extra += 2;
+ t2p->pdf_xrefcount += 2;
+ printf("--- D+2 = %d\n", t2p->pdf_xrefcount);
+ if(t2p->pdf_minorversion < 2)
+ t2p->pdf_minorversion = 2;
+ }
+
if( TIFFGetField(
input,
TIFFTAG_ICCPROFILE,
@@ -1174,6 +1212,7 @@
&(t2p->tiff_iccprofile)) != 0){
t2p->tiff_pages[i].page_extra++;
t2p->pdf_xrefcount++;
+ printf("--- E+1 = %d\n", t2p->pdf_xrefcount);
if(t2p->pdf_minorversion<3){t2p->pdf_minorversion=3;}
}
t2p->tiff_tiles[i].tiles_tilecount=
@@ -1203,6 +1242,7 @@
if( t2p->tiff_tiles[i].tiles_tilecount > 0){
t2p->pdf_xrefcount +=
(t2p->tiff_tiles[i].tiles_tilecount -1)*2;
+ printf("--- F+%d = %d\n", (t2p->tiff_tiles[i].tiles_tilecount -1)*2, t2p->pdf_xrefcount);
TIFFGetField(input,
TIFFTAG_TILEWIDTH,
&( t2p->tiff_tiles[i].tiles_tilewidth) );
@@ -1222,6 +1262,7 @@
return;
}
}
+ printf("11111page %d %d\n", i, t2p->pdf_xrefcount);
}
return;
@@ -1824,8 +1865,7 @@
&(t2p->tiff_transferfunction[2]))) {
if((t2p->tiff_transferfunction[1] != (float*) NULL) &&
(t2p->tiff_transferfunction[2] != (float*) NULL) &&
- (t2p->tiff_transferfunction[1] !=
- t2p->tiff_transferfunction[0])) {
+ ) {
t2p->tiff_transferfunctioncount=3;
} else {
t2p->tiff_transferfunctioncount=1;
@@ -5430,6 +5470,7 @@
t2p->t2p_error = T2P_ERR_ERROR;
return(written);
}
+ printf("xxxxxxxxxxxxxxxxxxxxxxxxxx %d %d\n", t2p->tiff_transferfunctioncount, t2p->pdf_xrefcount);
t2p->pdf_xrefcount=0;
t2p->pdf_catalog=1;
t2p->pdf_info=2;
@@ -5451,13 +5492,16 @@
written += t2p_write_pdf_pages(t2p, output);
written += t2p_write_pdf_obj_end(output);
for(t2p->pdf_page=0;t2p->pdf_page<t2p->tiff_pagecount;t2p->pdf_page++){
+ printf("xxxxx new page %d %d %d\n", t2p->pdf_page, t2p->tiff_pagecount, t2p->pdf_xrefcount);
t2p_read_tiff_data(t2p, input);
if(t2p->t2p_error!=T2P_ERR_OK){return(0);}
t2p->pdf_xrefoffsets[t2p->pdf_xrefcount++]=written;
+ printf("--- AA+1 = %d\n", t2p->pdf_xrefcount);
written += t2p_write_pdf_obj_start(t2p->pdf_xrefcount, output);
written += t2p_write_pdf_page(t2p->pdf_xrefcount, t2p, output);
written += t2p_write_pdf_obj_end(output);
t2p->pdf_xrefoffsets[t2p->pdf_xrefcount++]=written;
+ printf("--- AB+1 = %d\n", t2p->pdf_xrefcount);
written += t2p_write_pdf_obj_start(t2p->pdf_xrefcount, output);
written += t2p_write_pdf_stream_dict_start(output);
written += t2p_write_pdf_stream_dict(0, t2p->pdf_xrefcount+1, output);
@@ -5469,16 +5513,21 @@
written += t2p_write_pdf_stream_end(output);
written += t2p_write_pdf_obj_end(output);
t2p->pdf_xrefoffsets[t2p->pdf_xrefcount++]=written;
+ printf("--- AC+1 = %d\n", t2p->pdf_xrefcount);
written += t2p_write_pdf_obj_start(t2p->pdf_xrefcount, output);
written += t2p_write_pdf_stream_length(streamlen, output);
written += t2p_write_pdf_obj_end(output);
if(t2p->tiff_transferfunctioncount != 0){
t2p->pdf_xrefoffsets[t2p->pdf_xrefcount++]=written;
+ printf("--- B+1 = %d\n", t2p->pdf_xrefcount);
written += t2p_write_pdf_obj_start(t2p->pdf_xrefcount, output);
written += t2p_write_pdf_transfer(t2p, output);
written += t2p_write_pdf_obj_end(output);
for(i=0; i < t2p->tiff_transferfunctioncount; i++){
+ printf("1zzzzzzzzzzzzzzzzzzzzzzzzz %d %d %d\n", i, t2p->tiff_transferfunctioncount, t2p->pdf_xrefcount);
t2p->pdf_xrefoffsets[t2p->pdf_xrefcount++]=written;
+ printf("--- C+1 = %d\n", t2p->pdf_xrefcount);
+ printf("2zzzzzzzzzzzzzzzzzzzzzzzzz %d %d %d\n", i, t2p->tiff_transferfunctioncount, t2p->pdf_xrefcount);
written += t2p_write_pdf_obj_start(t2p->pdf_xrefcount, output);
written += t2p_write_pdf_stream_dict_start(output);
written += t2p_write_pdf_transfer_dict(t2p, output, i);
@@ -5489,10 +5538,12 @@
/* streamlen=written-streamlen; */ /* value not used */
written += t2p_write_pdf_stream_end(output);
written += t2p_write_pdf_obj_end(output);
+ printf("5zzzzzzzzzzzzzzzzzzzzzzzzz %d %d %d\n", i, t2p->tiff_transferfunctioncount, t2p->pdf_xrefcount);
}
}
if( (t2p->pdf_colorspace & T2P_CS_PALETTE) != 0){
t2p->pdf_xrefoffsets[t2p->pdf_xrefcount++]=written;
+ printf("--- D+1 = %d\n", t2p->pdf_xrefcount);
t2p->pdf_palettecs=t2p->pdf_xrefcount;
written += t2p_write_pdf_obj_start(t2p->pdf_xrefcount, output);
written += t2p_write_pdf_stream_dict_start(output);
@@ -5507,6 +5558,7 @@
}
if( (t2p->pdf_colorspace & T2P_CS_ICCBASED) != 0){
t2p->pdf_xrefoffsets[t2p->pdf_xrefcount++]=written;
+ printf("--- E+1 = %d\n", t2p->pdf_xrefcount);
t2p->pdf_icccs=t2p->pdf_xrefcount;
written += t2p_write_pdf_obj_start(t2p->pdf_xrefcount, output);
written += t2p_write_pdf_stream_dict_start(output);
@@ -5522,6 +5574,7 @@
if(t2p->tiff_tiles[t2p->pdf_page].tiles_tilecount !=0){
for(i2=0;i2<t2p->tiff_tiles[t2p->pdf_page].tiles_tilecount;i2++){
t2p->pdf_xrefoffsets[t2p->pdf_xrefcount++]=written;
+ printf("--- F+1 = %d\n", t2p->pdf_xrefcount);
written += t2p_write_pdf_obj_start(t2p->pdf_xrefcount, output);
written += t2p_write_pdf_stream_dict_start(output);
written += t2p_write_pdf_xobject_stream_dict(
@@ -5539,12 +5592,14 @@
written += t2p_write_pdf_stream_end(output);
written += t2p_write_pdf_obj_end(output);
t2p->pdf_xrefoffsets[t2p->pdf_xrefcount++]=written;
+ printf("--- G+1 = %d\n", t2p->pdf_xrefcount);
written += t2p_write_pdf_obj_start(t2p->pdf_xrefcount, output);
written += t2p_write_pdf_stream_length(streamlen, output);
written += t2p_write_pdf_obj_end(output);
}
} else {
t2p->pdf_xrefoffsets[t2p->pdf_xrefcount++]=written;
+ printf("--- H+1 = %d\n", t2p->pdf_xrefcount);
written += t2p_write_pdf_obj_start(t2p->pdf_xrefcount, output);
written += t2p_write_pdf_stream_dict_start(output);
written += t2p_write_pdf_xobject_stream_dict(
@@ -5562,10 +5617,12 @@
written += t2p_write_pdf_stream_end(output);
written += t2p_write_pdf_obj_end(output);
t2p->pdf_xrefoffsets[t2p->pdf_xrefcount++]=written;
+ printf("--- I+1 = %d\n", t2p->pdf_xrefcount);
written += t2p_write_pdf_obj_start(t2p->pdf_xrefcount, output);
written += t2p_write_pdf_stream_length(streamlen, output);
written += t2p_write_pdf_obj_end(output);
}
+ printf("22222page %d %d\n", t2p->pdf_page, t2p->pdf_xrefcount);
}
t2p->pdf_startxref = written;
written += t2p_write_pdf_xreftable(t2p, output);
