-
Notifications
You must be signed in to change notification settings - Fork 282
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
memcpy-param-overlap bug in src/tiffvisitor_int.cpp #2027
Comments
Thanks @yuawn! |
Background info: we initially investigated this as a potential security vulnerability, but have now concluded that it's a regular bug with no security impact. So I asked @yuawn to create this public issue. |
The bug is here: Lines 747 to 750 in fd84471
I don't believe this bug is a security concern. The code is just moving data within a larger buffer, so the access isn't out-of-bounds. The data might get copied incorrectly, but it's already attacker-controlled data so that doesn't make any difference from a security perspective. |
(cherry picked from commit 4aa701f)
…27.6 Christoph Hasse (1): fix naming of canon EF 35-80mm.closes #2247 Kevin Backhouse (7): Treat Exif.Sony1.PreviewImage as undefined tag. PoC image file for Exiv2/exiv2#2027 Use memmove, rather than memcpy, because memory regions might overlap. Update tiffvisitor_int.cpp Fix bug in loop. It wasn't iterating over the elements of dateStrings as intended. Regression test for Exiv2/exiv2#2268 Replace assert with enforce. (Fix for Exiv2/exiv2#2268) Luis Diaz (4): ci: sync workflows with latest changes on main branch Fix out of bounds read in isValidBoxFileType() Add poc for fuzzing coverage ci: update conan version in ci jobs and dependencies version Luis Díaz Más (7): Fix conan ci luis (#2018) 0.27 Running tests with ctest (#2024) 0.27 Nightly pre-builds for 0.27 (#2025) Fix JP2 write/read metadata Detect integer-overflow and throw in that case Add POC file for issue 2190 Fix integer overflow #2179 Miloš Komarčević (21): Streamline MinGW package installation for CI Update README.md for pacman command simplification Remove legacy MinGW CI builds Initial MSYS2 workflow for GHA Handle unused warnings Add more DNG 1.6 tags Switch Cygwin CI to GHA (#2032) Update conan for Windows CI Add Sony ARW compression to dict (#2046) Strip XMP raw packet before decoding (#2139) Update CI actions (0.27-maintenance) (#2142) Initial support for OM System MakerNote Add OM System MakerNote test Account for header bytes for Exif and XMP boxes (backport #2234) Add some F mount lenses PNG: always strip the existing iCCP chunk Add Nikon LensData v0802 (backport #2287) Add Nikon3.WhiteBalanceBias2 (backport #2311) ci: Upgrade conan to version 1.51.0 Add more MIME type mappings for TIFF-based raws Exif start can be at any byte in payload, not word aligned Nehal J Wani (3): Bump conan version Replace array with std::vector in decodeBase64() Exiv2 v0.27.6 Peter (3): Fix rename text in manpage (#2328) Fix bmff exception; Bump Conan version (#2375) Update docs concerning BMFF-based files (#2404) Robin Mills (16): fix_1558_cmake_build_type retrigger checks retrigger checks retrigger checks add --verbose option for Cygwin/CI. No idea why it's failing. Been stable since I wrote it a year ago. Revert "add --verbose option for Cygwin/CI. No idea why it's failing. Been stable since I wrote it a year ago." The Cygwin/CI is broken. (#2003) Added a sentence to `5.4 Cygwin/64` about `apt-cyg`. Initial changes to documentation to support CTest. I intend to integrate changes from main/README.md in this PR. Fixes following review. Bringing format/layout of 0.27-maintenance/README.md very close to main/README.md. Minor layout improvements. I've polished this and minimized the differences with main/README.md. It's not possible to add lensTest into 0.27-maintenance without modifying Exiv2::getExiv2ConfigPath(). Fixes following review. Fixes following review. fix_2044_add_tiff_tags
(cherry picked from commit 4aa701f)
…28.0 Alan01 (2): Create da.po Update da.po Alex Esseling (36): work on canon tags second rund update tags ID update canonrf tags, new lenses update to tags Adding Ambience Selection to tag list Adding tag Canon AFMicroAdj Canon MultiExposure tag added Adding Canon Lighting Optimization Tag Adding of Canon Vignetting Correction Tag 2 canon filter options Adding LensSerialNumber Tag Adding Canon AF Config Tag Adding Canon RawBurst Tag Canon AF Info 2 Tag wrong brackets fixed fix wrong brackets fix of tests case test_issue_981.py fix of test_issue_1151.py fix test_issue_1122.py ExposureCompensation added Exif.Canon.CanonFlashInfo Exif.CanonCs.SpotMeteringMode Exif.CanonCs.PhotoEffect Exif.CanonSi.NDFilter Exif.CanonSi.SelfTimer2 Exif.Canon.CanonFlashInfo Exif.CanonSi.FlashOutput Exif.CanonSi.NDFilter fix test cases adding exposurecompensation OpticalZoomCode added fix typo Optical Zoom Code adding OpticalZoomCode AEB Bracket Value added controlmode added Alexander Steffen (7): Add test for all known Canon lenses Execute test commands always with shell Remove undetectable lenses Clean up Canon lens list Fix rounding error in fnumber calculation Fix misdetection of Tamron SP AF 300mm as Canon EF 75-300mm Improve detection of Canon lenses with TC Andrea Giudiceandrea (1): Add Exif.Image.PageName tag (#1765) Antonio Rojas (1): Fix build with gtest 1.11 Attila Oláh (1): Fix compilation with -Wunused-variable Ben McCann (1): Enable video support by default Christoph Hasse (70): fix archlinux ci build docs: fix example command in man pages. closes #1685 (#1686) refactor!: remove free() function from DataBuf to avoid potential problems, see #1542 feat: Setup github actions workflow to build tagged release and nightly pre-release (#1676) refactor: move canon lens tests into new test directory refactor!: use lensfun style nameing for lenses refactor: use function to calculate raw exif value given aperture feat: rework lens test to account for ambiguous lenses fix: readd some previously removed lenses now that we plan to trea ambiguous lenses fix: prevent creation of nightly release with draf==true feat: improve lens recognition of canon makernote fix: fix bash test following the new canon lens identification fix: update tests following new canon lens identification fix: prefer symbolic boolean operators so windows is happy fix: make casts explicit to please msvc fix: workaround centos-8 bug-18212 fix: allow for FX.Y syntax in aperture regex fix: change duplicated Canon RF 100-500 2x into missing 1.4 teleconverter version fix: avoid processing MOV (quicktime) files when BMFF is enabled fix: add Sigma 30mm f/1.4 DC DN | C to canon lens detection feat: add test for #1782 refactor: remove FindRegex.cmake refactor: remove regex related cmake stuff refactor: replace old linux regex.h with regex from STL. refactor: use POSIX regex syntax as that is what was used before refactor: update readme to reflect regex changes refactor: avoid unused variable warning of regex_error refactor: remove leftover empty if statement remove exv_grep_keys_t type alias fix: SIGSEGV on parsing of config file. (introduced in main by clang-tidy fix) add test of config file based lens name determination first search cwd for config file then check home dir adapt test to make use of config file search in cwd adapt man pages to reflect new config file path behaviour Fixes for Max and Win make the ifdef in getExiv2ConfigPath a bit more minimal update man page to reflect what is done in code add Canon EF 100-400 2x, and make size of aperture lens matching delta dependent on teleconverter factor test: add new test for lens Update codecov badge in readme to show results of main branch refactor: small cleanup of test infra to avoid duplicate runs dont do codecov for samples and tests update codecov coverage github action and remove use of deprecated bash uploader check integrity of codecov executable check integrity of codecov executable fix: incorrectly triggered enforce check during preview extraction in LoaderTiff::getData(), closes #1829 workaround for softprops/action-gh-release#139 fix(testing): codecov reports (#2094) move test reference files into their own subdirectory feat(testing): add a new extensive regression test that runs exiv2 over every test file we have move test_regression_allfiles.py into its own subdirectory and add the test to cmakelists.txt Decoding of Canon HDRInfo tag fix(canon): cleanup canonAf2 and canonAf3 related code add .git-blame-ignore-revs file and add clang-format commit to it (#2170) also run format action on pull request fix naming of canon EF 35-80mm.closes #2247 add files from #2247 to regression test suite fix(ci) disable webready and curl for release builds [ci skip] fix(ci) adapt to breaking changes of upgrading github-script [ci skip] fix(video) bmffimage can not currently handle mp42 files so skip those feat(video) revive quicktime.{h,cpp} and adapt to codebase changes. fix(video) filetype detection: handle video via quicktimevideo.cpp and other ftyp files in bmffimage test(video) add small video file to execute some code in quicktimevideo.cpp fix(video) clang-format quicktimevideo fix(video) dont throw in isQTimeType fix(quicktimevideo) silence windows warnings fix(quicktimevideo) cleanup and hardening as suggested in review by @kevinbackhouse fix(quicktimevideo) avoid out of bounds read, closes #2340 test(quicktimevideo) add poc for #2340 fix(doc) mention video support in exiv2.md Colin Watson (2): Add custom update-pot target Annotate some strings with xgettext:no-c-format D4N (1): Add linux_distribution_check github action Daniel Vogelbacher (1): Use official Canon RF lens model names David Houlder (2): Canon cr3 previews (#1958) Performance boost: don't read boxes we're not interested in Dmitry Fedorov (4): fix for reading jpeg-xr images Update src/tiffimage_int.cpp Update src/tiffimage_int.cpp Added JPEG-XR test file (#1946) Eli Schwartz (1): meson: compile convert.cpp separately, with just iconv Evan Miller (2): Pass -fstack-protector-strong to linker Explicitly test for libproc.h (#1916) Fabrice Fontaine (1): add BUILD_WITH_STACK_PROTECTOR option Facundo (1): Output of -PV was not suitable for inputting to -m-, key was missing. (#1970) Gribouilleuse (3): Addition of 4 lenses Pentax Addition of 4 lenses Pentax Uppercase Pentax to PENTAX at lines 819 to 822 Heiko Bauke (1): fix out of range access, minor performance improvement Jakub Wilk (1): READMEs: Add whitespace around atx-style headers Jeka Pats (1): Add libFuzzer integration + report bug Jim Easterbrook (5): Hide "static constexpr auto" from SWIG Restore modified tags after TZ manipulation Add test files for PR 1999 / issue 1998 Use \" instead of ' for exiv2 command string Add key name to "Value not set" error message (#2149) John55h (1): Update canonmn_int.cpp Josh Soref (1): Spelling (#2067) Kevin Backhouse (288): Update security process. Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-jgm9-5fw5-pw9p Better bounds checking in Jp2Image::encodeJp2Header() Fix signed/unsigned compiler warnings. Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-5p8g-9xf3-gfrr Improve bound checking in WebPImage::doWriteMetadata() Regression test for https://github.com/Exiv2/exiv2/issues/1570. Fix out-of-bounds read in bmffimage.cpp Stop the test from failing when EXIV2_ENABLE_BMFF=Off. Fix signed/unsigned compiler warning. Fix signed/unsigned compiler warning. Fix LGTM warning about format specifier Check that the string is properly terminated. Add windows_distribution_check GitHub Action. Add more bounds checks in Jp2Image::encodeJp2Header Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-8949-hhfh-j7rj Add clarification about reproducibility requirements. Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2 Add bounds check in Jp2Image::doWriteMetadata(). Fix infinite loop caused by subBox with zero size. Prevent large allocation. Use readOrThrow to check error conditions of iIo.read(). Fix quadratic complexity performance bug. Remove obsolete snprintf macros. fix: zero initialize local variables. (#1743) fix: stricter date parsing in value.cpp (#1720) Replace sprintf with snprintf. feat: Codeql analysis (#1747) Defensive coding to avoid 0x80000000/0xFFFFFFFF FPE. Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-pvjp-m4f6-q984 Prevent divide-by-zero crash. Defensive coding to avoid 0x80000000/0xFFFFFFFF FPE. fix incorrect loop condition (#1752) Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-h9x9-4f77-336w Throw exception if lens info wasn't found. Check that findKey didn't return end(). Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-583f-w9pm-99r2 Better bounds checking in Jp2Image::printStructure Add custom CodeQL query for null iterator deref. Regression test for https://github.com/Exiv2/exiv2/issues/1763 Don't deref end iterator. CodeQL query to detect unsafe uses of std::vector::operator[]. Updates to make fuzzing work. Rename fuzz target Add printing and writing to fuzzer. Action that runs fuzzer for short amount of time on PRs. Add workflow_dispatch for manual trigger Fix indentation Try with sudo. Fix code scanning alert: "Multiplication result converted to larger type". Add -workers option to use all cores. Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-mv9g-fxh2-m49m Don't crash if s > size. Print message to stderr when EXIV2_DEBUG_MESSAGES is enabled. Better way to print the error message. Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-m479-7frc-gqqg dirLength == 0 can cause an infinite loop. Defensive programming in Image::printIFDStructure Ignore results in the xmpsdk directory. Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-v5g7-46xf-h728 Check that `type` isn't an empty string. Safer std::vector indexing. Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-hqjh-hpv8-8r9p Extra checking to prevent the loop counter from wrapping around. Defensive coding changes to avoid integer overflow in loop conditions. Better fix for potential integer overflow in `bytes.size() - 3`. Type of escapeStart should be size_t. Fix warning: comparison of integer expressions of different signedness Add a test to improve coverage in xmpsidecar.cpp Regression test for https://github.com/Exiv2/exiv2/issues/1793 Add `pbox_end` param to `BmffImage::boxHandler` to enforce box nesting. Support for 64-bit box lengths looked broken. address + box_length == box_end Enable fuzzing of bmffimage.cpp Extra protection against large allocations. Fix compiler warnings. Fix format specifier. Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-9jh3-fcc3-g6hv Make sure that read is complete to prevent infinite loop. Remove redundant check. Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-g44w-q3vm-gwjq &bytes[0] will crash if bytes has zero elements. Skip unittest because -pR is disabled in release builds so the test fails. Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-mvc4-g5pv-4qqq bufRead needs to be adjusted after seek() Improved handling of jpg segments to avoid out-of-bound reads. Fix compiler warning. Update src/jpgimage.cpp poc from GHSA-9jh3-fcc3-g6hv can now be parsed without error. Add comment to explain bounds-check. Add `markerHasLength` utility function. Fix build error when EXIV2_DEBUG_MESSAGES is enabled. Add fuzzing dictionary and test all printStructure() options Remove redundant call to exifData(). Regression test for https://github.com/Exiv2/exiv2/issues/1815 Add bounds-check to prevent out-of-bounds read in memcmp. Regression test for https://github.com/Exiv2/exiv2/issues/1817 Use DataBuf, rather than new[], for automatic delete when an exception is throw. Add static_cast to fix build error on Windows. Regression test for https://github.com/Exiv2/exiv2/issues/1812 Check size before allocation to avoid out-of-memory errors. Add comment to explain the bounds-check. Regression test for https://github.com/Exiv2/exiv2/issues/1819 Check that the string isn't empty Regression test for https://github.com/Exiv2/exiv2/issues/1827 Check value is in range before casting from double to uint32_t, to avoid undefined behavior. Update src/tags_int.cpp Use std::round for rounding to nearest. Replace assertion with an error message. Regression test for https://github.com/Exiv2/exiv2/issues/1830 Safer casting from double to long. Regression test for https://github.com/Exiv2/exiv2/issues/1838 Check that the float is within the range of an int before casting. Regression test for https://github.com/Exiv2/exiv2/issues/1841 Use DataBuf rather than raw malloc. Replace assertion with an error message. Regression test for https://github.com/Exiv2/exiv2/issues/1845 Replace assertion with an error message. Test for https://github.com/Exiv2/exiv2/issues/1821 Fix for https://github.com/Exiv2/exiv2/issues/1856 Add sanitizer flags when fuzzing. Add LSAN suppressions. Decouple EXIV2_BUILD_FUZZ_TESTS from EXIV2_TEAM_USE_SANITIZERS. Call Metadatum::print() to increase fuzzing coverage. Add special build mode for OSS-Fuzz. Add OSS-Fuzz status badge and CIFuzz integration. Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37363 Add test to improve code coverage. Regression test for https://github.com/Exiv2/exiv2/issues/1881 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37492 Only build XMLValidator when XMP is enabled. Add second test file for better code coverage. Make fields of DataBuf private. Fix build failure on Windows. Fix build failure. Add unit test for methods like DataBuf::read_uint32 and DataBuf::write_uint32. Make offset=0 the default parameter. Regression test for https://github.com/Exiv2/exiv2/issues/1887 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37889 Standardize on conan 1.39.0 Add doc to release build. Remove unused constructor that was causing a build failure in OSS-Fuzz. Regression test for https://github.com/Exiv2/exiv2/issues/1901 Comment out bogus code. Add more checks to prevent integer overflow. Throw an exception on integer overflow. Fix test failure. Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38887 Regression test for https://github.com/Exiv2/exiv2/issues/1912 Do the calculation in floating point to avoid integer overflow. Regression test for: https://github.com/Exiv2/exiv2/issues/1920 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39060 Add CodeQL query to detect variants of issue #1920. Add regression test to https://github.com/Exiv2/exiv2/pull/1918 Update copyright and bug-address Add second test to improve code coverage. Add third test to improve code coverage. Clarify ownership model of CiffComponent::pData_ Add workaround for conan outage: https://github.com/conan-io/conan/issues/9695 We only need to extract one byte. Fix Conan on macOS Fix Conan on macOS Use same Conan version on macOS as on other platforms. Use =default. More =default changes. Regression test for https://github.com/Exiv2/exiv2/issues/1954 Use std::move to transfer ownership of DataBufs. Delete the copy assignment operator to avoid accidental copying. Revert "Fix for https://github.com/Exiv2/exiv2/issues/1856" Fix indentation Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39555 Try a newer version of Conan. Add readOrThrow and seekOrThrow to BasicIo. Remove static functions readOrThrow and seekOrThrow. Remove Conan from MacOS build. Remove opensuse/tumbleweed, because the docker image is broken. Regression test for https://github.com/Exiv2/exiv2/issues/2006 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41438 Treat Exif.Sony1.PreviewImage as undefined tag. PoC image file for https://github.com/Exiv2/exiv2/issues/2027 Use memmove, rather than memcpy, because memory regions might overlap. Clarify policy on when a bug is considered a security issue (#2038) Fix bug in loop. It wasn't iterating over the elements of dateStrings as intended. Delete TiffEntryBase::isMalloced_ field and use a std::shared_ptr instead. Remove DataBuf::release() which is no longer used. Add storage parameter to setData. Add comments. Replace Value::toLong with Value::toInt64. (#2062) Replace Metadatum::toLong() with Metadatum::toInt64(). Convert type of pixelHeight/pixelWidth to platform-independent uint32_t. Fix compiler warnings. Move Metadatum::toUint32() implementation out of header file. Catch std::exception in iptcprint. Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45291 Add exclusion for issue_2160_poc.jpg Add poc for fuzzing coverage. More bounds checking in Adjust::adjustDateTime Replace long with int64_t in exiv2app.hpp Change return type of BasicIo::tell() to size_t. Fix some "signed shift" warnings. Fix some incorrect format specifiers. Fix some "signed shift" warnings Eliminate some false positive results. Regression test for https://github.com/Exiv2/exiv2/issues/2268 Replace assert with enforce. (Fix for https://github.com/Exiv2/exiv2/issues/2268) Add issue_2268_poc.jp2 to the exclude list. Move enums from tags_int.hpp to tags.hpp Fix some "unsafe vector access" warnings. clang-format Simplify the iptcDataSegs logic Use emplace_back Convert IfdId and SectionId to enum classes. Don't use long in floatToRationalCast Use int32_t in TimeValue Use size_t for the offset. Change type of sizeDataArea_ Use size_t Fix implicit type conversions. Refactor printIFDStructure depth increment Refactor printTiffStructure depth increment Convert type of depth parameter to size_t. Fix clang-tidy warning about double move. Change the return type of the 2Data functions to size_t. Fix implicit cast warning. Use std::map for faster lookup. Suggestions from @neheb and @piponazo. Correct error from #2301 Use std::unordered_set for tiffImageTags Use a switch Suggestions from @neheb and @piponazo Use std::unordered_map for TiffTreeStruct lookup. Remove unneeded constructor Replace TiffTreeStruct with std::pair Use emplace(). Regression test for https://github.com/Exiv2/exiv2/issues/2320 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49894 Regression test for https://github.com/Exiv2/exiv2/issues/2339 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50315 Regression test for https://github.com/Exiv2/exiv2/issues/2345 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50901 Avoid potential integer overflow. Fix clang-format error. Don't allow zero width/height in WebPImage::inject_VP8X Bump conan version to 1.52.0 Use getULong to read unsigned numbers. Regression test for https://github.com/Exiv2/exiv2/issues/2366 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51707 nul-terminate string clang-format Regression test for https://github.com/Exiv2/exiv2/issues/2352 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51241 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51751 clang-format Regression test for https://github.com/Exiv2/exiv2/issues/2383 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52382 Regression test for https://github.com/Exiv2/exiv2/issues/2385 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52355 Use Safe::add() in tiffvisitor_int.cpp Regression test for https://github.com/Exiv2/exiv2/issues/2393 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52731 Change return type of getFileLength() to int64_t. Use size_t for sizes and offsets. Fix issue 2380: bug in (unused) non-mmap code. Add #error so the build fails if mmap isn't supported. Use std::is_signed and std::enable_if. clang-format Regression test for https://github.com/Exiv2/exiv2/issues/2423 Add break to loop to fix issue 2423, plus some other cleanups. Use Safe::add Regression test for https://github.com/Exiv2/exiv2/issues/2427 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52767 Remove libinih from codebase and add it as a dependency instead. Update .github/workflows/on_PR_windows_matrix.yml cmake fatal error if inih library is not found. Add inih dependency Add EXIV2_ENABLE_INIH flag to enable building without libinih. Silence unused parameter warning when EXV_ENABLE_INIH is undefined. Use double type to improve floating point accuracy. Use toInt64() for hours and minutes, because they should be integer valued. Fix test failures on 32-bit platforms. Fix long-running loop Fix integer overflow which enables enforce to be bypassed. Enable video support by default Check that the pointer isn't NULL. Use enforce, not assert, to avoid crash. Convert tail-recursion to loop to avoid stack exhaustion. Suggestion from @neheb Minor refactorings to stop UBSAN from complaining. Luis Diaz (37): Rename GHA workflows for having more intuitive navigation cmake: Add missing source file Add unit tests for PngChunk::keyTXTChunk Add new BMP tests Fix MSVC warnings by casting integer values Fix release build (see #2085) ci: use conan cache in other windows builds ci: do not stop on failure ci: Enable Linux distributions pipeline on PRs Link against stdc++fs on Linux when it is needed Install new image_types.h header make startsWith constexpr and use string_view Recover IptDataSets::recordId in the API DateValue is now a bit more permissive with malformed dates Add unit tests for Error class Remove obsolete werror sample remove werror-test from README Use compiler deduction guides for error list Change Metadatum::copy return value from long to size_t Change Metadatum::size() return value from long to size_t More size_t for sizes More conversions to size_t while removing static_casts Add unit tests for Jp2Image revealing bugs (see #2147) doxygen: update doc style in Photoshop class Remove deprecated variable Add unit tests for Photoshop::isIrb(). Remove 2nd param from Photoshop::isIrb() since it is always hardcoded More unit tests for Photoshop methods ci: Try to fix job which is killed due to low memory? Move static functions to anonymous namespace Move private constants to .cpp JpegBase::markerHasLength moved to implementation details Factor out function readSegmentSize() Change logic to determine if segment has size Definition of new CMake presets & usage in CI jobs Update versions of conan dependencies ci: update conan version in all jobs Luis Diaz Mas (19): CiActions: Increasing matrix build for Windows Less CI jobs on push Fedora-MinGW build to Github Workflows ci - Remove old CI script files ci - cache conan packages on Windows builds ci - Add coverage run on main branch ci - Linux uses ninja ci - mac uses ninja ci - Use Ninja in rest of builds cmake: Add target for obtaining local covarage reports doc: Update notes about c++11 Add CTest support ci - Use ctest doc - Add Github Actions badges in doc ci - distros - fastTrue=False ci: Upgrade conan to version 1.51.0 Remove deprecated option in conan Enable Workflow dispatch on Windows CI jobs Replace cygwin github action Luis Díaz Más (307): Remove deprecated EPS format cpp: Replace auto_ptr by unique_ptr ci - changes to use c++11 remove some cmake old checks + newer gtest version eps - do not install header ci - Remove old ubuntu versions & use only 2 threads to build cmake - Modern use of consuming gtest ci - use pyton3 commands ci - More jobs for Travis-ci Use stack variables instead of java style Initialization of variables (fix issue detected with sanitizers) appveyor: drop Visual Studio 2013 support ci - Disable build Release+Sanitizers temporarily Remove deprecated ASF Video Remove deprecated SSH support Remove deprecated Matroska support Remove deprecated QuickTime support Remove deprecated RiffVideo support Remove EXIV2_ENABLE_VIDEO and related stuff Remove EPS tests localtime_r support on MinGW auto_ptr -> unique_ptr for code with WIN_UNICODE enabled Increase the timeout from 20 to 60 seconds cmake: new toolchain file for MinGW cross-compilation on Ubuntu Reenable Release+Sanitizers build Fix warnings related to -Wdeprecated-copy cmake: Treat xmpsdk headers as system ones Fix warnings EXIV2_TEAM_EXTRA_WARNINGS revert changes that are affecting to VS Doc: Update links in main so that the CI badges point to the proper branches Remove typedef to Dictionary::const_iterator Fix warnings in VS Remove rest of useless typedefs from datasets.hpp Replace many of the iterators types with auto Doc: Fix links in README.md and remove them from the conan one Revert "Remove deprecated EPS format" Revert "eps - do not install header" Revert "Remove EPS tests" eps: Fix code after usage of unique_ptr. Remove deprecation tags ci: update github actions ci: fix installation of gtest on ubuntu 20.04 cmake: disable -Wuseless-cast fix warning (hiding local variable) Do not treat warnings as errors ci: fix issues on Github actions Remove useless explicit constructor ci: warnings_as_errors OFF ci: alpine linux support fix tests expectations for alpine linux ci: trying to fix centos:8 build ci: add again arch linux & disable compilation&run of unit tests Fix -Werror=shadow warning after recovering EPS conan: update conan recipe versions gtest - remove wrapper which is not needed anymore ci: update conan version unitTests - use internal library object instead of recompiling sources ci: use -Wno-deprecated-declarations for avoiding gtest 1.10 warnings conan: fixes for Windows conan: use cmake_paths generator instead of cmake conan: put win dlls into bin directory ci-travis: trying to fix valgrind build ci: rescue appveyor config from old-master and backup others Win - Disable UNICODE which is failing at the moment ci: old expat & tune gtest options for windows conan - gtest debug_postfix only used in Debug mode increase timeout msvc: fix compiler warning on x86 appveyor: build BMFF + enable cache again cmake: ignore PDBs warnings on Win/Debug/Static buils cmake: revert change due to old cmake versions on CentOS & debian9 Fix MSVC build Move include/CMake to src Archive appveyor ci configurations Also test installation on Windows ci - win: Use ninja and Visual Studio shell Add missing public headers to install target Early access is always compiled MacOS build Github Actions - More builds on PRs ci: Remove travis builds Fixes in github actions No exe in executables ci - MacOS Matrix Rename github workflows ci - Special builds on Github actions ci - coverage build - deal with SHA issue ci - Add BMFF to windows matrix Remove old CI providers from main README ci - Do not create conanCache dir Copy mergify file from 0.27-maintenance ci - Use generic cmake way to compile and install ci - Add new special build with all project options enabled ci - Using gtest as static library to avoid mac linking issues ci - Use CTest in all the ci jobs ci - install tar in opensuse before checkout action ci - Use CTest for coverage builds cmake: find python3 and use it in tests cmake: remove obsolete targets ci - Win builds without unicode + with warnings as errors cmake - Use cmake -E to be able to run tests on different windows shells fix python tests on powershell BMFF python test - Output strings in different lines conan - change generator to be able to use latest expat version make win debug builds a bit faster Ignore missing PDBs mac - cmake_paths does not work directly on mac win - Only run tests on x64 ci - Win matrix jobs will also run on:push for main Python3 dependency is not obligatory ci - Replace debian:9 with debian:10 ci - Linux distros jobs being more explicit about options used Fix issues detected with PVS-Studio + other little improvements (#1689) ci: upgrade conan version on github actions (#2021) Revisiting cmake code for generating coverage reports (#2047) cmake: default c++ standard => 14 keyTXTChunk improvement Remove dead code Initialize uninitialized variables Replace magicValue with constant variable Add new tests in PngChunk & PngImage for increasing coverage Clang-format in pngchunk_int.cpp Check array index before inspecting it Upgrade C++ standard to c++17 (#2052) Upgrade centos:8 to centos-stream (#2066) Rest of tests to have 100% coverage in BMP class Add many tests for datasets Delete dead code clang-format on datasets.cpp Hide public details Add new tests for Iptc classes Delete unused IptcKey copy operator More tests Remove dead code More tests for IptcDataSets upgrade coverage scripts Recover some documentation strings Use auto to reduce verbosity around code dealing with iterators Add some TODO comments Remove dead code Simplify code around UniquePtr(s) & use make_unique over new Fix build on linux Simplify cloning in actions Modern implementation of Singleton Simplify TaskFactory Remove useless ops add doc pvs studio Add PVS-Studio to a Github action Allow to run special builds with manual dispatch Extracting secrets from github Run pvs-studio from build directorin where json file is Reduce retention days to 7 Be more explicit in codecov.yml cmake: export compile commands Revert "Delete dead code" ci-conan: be more explicit about desired compiler in conan profile (#2085) Remove deprecated test file remove usage of exiv2json in a test (#199) Move all tests depending on sample applications to bash_tests Remove deprecated bash tests cmake: warning message when python3 is not found Upgrade documentation regarding CMake & Tests (#2088) ci: remove conanCache from release workflow. Use newer python (#2092) Add system test to reproduce issue with special characters Remove dead code around EXV_UNICODE_PATH windows: Trick to get UTF-8 encoded argv in main entry point Replace platform specific code with std::filesystem ci: Use MSYS UCRT environment doc: update notes about MSYS Remove unused PRINTUCS2 CMake option Apply suggestions from code review Fix remaining wrong brackets Include CanonFlashInfo (somehow missing after cherry-picking) Use AutoRotate Add characterisation test for ImageFactory::create(type) Replace ImageType namespace by a enum class No need anymore to include each image header to use the ImageFactory New tests to check what happens with ImageFactory::create(crazyValue) bug: Fix crash when calling ImageFactory::create(none) test ImageFactory::load with existing images in test/data Add tests for ImageFactory::checkMode (for all the supported image types) Change order of ImageType values doc: Remove CI PR-status from main README ci: Do not run CI jobs on documentation changes Move exiv2 app into its own folder add characterisation tests for utils simpler implementation of startsWith Remove startsWith from utils replace is only used in actions.cpp Utils::strtol only used in the app Remove unused headers Replace dirname implementation with std::filesystem Replace basename implementation with std::filesystem Replace suffix implementation with std::filesystem get rid of suffix Remove Util::dirname and finally the util files Fix build on Windows Improvements in urlencode Make urldecode in-place Use std::filesystem for fileExist Hide pathOfFileUrl in the only place where it is used BasicIo::path() returns const ref ReplaceStringInPlace does it in-place now Use rename from filesystem Use remove from filesystem Image::setComment now takes string_view Remove dead code (winNumberOfLinks) Remove dead code (LSTAT) Remove dead code: copyXattrFrom Remove dead code Replace dynamic C array by std::vector cppcheck: reduce scope of variables Replace raw loop for any_of Use filesystem in getExiv2ConfigPath Remove many redundant or not needed header inclusions Use fs::file_size instead of stat Clean config.h from old stuff Clean more header inclusions Use standard [[maybe_unused]] Fix build on linux Improvements from code review Fix build when EXIV2_BUILD_MESSAGES is ON Move params construction to the .cpp file Implement Params singleton in modern C++ way Hide member variable Replace dynamic array for std::vector Build hash table in place Avoid naked new operator in sample apps Replace naked new operators Replace DataBuf internal buffer with std::vector Replace c style arrays by std::array Fix another case revealed by tests Simplify DataBuf No need to define copy & move ctors Remove useless DataBuf::clear() Factor out duplicated piece of code Several transformations on DataBuf + migration to size_t Fix issues found by fuzzer Fix warnings and place return statements separated from if Fix more issues found by fuzzer Fix windows builds Use SPDX for licenses (#2122) Do not define not needed stuff Remove unused file _fileno is only for Windows Remove unused stuff Removing unused headers thanks to IWYU hexdump to size_t Use [[maybe_unused]] Add missing header to the CMake configuration Removing unused headers thanks to IWYU Use SPDX identifiers in more files Fix build on Windows Use auto for unique pointers Fix mac build C++-style headers windows.h Fix debug builds Should fix build in some Linux distros Convert Exiv2::ErrorCode into an enum class remove templating & simplify error message CI: Add new workflow to check clang-format Remove dead sample apps Add bash script to format whole project Update .clang-format file & apply clang-format to whole project doc: add clang-format notes to CONTRIBUTING.md Jp2Image: Implement more checks from JP2 standard + fix bug Adapt tests to changes in JP2 JP2 - stronger checks on Signatuer and FileType boxes Fix windows build Rename variables for better readability Help for formatting enums & arrays with clang-format Remove most of the asserts from codebase Improve compare function: no need to count chars Usage of EXIT_SUCCESS/FAILURE instead of hard-coded values Remove DataBuf::copyBytes and use std::copy instead Remove useless static_casts Update .clang-format to align pointers to the types Fix out of bounds read in isValidBoxFileType() Remove exiv2json sample and tests depending on it ci: split command in several lines ci: Use interprocedural optimization (LTO) in releases cmake: exiv2-xmp is now an OBJECT library Detect integer-overflow and throw in that case Add POC file Link fuzz app against std::filesystem libraries Fix integer overflow #2179 Move Photoshopb class to internal namespace Include missing iostream header in photoshop.cpp Use std::pair to return multiple values Use .front() to avoid warning from static analysis Fix issues on ARM builds (#2205) Throwing when trying to access TooFar elements in DataBuf Fixing bad usages of DataBuf (when it is empty) DataBuf::c_data() returns nullptr when empty + avoid duplication More tests for DataBuf read/write functions Remove duplication by using templates Test parseUint32 and fix it when number is out of limits More tests for rational convertions Move string helpers to utils Reduce amount of string transformations Remove deprecated todo Move 1-liner to header file utils are in Internal namespace Revert some boilerplate which is not needed ci: move pvsStudio job to its own workflow & use new flag Fix special builds for main Update ubuntu-latest tag to ubuntu-22.04 (#2439) Matthias Kuhn (1): Fix building on ios Michael Allman (7): Make Exif.NikonAf2.ContrastDetectAFInFocus and Add autogenerated documentation for NikonAf22 tags to html docs Print value of ContrastDetectAFInFocus as Yes/No. Change internal When selecting which version of nikonAf2 metadata to parse, include the Document origin of data size specifications for Nikon maker note tag 0xb7 Add a workflow build/test for macOS+Sanitizers Guard against parsing "inf" into an int64 in the EasyAccess/ISO API. Miloš Komarčević (71): Add Exif Gamma tag Update Gamma tests Improve printing of GPS info Improve precision of GPS lat/lon printed values Correct GDS distance unit in description Add Exif Gamma tag Update Gamma tests Improve printing of GPS info Improve precision of GPS lat/lon printed values Correct GDS distance unit in description Update bmffimage.hpp include order and path Add Sony ARW compression to dict Update test for image/jxl Extending Nikon3.ColorBalance version coverage Fold into common 02xx versions Limit CR3 previews to JPEG only Expose unsupported CR3 previews as binary Add more DNG 1.6 tags (#2023) Forward CI changes Do not use exact string match for errno output Improve config file platform test Strip XMP raw packet before decoding Update tests after XMP stripping Update CI actions (#2143) Initial support for OM System MakerNote Add OM System MakerNote test Add some F mount lenses Account for header bytes for Exif and XMP boxes Add more JXL tests PNG: always strip the existing iCCP chunk Add Nikon LensData v0802 Add more Nikon Z lenses CI: cancel running jobs on updates Add Nikon3.WhiteBalanceBias2 Exif start can be at any byte in payload, not word aligned Support brotli compressed boxes in JPEG XL Update README for brotli dependency Match Conan's cmake find module case for Brotli Use local cmake module path the last Make brotli dependency controllable Install deps for and bump CodeQL action Use safe add to prevent overflow Avoid buffer reallocation (#2392) Add more Canon RF lenses Add an RF lens regression test Remove translatable mark from RF lenses Add more Canon RF lenses and camera IDs Add Canon R6m2 ID CI: improved in-progress job canceling CI: bump conan version CI: bump clang-format actions Prefer writing PNG eXIf chunk CI: inih now available for Cygwin Handle relative and absolute paths for pkg-config file Add static linkages to pkg-config file Switch to CMake provided FindIconv Export QuickTimeVideo Update some Canon IDs (#2501) Explicitly include stdint (#2558) Add some more Nikon Z lenses Add Sony ZV-E1 ID Fix shared object versioning Add equivalent soversion to meson build makernotes: workaround for Olympus header corruption Update Sony file format table Support for parsing DCP files Add DCP regression test Add DCP to list of supported file types Add test case for #2542 Add regression test output Make CMake summary for samples depend on app Mohamed Ali Chebbi (37): 1748 Video Support in V1.0: part 1/3 : support MatroskaViedo (#2413) 1748 Video Support in V1.0: part 2/3 : support Riffvideo (#2415) 1748 Video Support in V1.0: part 3/3 : support Asfvideo (#2416) Encapsulate video support with compilation variable EXV_ENABLE_VIDEO (#2448) add test/data for video support add test/data for video support : delete filename (unuseful) add test/data for video support : make asfvideo more readable and fix some issues add test/data for video support : gix issue in riff video and reference data test add test/data for video support : format issue Rework Asf and Riff formats ; add test/data for video support Format issue add test/data for video support : fix ci issue add test/data for video support : windows compilation issue add test/data for video support : Format issue add test/data for video support : Fix test issue add test/data for video support : Fix codeQL warnings add test/data for video support : add enforce exceptions add test/data for video support : delete riff HeaderReader add test/data for video support : delete unused parameter from readList method add test/data for video support : restore Riff HeaderReader and reserve addtional byte in readStraingTag add test/data for video support : use readStraingTag instead of read add test/data for video support : enhance Debug messages add test/data for video support : rename Xmp.video.Duration to Xmp.video.duration add test/data for video support : rework readStringWcharTag method add test/data for video support : rework readStringWcharTag method 2 rework of aspectRatio calculation for all video formats and rework the decoding of asf tags compilation issue on Mac OS compilation issue on Mac OS 2 compilation issue on Windows fuzz issue : check that block is not corrupted before decoding fuzz issue : add debug message for futur use asfvideo fuzz issue : nb_headers should not exceed the max value of uint32 Current master fails with image #2565 Current master fails with image #2565: segmentation fault when trying to access outofband offest Current master fails with image #2565: segmentation fault when trying to access outofband offest: check all locations Update src/jpgimage.cpp Current master fails with image #2565: segmentation fault when trying to access outofband offest: add test files Moshe Kaplan (1): Update README.md Nehal J Wani (1): Exiv2 v0.28.0 Peter (18): Add camera models for NikonFl3 makernotes group (#1994) Fix minor whitespace formatting Fix pr#2053 for native Windows builds (#2058) Fix `exiv2`: verbose extract stdout mutli-file (#2068) Fix test_pr_1905.py for native 2019msvc64 (#2108) (#2112) Add tag website build text to README.md (#2113) Add tag description option to exiv2 app (#2279) Update olympus tags (#2246) (#2249) Add request for exiv2 version/source (bug report) (#2331) Update Nikon flash tags (#2274) Update git issue report (#2334) Update git feature request (#2342) Update Sony(1|2) tags (#2323) Fix/add exceptions for BMFF based files (#2364) Update makernote model ID tags (#2389) Fix seg fault when using `iconv_open()` (#2403) Update README.md wrt BMFF (#2405) Update `Exif.SonyMisc3c.*` and `Exif.Sony(1|2).SonyModelID` (#2420) Peter Kovář (2): Corrected JPEG XL file type Removed tag handled separately Robin Mills (38): bump_v1.00_version Ubuntu 18.04 is failing because it's using python2! fix_ci_ubuntu18.4 Try 2. Try 3. Try 4. Give up. Restore original script and comment off/exclude 18.04 I thought the 18.04 request was commented off. Apparently not. Throw it away. Shshshssssss. FFfffff. Commented off code was good. WebUI confused me. Manually go back (apparently no reverse gear on git). fix_enableBMFF_v1 Only reveal class bmffimage in include/exiv2/bmffimage.hpp ifdef EXV_ENABLE_BMFF fix_1558_cmake_build_type bump_v1.00_version fix_enableBMFF_v1 Only reveal class bmffimage in include/exiv2/bmffimage.hpp ifdef EXV_ENABLE_BMFF Fix Cygwin64 to use -std=gnu++11 (instead of -std=c++11). MinGW/msys2 remains broken on CI. It's OK on my machine. Fix icc_test which is failing on Linux: Fix Ubuntu 20.04/Release/Sanitizer test breaker Don't build with C++98 on Cygwin jobs GitLab/Fedora/MinGW Disable EXIV2_TEAM_WARNINGS_AS_ERRORS. exifprint_lint Forgive "SHORT or LONG" tags. Add test code. Fixing typos. Fix python test code to run on Windows. fix_1516_include_path Update SECURITY.md fix_1416_iptc_DateCreated (#1547) Updating documentation to respect ctest. Restored test lensTest. Minimized differences between main/README.md and 0.27-maintenance/README.md. Adding version_test.py. Fixes following review. Fixes following review. Fix `$ $` typo. Well spotted, @kmilos. Fixing tests. test_issue_981.py is now running all 6 commands. The output Key has correctly changed. The type and value are wrong. Rewire Canon MakerNote 0x0026 (AFInfo) to allow TiffDecoder::decodeCanonAFInfo to handle this tag. Fixing test following Christoph's Review. (Christoph is one clever Mother!) Fix regressionTests with modified reference files. `cp test/tmp/* test/data/test_reference_files/` Delete contrib/organize directory Rosen Penev (425): xmpsdk: don't use register clang-tidy: use = delete clang-tidy: use braced init list convert Pair to std::pair clang-tidy: range for loop conversions clang-tidy: use = default clang-tidy: simplify boolean expressions clang-tidy: don't check for NULL with delete clang-tidy: use using clang-tidy: remove pointless static clang-tidy: use default member init clang-tidy: use override clang-tidy: use empty() instead of comparing size clang-tidy: don't use string compare clang-tidy: remove pointless string init clang-tidy: empty() conversions clang-tidy: simplify boolean expression default con/destructors in headers clang-tidy: fix declartation names clang-tidy: remove redundant member init fix bad for range loop clang-tidy: remove duplicate public clang-tidy: remove pointless const fix compilation with EXIV2_DEBUG_MESSAGES clang-tidy: add ending namespace comments clang-tidy: fix badly indented if clang-tidy: make several member functions const clang-tidy: don't use else after return replace {} initialization with fill clang-tidy: use uppercase numeric literals clang-tidy: range loop conversions manual for range loop conversions clang-tidy: use auto clang-tidy: run through performance checks clang-tidy: pass by value remove pointless constructors clang-tidy: init in member initializer more constexpr clang-tidy: convert to static clang-tidy: add missing explicit clang-tidy: use C++ casting some range loop conversions Jzon: algorithm conversions clang-tidy: remove pointless return clang-tidy: fix ending namespace comnments use auto in template clang-tidy: no else after return clang-tidy: use dynamic cast default con/destructors in headers clang-tidy: remove pointless member init remove initializers remove some pointless std::set clang-tidy: avoid global non const variables clang-tidy: use nullptr remove old MSVC hacks clang-tidy: simplify bools clang-tidy: do not use else after return clang-tidy: use default member init clang-tidy: use = default con/destructor fixes clang-tidy: replace virtual with override clang-tidy: do not use 0 for bool clang-tidy: remove dedundant initializer clang-tidy: replace throw with noexcept clang-tidy: remove redundant specifiers clang-tidy: pass by value clang-tidy: use auto clang-tidy: use override clang-tidy: add explicit clang-tidy: use nullptr clang-tidy: use braced init list remove most usages of std::make_pair use more emplace_back make array constexpr move namespace fs below includes move initializations to class simplify ReplaceStringInPlace slightly clang-tidy: use braced init list clang-tidy: use concat namespaces clang-tidy: use default clang-tidy: use auto clang-tidy: range loop conversion clang-tidy: replace typedef with using constexpr string conversions manual braced init conversion clang-tidy: use emplace_back manual nullptr conversions clang-tidy: use empty() instead of size() clang-tidy: remove pointless get() clang-tidy: simplify bool clang-tidy: get rid of compare() usage clang-tidy: remove C casts replace several typedefs with using use make_unsigned_t misc stuff clang-tidy: add some missing operators manual namespace concatenations clang-tidy: add ending namespace comment clang-tidy: don't use else after return/throw conversions to make_unique manual unimplemented operator = delete remove some new replace EXV_COUNTOF with std::size clang-tidy: don't use C casts manual move conversions manual nullptr removals some std::array conversions (#2148) clang-tidy: C array to std::array conversions std::array conversions find to std::find static constexpr conversions remove various usages of memset const member function const variable use empty() add missing destructor use = delete and move to public delete nodiscard addition std::function remove unused var from deleted stuff clang-tidy: use auto clang-tidy: add more nodiscard clang-tidy: use default function move clang-tidy: use C++ headers replace Sleep with sleep_for some chrono clang-tidy: use any_of clang-tidy: no else after return clang-tidy: do not use using namespace clang-tidy: fix inconsistent decleration C to std::function struct to std::pair conversions structured binding conversions use auto clang-tidy: add parentheses to macros clang-tidy: use strcmmp properly replace ret variable with return statement try to actually fix null pointer deref remove some unique_ptrs clang-tidy: default member init clang-tidy: replace throw() with noexcept clang-tidy: use delete clang-tidy: use nullptr clang-tidy: manual clang-tidy fixes clang-tidy: manual special functions replace malloc/free with new/delete algorithm conversions remove unused class declarations add constexpr constructor remove default constructor clang-tidy: default member init std::pair conversion minor clang-tidy fixes (#2213) std::function conversions clang-tidy: remove const params in decls reference conversions remove const std::function fix misplaced const remove some double pointer stuff replace readlink with std::filesystem fix mmap compilation use _v clang-tidy: replace pointer magic with data() clang-tidy: add missing special member functions clang-tidy: C casts to C++ clang-tidy: use default member init clang-tidy: add missing override clang-tidy: use C++ casts clang-tidy: no else after return clang-tidy: some llvm- warnings clang-tidy: remove const char operator pass bool by value clang-tidy: remove const clang-tidy: use auto clang-tidy: missing override clang-tidy: replace + with append() clang-tidy: fix mismatching declaration variable try to fix some fanalyzer warnings clang: remove pointless ; at the end of function remove friend operator clang-tidy: use '' for find fix some gcc -Weffc++ warnings find_if conversion find_if and lambda conversions use some auto make upper the same as lower const ref conversions remove pointless &* remove string_view from headers Make headers compatible with C++11 return make_unique directly make_unique conversions po: update files replace [0] with front() where applicable sonarlint: replace lock_guard with scoped_lock sonarlint: replace loop with find_if sonarlint: add an empty do while loop clang-tidy: use auto clang-tidy: avoid C casts replace shared_ptr with make_shared misc sonarlint changes replace structs with std::pair strcmp to == conversions remove GroupName struct get rid of extern const simplify switch statement with returns enum class conversion remove unused using remove explicit constructor default init static variable const conversions misc sonarlint cleanups remove c_str for fs stuff fix compilation with mingw iconv remove pointless UNUSED statement fix iconv handling and windows simplify some defines manual replacement of [0] with front() don't use w32 sockets for cygwin revert std::function back to function pointers remove constructor fix compilation without mmap and non win32 cmakelists.txt: run through cmake-format replace custom gcd function with std std::to_string conversions remove pointless x_default variable move structured bindings up remove using Add more MIME type mappings for TIFF-based raws misc sonarlint stuff use reference to work around MSVC bug cland-tidy: simplify booleans get rid of nested if conditions replace find/rfind with startsWith Use std::enable_if_t and std::is_signed_v. early exit clang-tidy: various fixes clang-tidy: use make_unique use find instead of std::find_if replace any_of with find use some future C++ stuff when possible static_cast make_unsigned clang-tidy: apply to newly merged stuff get rid of -fanalyzer memory leaks clang-tidy on Windows use some if constexpr fix __cplusplus check for MSVC wmain: build as c++ instead of c manual default member init add const avoid reassignment remove double libintl check return nullptr instead of reset fix copy constructors add missing const use find instead of count replace substr with resize/pop_back remove unused variable static_cast xmpsdk: Fix dangling pointer warning fix C++20 deprecation warning fix WIN32 macro std::find to find template more std::find to Exiv2::find use gnu_printf move inline to declaration clang-tidy: add const to parameter safe_op: C++17 improvements add support for gcc and clang 7 namespace enforce.hpp functions to Internal use __has_include remove manual math work around windows.h min/max macros move initialization up default initializations remove deleted Image member functions do the same for Io functions more delete removals remove some overriden defaulted destructors add missing member functions remove deleted members from static classes add meson build add basic meson CI meson: g++-[789] build use EXV_ICONV_CONST remove mmap/munmap checks remove unused defines add missing & meson CI: test static library as well remove constructors simplify loop std to Exiv2 find clang-tidy fixes for recent stuff swap variables use numeric limits instead of -1 don't assign in while replace switch with if/return unreachable code use if constexpr fix comma warning fix implicit conversion clang-tidy: cast initial variable clang-tidy: don't assign in if use lower() clang-tidy: replace memcpy with copy_n replace standard check with feature test macro replace std::pair and tuple with C structs clang-tidy: no else after return clang-tidy: add explicit meson: make xmp boolean a feature meson CI: build with verbose meson CI: add library type to name meson CI: add special clang and libc++ CI meson: add support for linux libc++fs meson: bump warning level link against gtest-main remove base constructor github CI: install gtest with brew unitTests: fix old API usage make conversions explicit use upper() function fix memory leak replace localtime with _s/_r variant explicit conversion fix wrong snprintf format replace array with vector use count_if use std::replace meson: split off internal library meson: add unit tests template second parameter for startsWith add contains function meson: move warning/sanitizer stuff to CI meson CI: build as C++20 avoid shadowing warning github CI: add dependabot github CI: install regular conan github CI: use python -m pip default init variable fix off by 1 error cast expression close socket before return direct init structs clang-tidy: default init various members Remove some constructors use find() use GetCurrentProcessId on Windows github CI: remove no warning options meson CI: use env section meson CI: add lld to clang meson CI: add more clang versions meson CI: add GCC10 too meson CI: build for 32-bit Windows too meson CI: add /analyze for MSVC github CI: use env github CI: remove EXIV2_ENABLE_VIDEO github CI: use ilammy/msvc-dev-cmd github CI: test x86 on Windows coverity: add move operations get rid of convertToUint64 coverity: remove dead code SonarLint cleanups github CI: update conan github CI: remove NoConan meson: update wraps github CI: update conan add various moves meson CI: use vc++latest fix compilation under FreeBSD remove old MSVC workaround remove MSVC hacks replace enable_if with if constexpr clang-tidy: no _ in tests get rid of Key() move operations gcc: remove redundant struct gcc: noexcept gcc: ifdef random fixes extern to static MSVC warning fixes remove inline function don't assign an fs::path to a string clang-tidy: don't use non const refs more SonarLint cleanups clang: fix various documentation errors clang: small fixes remove several constructors constexpr some constructors remove constexpr std::array removals get rid of EXV_CALL_MEMBER_FN geotag: add GCC7 support make runner.py executable meson: build samples meson: remove now unused checks easyaccess const changes remove codecvt direct initialize some structs clang-tidy: remove const from data members meson: fix tests when zlib is disabled geotag: fix compilation with MSYS don't compile WIN32 stuff when iconv is present meson: build iconv with FreeBSD meson CI: add FreeBSD meson CI: remove static build meson CI: add MSYS2 use using in slice remove EXIV2API from src meson: add libobsd wrap meson: only define MinGW stuff for non UCRT meson CI: move clang workflow to the same file meson CI: test oldest and newest compilers only meson CI: remove /analyze meson CI: test all features enabled and disabled meson: fix UCRT check convert manual loop to find remove some unused defines. sonarlint cleanups clang-tidy: add nodiscard const ref to ref conversions clang-tidy: replace defines with enum simplify loops fix asfvideo unicode handling Shawn Baker (1): libcurl is now optional. Updated to the latest versions of libcurl and expat. (#1992) Steve Robbins (1): xmpsdk: Unconditionally use <stdint.h> Sturmflut (8): Add Sigma 12-24mm F4 DG HSM Art lens for Nikon Add test for Pull Request #2069 (Sigma 12-24mm F4 DG HSM Art lens for Nikon) Fix branch names in CONTRIBUTING.md (master was renamed to main) Fix branch names in GIT_GUIDELINES.md (master was renamed to main) [nikon] Add Tokina AT-X 14-20 F2 PRO DX lens [nikon] Add instructions for adding new Nikon F mount lenses [tests] Add test for Tokina AT-X 14-20 F2 PRO DX lens on Nikon bodies [nikon] Add Tokina ATX-i 11-20mm F2.8 CF lens (#2072) Viktor Schneider (17): add support for more fujifilm tags remove auto range for DynamicRangeAuto setting print newer labels first when interpreting Fujifilm tags remove redundant TagDetails and fix formatting add some fujifilm tags from exiftool and extend TagDetails remove TODO entries fix typo in fujiSharpness and prevent undefined behaviour when shifting signed values add comment that fujiColor value 512 differs from exiftool update test cases to respect new fujifilm tags apply fujif…
…27.6 Antonio Rojas (1): Fix build with gtest 1.11 Attila Oláh (1): Fix compilation with -Wunused-variable Christoph Hasse (4): fix: avoid processing MOV (quicktime) files when BMFF is enabled fix: incorrectly triggered enforce check during preview extraction in LoaderTiff::getData(), closes #1829 workaround for softprops/action-gh-release#139 fix naming of canon EF 35-80mm.closes #2247 David Houlder (2): Canon cr3 previews (#1958) Performance boost: don't read boxes we're not interested in Heiko Bauke (1): fix out of range access, minor performance improvement John55h (1): Update canonmn_int.cpp Kevin Backhouse (140): Regression test for GHSA-5p8g-9xf3-gfrr Improve bound checking in WebPImage::doWriteMetadata() Regression test for GHSA-jgm9-5fw5-pw9p Better bounds checking in Jp2Image::encodeJp2Header() Fix signed/unsigned compiler warnings. Regression test for GHSA-8949-hhfh-j7rj Add more bounds checks in Jp2Image::encodeJp2Header Regression test for GHSA-7569-phvm-vwc2 Add bounds check in Jp2Image::doWriteMetadata(). Fix infinite loop caused by subBox with zero size. Prevent large allocation. Initialize field. Use readOrThrow to check error conditions of iIo.read(). Fix quadratic complexity performance bug. Regression test for Exiv2/exiv2#1570. Fix out-of-bounds read in bmffimage.cpp Stop the test from failing when EXIV2_ENABLE_BMFF=Off. Fix signed/unsigned compiler warning. Fix signed/unsigned compiler warning. Fix LGTM warning about format specifier Check that the string is properly terminated. Regression test for GHSA-mv9g-fxh2-m49m Don't crash if s > size. Print message to stderr when EXIV2_DEBUG_MESSAGES is enabled. fix: use vector::at() rather than operator[] (#1735) fix: zero initialize local variables. (#1737) fix: stricter date parsing in value.cpp (#1720) Regression test for GHSA-pvjp-m4f6-q984 Prevent divide-by-zero crash. Defensive coding to avoid 0x80000000/0xFFFFFFFF FPE. fix: fix incorrect loop condition (#1752) Regression test for GHSA-h9x9-4f77-336w Throw exception if lens info wasn't found. Check that findKey didn't return end(). Regression test for GHSA-583f-w9pm-99r2 Better bounds checking in Jp2Image::printStructure Regression test for GHSA-hqjh-hpv8-8r9p Extra checking to prevent the loop counter from wrapping around. Defensive coding changes to avoid integer overflow in loop conditions. Better fix for potential integer overflow in `bytes.size() - 3`. Type of escapeStart should be size_t. Regression test for GHSA-v5g7-46xf-h728 Check that `type` isn't an empty string. Safer std::vector indexing. Better way to print the error message. Regression test for GHSA-m479-7frc-gqqg dirLength == 0 can cause an infinite loop. Defensive programming in Image::printIFDStructure Regression test for GHSA-9jh3-fcc3-g6hv Make sure that read is complete to prevent infinite loop. Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-g44w-q3vm-gwjq &bytes[0] will crash if bytes has zero elements. Skip unittest because -pR is disabled in release builds so the test fails. Remove redundant check. Regression test for GHSA-mvc4-g5pv-4qqq bufRead needs to be adjusted after seek() Improved handling of jpg segments to avoid out-of-bound reads. Fix compiler warning. Update src/jpgimage.cpp poc from GHSA-9jh3-fcc3-g6hv can now be parsed without error. Add comment to explain bounds-check. Fix build error when EXIV2_DEBUG_MESSAGES is enabled. Fix warning: comparison of integer expressions of different signedness Regression test for Exiv2/exiv2#1812 Check size before allocation to avoid out-of-memory errors. Regression test for Exiv2/exiv2#1815 Add bounds-check to prevent out-of-bounds read in memcmp. Regression test for Exiv2/exiv2#1817 Use DataBuf, rather than new[], for automatic delete when an exception is throw. Regression test for Exiv2/exiv2#1819 Check that the string isn't empty Add static_cast to fix build error on Windows. Add comment to explain the bounds-check. Regression test for Exiv2/exiv2#1827 Check value is in range before casting from double to uint32_t, to avoid undefined behavior. Update src/tags_int.cpp Regression test for Exiv2/exiv2#1830 Safer casting from double to long. Replace assertion with an error message. Regression test for Exiv2/exiv2#1838 Check that the float is within the range of an int before casting. Regression test for Exiv2/exiv2#1841 Use DataBuf rather than raw malloc. Replace assertion with an error message. Test for Exiv2/exiv2#1821 Regression test for Exiv2/exiv2#1845 Replace assertion with an error message. Regression test for Exiv2/exiv2#1793 Add `pbox_end` param to `BmffImage::boxHandler` to enforce box nesting. Support for 64-bit box lengths looked broken. address + box_length == box_end Extra protection against large allocations. Fix compiler warnings. Fix format specifier. Backport other minor fixes from main. Fix compiler warning. Don't use `auto` on 0.27-maintenance. Back-port Actions and fuzzer to the 0.27-maintenance branch Fix for Exiv2/exiv2#1856 Set -DEXIV2_ENABLE_BMFF=ON in the Actions workflows. Fix mistake in macOS release workflow. Update version: 0.27.5.1 (0.27.5 RC1) Add doc to release build. Remove failing Conan steps from macOS workflow. Update releasenotes.txt Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37363 Add test to improve code coverage. Don't use C++11 features. Fix expat link error on Windows. Only build XMLValidator when XMP is enabled. Regression test for Exiv2/exiv2#1881 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37492 Add second test file for better code coverage. Regression test for Exiv2/exiv2#1887 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37889 Standardize on conan 1.39.0 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38887 Add regression test to Exiv2/exiv2#1918 Regression test for Exiv2/exiv2#1901 Comment out bogus code. Add more checks to prevent integer overflow. Throw an exception on integer overflow. Fix indentation Fix build error on Fedora. We can't use decltype on the 0.27-maintenance branch. Add second test to improve code coverage. Add third test to improve code coverage. Add workaround for conan outage. Revert "Fix for Exiv2/exiv2#1856" Fix indentation Only include expat.h when XMP is enabled. DataBuf::read_uint methods don't exist on the 0.27-maintenance branch. Add bounds checking. Treat Exif.Sony1.PreviewImage as undefined tag. PoC image file for Exiv2/exiv2#2027 Use memmove, rather than memcpy, because memory regions might overlap. Update tiffvisitor_int.cpp Fix bug in loop. It wasn't iterating over the elements of dateStrings as intended. Regression test for Exiv2/exiv2#2268 Replace assert with enforce. (Fix for Exiv2/exiv2#2268) Luis Diaz (4): ci: sync workflows with latest changes on main branch Fix out of bounds read in isValidBoxFileType() Add poc for fuzzing coverage ci: update conan version in ci jobs and dependencies version Luis Díaz Más (15): ci: use always pip3 for installing conan ci: Use same travis jobs as in main (drop Ubuntu 16.04) New mergify config file to forward changes to main ci-travis: trying to fix valgrind build msvc: fix compiler warning on x86 cmake: ignore PDBs warnings on Win/Debug/Static buils Increase the timeout from 20 to 60 seconds increase timeout Fix conan ci luis (#2018) 0.27 Running tests with ctest (#2024) 0.27 Nightly pre-builds for 0.27 (#2025) Fix JP2 write/read metadata Detect integer-overflow and throw in that case Add POC file for issue 2190 Fix integer overflow #2179 Miloš Komarčević (30): Update bmffimage.hpp include order and path (#1648) Merge pull request #1548 from Exiv2/add_exif_gamma Check if embedded RAF image is really a TIFF Clarify comment on old vs new RAF Check I/O read result on RAF inspection Add test Limit CR3 previews to JPEG only Limit CR3 previews to JPEG only Expose unsupported CR3 previews as binary Streamline MinGW package installation for CI Update README.md for pacman command simplification Remove legacy MinGW CI builds Initial MSYS2 workflow for GHA Handle unused warnings Add more DNG 1.6 tags Switch Cygwin CI to GHA (#2032) Update conan for Windows CI Add Sony ARW compression to dict (#2046) Strip XMP raw packet before decoding (#2139) Update CI actions (0.27-maintenance) (#2142) Initial support for OM System MakerNote Add OM System MakerNote test Account for header bytes for Exif and XMP boxes (backport #2234) Add some F mount lenses PNG: always strip the existing iCCP chunk Add Nikon LensData v0802 (backport #2287) Add Nikon3.WhiteBalanceBias2 (backport #2311) ci: Upgrade conan to version 1.51.0 Add more MIME type mappings for TIFF-based raws Exif start can be at any byte in payload, not word aligned Nehal J Wani (3): Bump conan version Replace array with std::vector in decodeBase64() Exiv2 v0.27.6 Peter (3): Fix rename text in manpage (#2328) Fix bmff exception; Bump Conan version (#2375) Update docs concerning BMFF-based files (#2404) Robin Mills (36): bump_release_number_0.37.4.39 fix_enableBMFF Bump version number. Update releasenotes.txt update changelog fix_broken_man_page v0.27.4 Fix Ubuntu 20.04/Release/Sanitizer test breaker update_docs_for_0.27.5.1 Good catch, @hassec. I noticed that change and thought "oh, somebody has update the man page. I didn't know it searched the current directory." I added that code 5+ years ago and forgotten what it does. Right. My bad. I've fixed it. fix_1516_include_path update_docs_again update_27.5_docs_again Costmetic change to trigger CI. The CI is using cmake 3.10. I've back-ported code from main/src/CMakeLists.txt bump_revision_27.5.2 exiv2_v0.27.5RC3 Build Trigger. Another build trigger. Exiv2 v0.27.5 fix_1558_cmake_build_type retrigger checks retrigger checks retrigger checks add --verbose option for Cygwin/CI. No idea why it's failing. Been stable since I wrote it a year ago. Revert "add --verbose option for Cygwin/CI. No idea why it's failing. Been stable since I wrote it a year ago." The Cygwin/CI is broken. (#2003) Added a sentence to `5.4 Cygwin/64` about `apt-cyg`. Initial changes to documentation to support CTest. I intend to integrate changes from main/README.md in this PR. Fixes following review. Bringing format/layout of 0.27-maintenance/README.md very close to main/README.md. Minor layout improvements. I've polished this and minimized the differences with main/README.md. It's not possible to add lensTest into 0.27-maintenance without modifying Exiv2::getExiv2ConfigPath(). Fixes following review. Fixes following review. fix_2044_add_tiff_tags
…28.0 Alan01 (2): Create da.po Update da.po Alex Esseling (36): work on canon tags second rund update tags ID update canonrf tags, new lenses update to tags Adding Ambience Selection to tag list Adding tag Canon AFMicroAdj Canon MultiExposure tag added Adding Canon Lighting Optimization Tag Adding of Canon Vignetting Correction Tag 2 canon filter options Adding LensSerialNumber Tag Adding Canon AF Config Tag Adding Canon RawBurst Tag Canon AF Info 2 Tag wrong brackets fixed fix wrong brackets fix of tests case test_issue_981.py fix of test_issue_1151.py fix test_issue_1122.py ExposureCompensation added Exif.Canon.CanonFlashInfo Exif.CanonCs.SpotMeteringMode Exif.CanonCs.PhotoEffect Exif.CanonSi.NDFilter Exif.CanonSi.SelfTimer2 Exif.Canon.CanonFlashInfo Exif.CanonSi.FlashOutput Exif.CanonSi.NDFilter fix test cases adding exposurecompensation OpticalZoomCode added fix typo Optical Zoom Code adding OpticalZoomCode AEB Bracket Value added controlmode added Alexander Steffen (7): Add test for all known Canon lenses Execute test commands always with shell Remove undetectable lenses Clean up Canon lens list Fix rounding error in fnumber calculation Fix misdetection of Tamron SP AF 300mm as Canon EF 75-300mm Improve detection of Canon lenses with TC Andrea Giudiceandrea (1): Add Exif.Image.PageName tag (#1765) Antonio Rojas (1): Fix build with gtest 1.11 Attila Oláh (1): Fix compilation with -Wunused-variable Ben McCann (1): Enable video support by default Christoph Hasse (70): fix archlinux ci build docs: fix example command in man pages. closes #1685 (#1686) refactor!: remove free() function from DataBuf to avoid potential problems, see #1542 feat: Setup github actions workflow to build tagged release and nightly pre-release (#1676) refactor: move canon lens tests into new test directory refactor!: use lensfun style nameing for lenses refactor: use function to calculate raw exif value given aperture feat: rework lens test to account for ambiguous lenses fix: readd some previously removed lenses now that we plan to trea ambiguous lenses fix: prevent creation of nightly release with draf==true feat: improve lens recognition of canon makernote fix: fix bash test following the new canon lens identification fix: update tests following new canon lens identification fix: prefer symbolic boolean operators so windows is happy fix: make casts explicit to please msvc fix: workaround centos-8 bug-18212 fix: allow for FX.Y syntax in aperture regex fix: change duplicated Canon RF 100-500 2x into missing 1.4 teleconverter version fix: avoid processing MOV (quicktime) files when BMFF is enabled fix: add Sigma 30mm f/1.4 DC DN | C to canon lens detection feat: add test for #1782 refactor: remove FindRegex.cmake refactor: remove regex related cmake stuff refactor: replace old linux regex.h with regex from STL. refactor: use POSIX regex syntax as that is what was used before refactor: update readme to reflect regex changes refactor: avoid unused variable warning of regex_error refactor: remove leftover empty if statement remove exv_grep_keys_t type alias fix: SIGSEGV on parsing of config file. (introduced in main by clang-tidy fix) add test of config file based lens name determination first search cwd for config file then check home dir adapt test to make use of config file search in cwd adapt man pages to reflect new config file path behaviour Fixes for Max and Win make the ifdef in getExiv2ConfigPath a bit more minimal update man page to reflect what is done in code add Canon EF 100-400 2x, and make size of aperture lens matching delta dependent on teleconverter factor test: add new test for lens Update codecov badge in readme to show results of main branch refactor: small cleanup of test infra to avoid duplicate runs dont do codecov for samples and tests update codecov coverage github action and remove use of deprecated bash uploader check integrity of codecov executable check integrity of codecov executable fix: incorrectly triggered enforce check during preview extraction in LoaderTiff::getData(), closes #1829 workaround for softprops/action-gh-release#139 fix(testing): codecov reports (#2094) move test reference files into their own subdirectory feat(testing): add a new extensive regression test that runs exiv2 over every test file we have move test_regression_allfiles.py into its own subdirectory and add the test to cmakelists.txt Decoding of Canon HDRInfo tag fix(canon): cleanup canonAf2 and canonAf3 related code add .git-blame-ignore-revs file and add clang-format commit to it (#2170) also run format action on pull request fix naming of canon EF 35-80mm.closes #2247 add files from #2247 to regression test suite fix(ci) disable webready and curl for release builds [ci skip] fix(ci) adapt to breaking changes of upgrading github-script [ci skip] fix(video) bmffimage can not currently handle mp42 files so skip those feat(video) revive quicktime.{h,cpp} and adapt to codebase changes. fix(video) filetype detection: handle video via quicktimevideo.cpp and other ftyp files in bmffimage test(video) add small video file to execute some code in quicktimevideo.cpp fix(video) clang-format quicktimevideo fix(video) dont throw in isQTimeType fix(quicktimevideo) silence windows warnings fix(quicktimevideo) cleanup and hardening as suggested in review by @kevinbackhouse fix(quicktimevideo) avoid out of bounds read, closes #2340 test(quicktimevideo) add poc for #2340 fix(doc) mention video support in exiv2.md Colin Watson (2): Add custom update-pot target Annotate some strings with xgettext:no-c-format D4N (1): Add linux_distribution_check github action Daniel Vogelbacher (1): Use official Canon RF lens model names David Houlder (2): Canon cr3 previews (#1958) Performance boost: don't read boxes we're not interested in Dmitry Fedorov (4): fix for reading jpeg-xr images Update src/tiffimage_int.cpp Update src/tiffimage_int.cpp Added JPEG-XR test file (#1946) Eli Schwartz (1): meson: compile convert.cpp separately, with just iconv Evan Miller (2): Pass -fstack-protector-strong to linker Explicitly test for libproc.h (#1916) Fabrice Fontaine (1): add BUILD_WITH_STACK_PROTECTOR option Facundo (1): Output of -PV was not suitable for inputting to -m-, key was missing. (#1970) Gribouilleuse (3): Addition of 4 lenses Pentax Addition of 4 lenses Pentax Uppercase Pentax to PENTAX at lines 819 to 822 Heiko Bauke (1): fix out of range access, minor performance improvement Jakub Wilk (1): READMEs: Add whitespace around atx-style headers Jeka Pats (1): Add libFuzzer integration + report bug Jim Easterbrook (5): Hide "static constexpr auto" from SWIG Restore modified tags after TZ manipulation Add test files for PR 1999 / issue 1998 Use \" instead of ' for exiv2 command string Add key name to "Value not set" error message (#2149) John55h (1): Update canonmn_int.cpp Josh Soref (1): Spelling (#2067) Kevin Backhouse (288): Update security process. Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-jgm9-5fw5-pw9p Better bounds checking in Jp2Image::encodeJp2Header() Fix signed/unsigned compiler warnings. Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-5p8g-9xf3-gfrr Improve bound checking in WebPImage::doWriteMetadata() Regression test for https://github.com/Exiv2/exiv2/issues/1570. Fix out-of-bounds read in bmffimage.cpp Stop the test from failing when EXIV2_ENABLE_BMFF=Off. Fix signed/unsigned compiler warning. Fix signed/unsigned compiler warning. Fix LGTM warning about format specifier Check that the string is properly terminated. Add windows_distribution_check GitHub Action. Add more bounds checks in Jp2Image::encodeJp2Header Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-8949-hhfh-j7rj Add clarification about reproducibility requirements. Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2 Add bounds check in Jp2Image::doWriteMetadata(). Fix infinite loop caused by subBox with zero size. Prevent large allocation. Use readOrThrow to check error conditions of iIo.read(). Fix quadratic complexity performance bug. Remove obsolete snprintf macros. fix: zero initialize local variables. (#1743) fix: stricter date parsing in value.cpp (#1720) Replace sprintf with snprintf. feat: Codeql analysis (#1747) Defensive coding to avoid 0x80000000/0xFFFFFFFF FPE. Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-pvjp-m4f6-q984 Prevent divide-by-zero crash. Defensive coding to avoid 0x80000000/0xFFFFFFFF FPE. fix incorrect loop condition (#1752) Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-h9x9-4f77-336w Throw exception if lens info wasn't found. Check that findKey didn't return end(). Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-583f-w9pm-99r2 Better bounds checking in Jp2Image::printStructure Add custom CodeQL query for null iterator deref. Regression test for https://github.com/Exiv2/exiv2/issues/1763 Don't deref end iterator. CodeQL query to detect unsafe uses of std::vector::operator[]. Updates to make fuzzing work. Rename fuzz target Add printing and writing to fuzzer. Action that runs fuzzer for short amount of time on PRs. Add workflow_dispatch for manual trigger Fix indentation Try with sudo. Fix code scanning alert: "Multiplication result converted to larger type". Add -workers option to use all cores. Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-mv9g-fxh2-m49m Don't crash if s > size. Print message to stderr when EXIV2_DEBUG_MESSAGES is enabled. Better way to print the error message. Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-m479-7frc-gqqg dirLength == 0 can cause an infinite loop. Defensive programming in Image::printIFDStructure Ignore results in the xmpsdk directory. Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-v5g7-46xf-h728 Check that `type` isn't an empty string. Safer std::vector indexing. Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-hqjh-hpv8-8r9p Extra checking to prevent the loop counter from wrapping around. Defensive coding changes to avoid integer overflow in loop conditions. Better fix for potential integer overflow in `bytes.size() - 3`. Type of escapeStart should be size_t. Fix warning: comparison of integer expressions of different signedness Add a test to improve coverage in xmpsidecar.cpp Regression test for https://github.com/Exiv2/exiv2/issues/1793 Add `pbox_end` param to `BmffImage::boxHandler` to enforce box nesting. Support for 64-bit box lengths looked broken. address + box_length == box_end Enable fuzzing of bmffimage.cpp Extra protection against large allocations. Fix compiler warnings. Fix format specifier. Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-9jh3-fcc3-g6hv Make sure that read is complete to prevent infinite loop. Remove redundant check. Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-g44w-q3vm-gwjq &bytes[0] will crash if bytes has zero elements. Skip unittest because -pR is disabled in release builds so the test fails. Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-mvc4-g5pv-4qqq bufRead needs to be adjusted after seek() Improved handling of jpg segments to avoid out-of-bound reads. Fix compiler warning. Update src/jpgimage.cpp poc from GHSA-9jh3-fcc3-g6hv can now be parsed without error. Add comment to explain bounds-check. Add `markerHasLength` utility function. Fix build error when EXIV2_DEBUG_MESSAGES is enabled. Add fuzzing dictionary and test all printStructure() options Remove redundant call to exifData(). Regression test for https://github.com/Exiv2/exiv2/issues/1815 Add bounds-check to prevent out-of-bounds read in memcmp. Regression test for https://github.com/Exiv2/exiv2/issues/1817 Use DataBuf, rather than new[], for automatic delete when an exception is throw. Add static_cast to fix build error on Windows. Regression test for https://github.com/Exiv2/exiv2/issues/1812 Check size before allocation to avoid out-of-memory errors. Add comment to explain the bounds-check. Regression test for https://github.com/Exiv2/exiv2/issues/1819 Check that the string isn't empty Regression test for https://github.com/Exiv2/exiv2/issues/1827 Check value is in range before casting from double to uint32_t, to avoid undefined behavior. Update src/tags_int.cpp Use std::round for rounding to nearest. Replace assertion with an error message. Regression test for https://github.com/Exiv2/exiv2/issues/1830 Safer casting from double to long. Regression test for https://github.com/Exiv2/exiv2/issues/1838 Check that the float is within the range of an int before casting. Regression test for https://github.com/Exiv2/exiv2/issues/1841 Use DataBuf rather than raw malloc. Replace assertion with an error message. Regression test for https://github.com/Exiv2/exiv2/issues/1845 Replace assertion with an error message. Test for https://github.com/Exiv2/exiv2/issues/1821 Fix for https://github.com/Exiv2/exiv2/issues/1856 Add sanitizer flags when fuzzing. Add LSAN suppressions. Decouple EXIV2_BUILD_FUZZ_TESTS from EXIV2_TEAM_USE_SANITIZERS. Call Metadatum::print() to increase fuzzing coverage. Add special build mode for OSS-Fuzz. Add OSS-Fuzz status badge and CIFuzz integration. Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37363 Add test to improve code coverage. Regression test for https://github.com/Exiv2/exiv2/issues/1881 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37492 Only build XMLValidator when XMP is enabled. Add second test file for better code coverage. Make fields of DataBuf private. Fix build failure on Windows. Fix build failure. Add unit test for methods like DataBuf::read_uint32 and DataBuf::write_uint32. Make offset=0 the default parameter. Regression test for https://github.com/Exiv2/exiv2/issues/1887 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37889 Standardize on conan 1.39.0 Add doc to release build. Remove unused constructor that was causing a build failure in OSS-Fuzz. Regression test for https://github.com/Exiv2/exiv2/issues/1901 Comment out bogus code. Add more checks to prevent integer overflow. Throw an exception on integer overflow. Fix test failure. Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38887 Regression test for https://github.com/Exiv2/exiv2/issues/1912 Do the calculation in floating point to avoid integer overflow. Regression test for: https://github.com/Exiv2/exiv2/issues/1920 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39060 Add CodeQL query to detect variants of issue #1920. Add regression test to https://github.com/Exiv2/exiv2/pull/1918 Update copyright and bug-address Add second test to improve code coverage. Add third test to improve code coverage. Clarify ownership model of CiffComponent::pData_ Add workaround for conan outage: https://github.com/conan-io/conan/issues/9695 We only need to extract one byte. Fix Conan on macOS Fix Conan on macOS Use same Conan version on macOS as on other platforms. Use =default. More =default changes. Regression test for https://github.com/Exiv2/exiv2/issues/1954 Use std::move to transfer ownership of DataBufs. Delete the copy assignment operator to avoid accidental copying. Revert "Fix for https://github.com/Exiv2/exiv2/issues/1856" Fix indentation Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39555 Try a newer version of Conan. Add readOrThrow and seekOrThrow to BasicIo. Remove static functions readOrThrow and seekOrThrow. Remove Conan from MacOS build. Remove opensuse/tumbleweed, because the docker image is broken. Regression test for https://github.com/Exiv2/exiv2/issues/2006 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41438 Treat Exif.Sony1.PreviewImage as undefined tag. PoC image file for https://github.com/Exiv2/exiv2/issues/2027 Use memmove, rather than memcpy, because memory regions might overlap. Clarify policy on when a bug is considered a security issue (#2038) Fix bug in loop. It wasn't iterating over the elements of dateStrings as intended. Delete TiffEntryBase::isMalloced_ field and use a std::shared_ptr instead. Remove DataBuf::release() which is no longer used. Add storage parameter to setData. Add comments. Replace Value::toLong with Value::toInt64. (#2062) Replace Metadatum::toLong() with Metadatum::toInt64(). Convert type of pixelHeight/pixelWidth to platform-independent uint32_t. Fix compiler warnings. Move Metadatum::toUint32() implementation out of header file. Catch std::exception in iptcprint. Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45291 Add exclusion for issue_2160_poc.jpg Add poc for fuzzing coverage. More bounds checking in Adjust::adjustDateTime Replace long with int64_t in exiv2app.hpp Change return type of BasicIo::tell() to size_t. Fix some "signed shift" warnings. Fix some incorrect format specifiers. Fix some "signed shift" warnings Eliminate some false positive results. Regression test for https://github.com/Exiv2/exiv2/issues/2268 Replace assert with enforce. (Fix for https://github.com/Exiv2/exiv2/issues/2268) Add issue_2268_poc.jp2 to the exclude list. Move enums from tags_int.hpp to tags.hpp Fix some "unsafe vector access" warnings. clang-format Simplify the iptcDataSegs logic Use emplace_back Convert IfdId and SectionId to enum classes. Don't use long in floatToRationalCast Use int32_t in TimeValue Use size_t for the offset. Change type of sizeDataArea_ Use size_t Fix implicit type conversions. Refactor printIFDStructure depth increment Refactor printTiffStructure depth increment Convert type of depth parameter to size_t. Fix clang-tidy warning about double move. Change the return type of the 2Data functions to size_t. Fix implicit cast warning. Use std::map for faster lookup. Suggestions from @neheb and @piponazo. Correct error from #2301 Use std::unordered_set for tiffImageTags Use a switch Suggestions from @neheb and @piponazo Use std::unordered_map for TiffTreeStruct lookup. Remove unneeded constructor Replace TiffTreeStruct with std::pair Use emplace(). Regression test for https://github.com/Exiv2/exiv2/issues/2320 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49894 Regression test for https://github.com/Exiv2/exiv2/issues/2339 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50315 Regression test for https://github.com/Exiv2/exiv2/issues/2345 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50901 Avoid potential integer overflow. Fix clang-format error. Don't allow zero width/height in WebPImage::inject_VP8X Bump conan version to 1.52.0 Use getULong to read unsigned numbers. Regression test for https://github.com/Exiv2/exiv2/issues/2366 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51707 nul-terminate string clang-format Regression test for https://github.com/Exiv2/exiv2/issues/2352 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51241 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51751 clang-format Regression test for https://github.com/Exiv2/exiv2/issues/2383 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52382 Regression test for https://github.com/Exiv2/exiv2/issues/2385 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52355 Use Safe::add() in tiffvisitor_int.cpp Regression test for https://github.com/Exiv2/exiv2/issues/2393 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52731 Change return type of getFileLength() to int64_t. Use size_t for sizes and offsets. Fix issue 2380: bug in (unused) non-mmap code. Add #error so the build fails if mmap isn't supported. Use std::is_signed and std::enable_if. clang-format Regression test for https://github.com/Exiv2/exiv2/issues/2423 Add break to loop to fix issue 2423, plus some other cleanups. Use Safe::add Regression test for https://github.com/Exiv2/exiv2/issues/2427 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52767 Remove libinih from codebase and add it as a dependency instead. Update .github/workflows/on_PR_windows_matrix.yml cmake fatal error if inih library is not found. Add inih dependency Add EXIV2_ENABLE_INIH flag to enable building without libinih. Silence unused parameter warning when EXV_ENABLE_INIH is undefined. Use double type to improve floating point accuracy. Use toInt64() for hours and minutes, because they should be integer valued. Fix test failures on 32-bit platforms. Fix long-running loop Fix integer overflow which enables enforce to be bypassed. Enable video support by default Check that the pointer isn't NULL. Use enforce, not assert, to avoid crash. Convert tail-recursion to loop to avoid stack exhaustion. Suggestion from @neheb Minor refactorings to stop UBSAN from complaining. Luis Diaz (37): Rename GHA workflows for having more intuitive navigation cmake: Add missing source file Add unit tests for PngChunk::keyTXTChunk Add new BMP tests Fix MSVC warnings by casting integer values Fix release build (see #2085) ci: use conan cache in other windows builds ci: do not stop on failure ci: Enable Linux distributions pipeline on PRs Link against stdc++fs on Linux when it is needed Install new image_types.h header make startsWith constexpr and use string_view Recover IptDataSets::recordId in the API DateValue is now a bit more permissive with malformed dates Add unit tests for Error class Remove obsolete werror sample remove werror-test from README Use compiler deduction guides for error list Change Metadatum::copy return value from long to size_t Change Metadatum::size() return value from long to size_t More size_t for sizes More conversions to size_t while removing static_casts Add unit tests for Jp2Image revealing bugs (see #2147) doxygen: update doc style in Photoshop class Remove deprecated variable Add unit tests for Photoshop::isIrb(). Remove 2nd param from Photoshop::isIrb() since it is always hardcoded More unit tests for Photoshop methods ci: Try to fix job which is killed due to low memory? Move static functions to anonymous namespace Move private constants to .cpp JpegBase::markerHasLength moved to implementation details Factor out function readSegmentSize() Change logic to determine if segment has size Definition of new CMake presets & usage in CI jobs Update versions of conan dependencies ci: update conan version in all jobs Luis Diaz Mas (19): CiActions: Increasing matrix build for Windows Less CI jobs on push Fedora-MinGW build to Github Workflows ci - Remove old CI script files ci - cache conan packages on Windows builds ci - Add coverage run on main branch ci - Linux uses ninja ci - mac uses ninja ci - Use Ninja in rest of builds cmake: Add target for obtaining local covarage reports doc: Update notes about c++11 Add CTest support ci - Use ctest doc - Add Github Actions badges in doc ci - distros - fastTrue=False ci: Upgrade conan to version 1.51.0 Remove deprecated option in conan Enable Workflow dispatch on Windows CI jobs Replace cygwin github action Luis Díaz Más (307): Remove deprecated EPS format cpp: Replace auto_ptr by unique_ptr ci - changes to use c++11 remove some cmake old checks + newer gtest version eps - do not install header ci - Remove old ubuntu versions & use only 2 threads to build cmake - Modern use of consuming gtest ci - use pyton3 commands ci - More jobs for Travis-ci Use stack variables instead of java style Initialization of variables (fix issue detected with sanitizers) appveyor: drop Visual Studio 2013 support ci - Disable build Release+Sanitizers temporarily Remove deprecated ASF Video Remove deprecated SSH support Remove deprecated Matroska support Remove deprecated QuickTime support Remove deprecated RiffVideo support Remove EXIV2_ENABLE_VIDEO and related stuff Remove EPS tests localtime_r support on MinGW auto_ptr -> unique_ptr for code with WIN_UNICODE enabled Increase the timeout from 20 to 60 seconds cmake: new toolchain file for MinGW cross-compilation on Ubuntu Reenable Release+Sanitizers build Fix warnings related to -Wdeprecated-copy cmake: Treat xmpsdk headers as system ones Fix warnings EXIV2_TEAM_EXTRA_WARNINGS revert changes that are affecting to VS Doc: Update links in main so that the CI badges point to the proper branches Remove typedef to Dictionary::const_iterator Fix warnings in VS Remove rest of useless typedefs from datasets.hpp Replace many of the iterators types with auto Doc: Fix links in README.md and remove them from the conan one Revert "Remove deprecated EPS format" Revert "eps - do not install header" Revert "Remove EPS tests" eps: Fix code after usage of unique_ptr. Remove deprecation tags ci: update github actions ci: fix installation of gtest on ubuntu 20.04 cmake: disable -Wuseless-cast fix warning (hiding local variable) Do not treat warnings as errors ci: fix issues on Github actions Remove useless explicit constructor ci: warnings_as_errors OFF ci: alpine linux support fix tests expectations for alpine linux ci: trying to fix centos:8 build ci: add again arch linux & disable compilation&run of unit tests Fix -Werror=shadow warning after recovering EPS conan: update conan recipe versions gtest - remove wrapper which is not needed anymore ci: update conan version unitTests - use internal library object instead of recompiling sources ci: use -Wno-deprecated-declarations for avoiding gtest 1.10 warnings conan: fixes for Windows conan: use cmake_paths generator instead of cmake conan: put win dlls into bin directory ci-travis: trying to fix valgrind build ci: rescue appveyor config from old-master and backup others Win - Disable UNICODE which is failing at the moment ci: old expat & tune gtest options for windows conan - gtest debug_postfix only used in Debug mode increase timeout msvc: fix compiler warning on x86 appveyor: build BMFF + enable cache again cmake: ignore PDBs warnings on Win/Debug/Static buils cmake: revert change due to old cmake versions on CentOS & debian9 Fix MSVC build Move include/CMake to src Archive appveyor ci configurations Also test installation on Windows ci - win: Use ninja and Visual Studio shell Add missing public headers to install target Early access is always compiled MacOS build Github Actions - More builds on PRs ci: Remove travis builds Fixes in github actions No exe in executables ci - MacOS Matrix Rename github workflows ci - Special builds on Github actions ci - coverage build - deal with SHA issue ci - Add BMFF to windows matrix Remove old CI providers from main README ci - Do not create conanCache dir Copy mergify file from 0.27-maintenance ci - Use generic cmake way to compile and install ci - Add new special build with all project options enabled ci - Using gtest as static library to avoid mac linking issues ci - Use CTest in all the ci jobs ci - install tar in opensuse before checkout action ci - Use CTest for coverage builds cmake: find python3 and use it in tests cmake: remove obsolete targets ci - Win builds without unicode + with warnings as errors cmake - Use cmake -E to be able to run tests on different windows shells fix python tests on powershell BMFF python test - Output strings in different lines conan - change generator to be able to use latest expat version make win debug builds a bit faster Ignore missing PDBs mac - cmake_paths does not work directly on mac win - Only run tests on x64 ci - Win matrix jobs will also run on:push for main Python3 dependency is not obligatory ci - Replace debian:9 with debian:10 ci - Linux distros jobs being more explicit about options used Fix issues detected with PVS-Studio + other little improvements (#1689) ci: upgrade conan version on github actions (#2021) Revisiting cmake code for generating coverage reports (#2047) cmake: default c++ standard => 14 keyTXTChunk improvement Remove dead code Initialize uninitialized variables Replace magicValue with constant variable Add new tests in PngChunk & PngImage for increasing coverage Clang-format in pngchunk_int.cpp Check array index before inspecting it Upgrade C++ standard to c++17 (#2052) Upgrade centos:8 to centos-stream (#2066) Rest of tests to have 100% coverage in BMP class Add many tests for datasets Delete dead code clang-format on datasets.cpp Hide public details Add new tests for Iptc classes Delete unused IptcKey copy operator More tests Remove dead code More tests for IptcDataSets upgrade coverage scripts Recover some documentation strings Use auto to reduce verbosity around code dealing with iterators Add some TODO comments Remove dead code Simplify code around UniquePtr(s) & use make_unique over new Fix build on linux Simplify cloning in actions Modern implementation of Singleton Simplify TaskFactory Remove useless ops add doc pvs studio Add PVS-Studio to a Github action Allow to run special builds with manual dispatch Extracting secrets from github Run pvs-studio from build directorin where json file is Reduce retention days to 7 Be more explicit in codecov.yml cmake: export compile commands Revert "Delete dead code" ci-conan: be more explicit about desired compiler in conan profile (#2085) Remove deprecated test file remove usage of exiv2json in a test (#199) Move all tests depending on sample applications to bash_tests Remove deprecated bash tests cmake: warning message when python3 is not found Upgrade documentation regarding CMake & Tests (#2088) ci: remove conanCache from release workflow. Use newer python (#2092) Add system test to reproduce issue with special characters Remove dead code around EXV_UNICODE_PATH windows: Trick to get UTF-8 encoded argv in main entry point Replace platform specific code with std::filesystem ci: Use MSYS UCRT environment doc: update notes about MSYS Remove unused PRINTUCS2 CMake option Apply suggestions from code review Fix remaining wrong brackets Include CanonFlashInfo (somehow missing after cherry-picking) Use AutoRotate Add characterisation test for ImageFactory::create(type) Replace ImageType namespace by a enum class No need anymore to include each image header to use the ImageFactory New tests to check what happens with ImageFactory::create(crazyValue) bug: Fix crash when calling ImageFactory::create(none) test ImageFactory::load with existing images in test/data Add tests for ImageFactory::checkMode (for all the supported image types) Change order of ImageType values doc: Remove CI PR-status from main README ci: Do not run CI jobs on documentation changes Move exiv2 app into its own folder add characterisation tests for utils simpler implementation of startsWith Remove startsWith from utils replace is only used in actions.cpp Utils::strtol only used in the app Remove unused headers Replace dirname implementation with std::filesystem Replace basename implementation with std::filesystem Replace suffix implementation with std::filesystem get rid of suffix Remove Util::dirname and finally the util files Fix build on Windows Improvements in urlencode Make urldecode in-place Use std::filesystem for fileExist Hide pathOfFileUrl in the only place where it is used BasicIo::path() returns const ref ReplaceStringInPlace does it in-place now Use rename from filesystem Use remove from filesystem Image::setComment now takes string_view Remove dead code (winNumberOfLinks) Remove dead code (LSTAT) Remove dead code: copyXattrFrom Remove dead code Replace dynamic C array by std::vector cppcheck: reduce scope of variables Replace raw loop for any_of Use filesystem in getExiv2ConfigPath Remove many redundant or not needed header inclusions Use fs::file_size instead of stat Clean config.h from old stuff Clean more header inclusions Use standard [[maybe_unused]] Fix build on linux Improvements from code review Fix build when EXIV2_BUILD_MESSAGES is ON Move params construction to the .cpp file Implement Params singleton in modern C++ way Hide member variable Replace dynamic array for std::vector Build hash table in place Avoid naked new operator in sample apps Replace naked new operators Replace DataBuf internal buffer with std::vector Replace c style arrays by std::array Fix another case revealed by tests Simplify DataBuf No need to define copy & move ctors Remove useless DataBuf::clear() Factor out duplicated piece of code Several transformations on DataBuf + migration to size_t Fix issues found by fuzzer Fix warnings and place return statements separated from if Fix more issues found by fuzzer Fix windows builds Use SPDX for licenses (#2122) Do not define not needed stuff Remove unused file _fileno is only for Windows Remove unused stuff Removing unused headers thanks to IWYU hexdump to size_t Use [[maybe_unused]] Add missing header to the CMake configuration Removing unused headers thanks to IWYU Use SPDX identifiers in more files Fix build on Windows Use auto for unique pointers Fix mac build C++-style headers windows.h Fix debug builds Should fix build in some Linux distros Convert Exiv2::ErrorCode into an enum class remove templating & simplify error message CI: Add new workflow to check clang-format Remove dead sample apps Add bash script to format whole project Update .clang-format file & apply clang-format to whole project doc: add clang-format notes to CONTRIBUTING.md Jp2Image: Implement more checks from JP2 standard + fix bug Adapt tests to changes in JP2 JP2 - stronger checks on Signatuer and FileType boxes Fix windows build Rename variables for better readability Help for formatting enums & arrays with clang-format Remove most of the asserts from codebase Improve compare function: no need to count chars Usage of EXIT_SUCCESS/FAILURE instead of hard-coded values Remove DataBuf::copyBytes and use std::copy instead Remove useless static_casts Update .clang-format to align pointers to the types Fix out of bounds read in isValidBoxFileType() Remove exiv2json sample and tests depending on it ci: split command in several lines ci: Use interprocedural optimization (LTO) in releases cmake: exiv2-xmp is now an OBJECT library Detect integer-overflow and throw in that case Add POC file Link fuzz app against std::filesystem libraries Fix integer overflow #2179 Move Photoshopb class to internal namespace Include missing iostream header in photoshop.cpp Use std::pair to return multiple values Use .front() to avoid warning from static analysis Fix issues on ARM builds (#2205) Throwing when trying to access TooFar elements in DataBuf Fixing bad usages of DataBuf (when it is empty) DataBuf::c_data() returns nullptr when empty + avoid duplication More tests for DataBuf read/write functions Remove duplication by using templates Test parseUint32 and fix it when number is out of limits More tests for rational convertions Move string helpers to utils Reduce amount of string transformations Remove deprecated todo Move 1-liner to header file utils are in Internal namespace Revert some boilerplate which is not needed ci: move pvsStudio job to its own workflow & use new flag Fix special builds for main Update ubuntu-latest tag to ubuntu-22.04 (#2439) Matthias Kuhn (1): Fix building on ios Michael Allman (7): Make Exif.NikonAf2.ContrastDetectAFInFocus and Add autogenerated documentation for NikonAf22 tags to html docs Print value of ContrastDetectAFInFocus as Yes/No. Change internal When selecting which version of nikonAf2 metadata to parse, include the Document origin of data size specifications for Nikon maker note tag 0xb7 Add a workflow build/test for macOS+Sanitizers Guard against parsing "inf" into an int64 in the EasyAccess/ISO API. Miloš Komarčević (71): Add Exif Gamma tag Update Gamma tests Improve printing of GPS info Improve precision of GPS lat/lon printed values Correct GDS distance unit in description Add Exif Gamma tag Update Gamma tests Improve printing of GPS info Improve precision of GPS lat/lon printed values Correct GDS distance unit in description Update bmffimage.hpp include order and path Add Sony ARW compression to dict Update test for image/jxl Extending Nikon3.ColorBalance version coverage Fold into common 02xx versions Limit CR3 previews to JPEG only Expose unsupported CR3 previews as binary Add more DNG 1.6 tags (#2023) Forward CI changes Do not use exact string match for errno output Improve config file platform test Strip XMP raw packet before decoding Update tests after XMP stripping Update CI actions (#2143) Initial support for OM System MakerNote Add OM System MakerNote test Add some F mount lenses Account for header bytes for Exif and XMP boxes Add more JXL tests PNG: always strip the existing iCCP chunk Add Nikon LensData v0802 Add more Nikon Z lenses CI: cancel running jobs on updates Add Nikon3.WhiteBalanceBias2 Exif start can be at any byte in payload, not word aligned Support brotli compressed boxes in JPEG XL Update README for brotli dependency Match Conan's cmake find module case for Brotli Use local cmake module path the last Make brotli dependency controllable Install deps for and bump CodeQL action Use safe add to prevent overflow Avoid buffer reallocation (#2392) Add more Canon RF lenses Add an RF lens regression test Remove translatable mark from RF lenses Add more Canon RF lenses and camera IDs Add Canon R6m2 ID CI: improved in-progress job canceling CI: bump conan version CI: bump clang-format actions Prefer writing PNG eXIf chunk CI: inih now available for Cygwin Handle relative and absolute paths for pkg-config file Add static linkages to pkg-config file Switch to CMake provided FindIconv Export QuickTimeVideo Update some Canon IDs (#2501) Explicitly include stdint (#2558) Add some more Nikon Z lenses Add Sony ZV-E1 ID Fix shared object versioning Add equivalent soversion to meson build makernotes: workaround for Olympus header corruption Update Sony file format table Support for parsing DCP files Add DCP regression test Add DCP to list of supported file types Add test case for #2542 Add regression test output Make CMake summary for samples depend on app Mohamed Ali Chebbi (37): 1748 Video Support in V1.0: part 1/3 : support MatroskaViedo (#2413) 1748 Video Support in V1.0: part 2/3 : support Riffvideo (#2415) 1748 Video Support in V1.0: part 3/3 : support Asfvideo (#2416) Encapsulate video support with compilation variable EXV_ENABLE_VIDEO (#2448) add test/data for video support add test/data for video support : delete filename (unuseful) add test/data for video support : make asfvideo more readable and fix some issues add test/data for video support : gix issue in riff video and reference data test add test/data for video support : format issue Rework Asf and Riff formats ; add test/data for video support Format issue add test/data for video support : fix ci issue add test/data for video support : windows compilation issue add test/data for video support : Format issue add test/data for video support : Fix test issue add test/data for video support : Fix codeQL warnings add test/data for video support : add enforce exceptions add test/data for video support : delete riff HeaderReader add test/data for video support : delete unused parameter from readList method add test/data for video support : restore Riff HeaderReader and reserve addtional byte in readStraingTag add test/data for video support : use readStraingTag instead of read add test/data for video support : enhance Debug messages add test/data for video support : rename Xmp.video.Duration to Xmp.video.duration add test/data for video support : rework readStringWcharTag method add test/data for video support : rework readStringWcharTag method 2 rework of aspectRatio calculation for all video formats and rework the decoding of asf tags compilation issue on Mac OS compilation issue on Mac OS 2 compilation issue on Windows fuzz issue : check that block is not corrupted before decoding fuzz issue : add debug message for futur use asfvideo fuzz issue : nb_headers should not exceed the max value of uint32 Current master fails with image #2565 Current master fails with image #2565: segmentation fault when trying to access outofband offest Current master fails with image #2565: segmentation fault when trying to access outofband offest: check all locations Update src/jpgimage.cpp Current master fails with image #2565: segmentation fault when trying to access outofband offest: add test files Moshe Kaplan (1): Update README.md Nehal J Wani (1): Exiv2 v0.28.0 Peter (18): Add camera models for NikonFl3 makernotes group (#1994) Fix minor whitespace formatting Fix pr#2053 for native Windows builds (#2058) Fix `exiv2`: verbose extract stdout mutli-file (#2068) Fix test_pr_1905.py for native 2019msvc64 (#2108) (#2112) Add tag website build text to README.md (#2113) Add tag description option to exiv2 app (#2279) Update olympus tags (#2246) (#2249) Add request for exiv2 version/source (bug report) (#2331) Update Nikon flash tags (#2274) Update git issue report (#2334) Update git feature request (#2342) Update Sony(1|2) tags (#2323) Fix/add exceptions for BMFF based files (#2364) Update makernote model ID tags (#2389) Fix seg fault when using `iconv_open()` (#2403) Update README.md wrt BMFF (#2405) Update `Exif.SonyMisc3c.*` and `Exif.Sony(1|2).SonyModelID` (#2420) Peter Kovář (2): Corrected JPEG XL file type Removed tag handled separately Robin Mills (38): bump_v1.00_version Ubuntu 18.04 is failing because it's using python2! fix_ci_ubuntu18.4 Try 2. Try 3. Try 4. Give up. Restore original script and comment off/exclude 18.04 I thought the 18.04 request was commented off. Apparently not. Throw it away. Shshshssssss. FFfffff. Commented off code was good. WebUI confused me. Manually go back (apparently no reverse gear on git). fix_enableBMFF_v1 Only reveal class bmffimage in include/exiv2/bmffimage.hpp ifdef EXV_ENABLE_BMFF fix_1558_cmake_build_type bump_v1.00_version fix_enableBMFF_v1 Only reveal class bmffimage in include/exiv2/bmffimage.hpp ifdef EXV_ENABLE_BMFF Fix Cygwin64 to use -std=gnu++11 (instead of -std=c++11). MinGW/msys2 remains broken on CI. It's OK on my machine. Fix icc_test which is failing on Linux: Fix Ubuntu 20.04/Release/Sanitizer test breaker Don't build with C++98 on Cygwin jobs GitLab/Fedora/MinGW Disable EXIV2_TEAM_WARNINGS_AS_ERRORS. exifprint_lint Forgive "SHORT or LONG" tags. Add test code. Fixing typos. Fix python test code to run on Windows. fix_1516_include_path Update SECURITY.md fix_1416_iptc_DateCreated (#1547) Updating documentation to respect ctest. Restored test lensTest. Minimized differences between main/README.md and 0.27-maintenance/README.md. Adding version_test.py. Fixes following review. Fixes following review. Fix `$ $` typo. Well spotted, @kmilos. Fixing tests. test_issue_981.py is now running all 6 commands. The output Key has correctly changed. The type and value are wrong. Rewire Canon MakerNote 0x0026 (AFInfo) to allow TiffDecoder::decodeCanonAFInfo to handle this tag. Fixing test following Christoph's Review. (Christoph is one clever Mother!) Fix regressionTests with modified reference files. `cp test/tmp/* test/data/test_reference_files/` Delete contrib/organize directory Rosen Penev (425): xmpsdk: don't use register clang-tidy: use = delete clang-tidy: use braced init list convert Pair to std::pair clang-tidy: range for loop conversions clang-tidy: use = default clang-tidy: simplify boolean expressions clang-tidy: don't check for NULL with delete clang-tidy: use using clang-tidy: remove pointless static clang-tidy: use default member init clang-tidy: use override clang-tidy: use empty() instead of comparing size clang-tidy: don't use string compare clang-tidy: remove pointless string init clang-tidy: empty() conversions clang-tidy: simplify boolean expression default con/destructors in headers clang-tidy: fix declartation names clang-tidy: remove redundant member init fix bad for range loop clang-tidy: remove duplicate public clang-tidy: remove pointless const fix compilation with EXIV2_DEBUG_MESSAGES clang-tidy: add ending namespace comments clang-tidy: fix badly indented if clang-tidy: make several member functions const clang-tidy: don't use else after return replace {} initialization with fill clang-tidy: use uppercase numeric literals clang-tidy: range loop conversions manual for range loop conversions clang-tidy: use auto clang-tidy: run through performance checks clang-tidy: pass by value remove pointless constructors clang-tidy: init in member initializer more constexpr clang-tidy: convert to static clang-tidy: add missing explicit clang-tidy: use C++ casting some range loop conversions Jzon: algorithm conversions clang-tidy: remove pointless return clang-tidy: fix ending namespace comnments use auto in template clang-tidy: no else after return clang-tidy: use dynamic cast default con/destructors in headers clang-tidy: remove pointless member init remove initializers remove some pointless std::set clang-tidy: avoid global non const variables clang-tidy: use nullptr remove old MSVC hacks clang-tidy: simplify bools clang-tidy: do not use else after return clang-tidy: use default member init clang-tidy: use = default con/destructor fixes clang-tidy: replace virtual with override clang-tidy: do not use 0 for bool clang-tidy: remove dedundant initializer clang-tidy: replace throw with noexcept clang-tidy: remove redundant specifiers clang-tidy: pass by value clang-tidy: use auto clang-tidy: use override clang-tidy: add explicit clang-tidy: use nullptr clang-tidy: use braced init list remove most usages of std::make_pair use more emplace_back make array constexpr move namespace fs below includes move initializations to class simplify ReplaceStringInPlace slightly clang-tidy: use braced init list clang-tidy: use concat namespaces clang-tidy: use default clang-tidy: use auto clang-tidy: range loop conversion clang-tidy: replace typedef with using constexpr string conversions manual braced init conversion clang-tidy: use emplace_back manual nullptr conversions clang-tidy: use empty() instead of size() clang-tidy: remove pointless get() clang-tidy: simplify bool clang-tidy: get rid of compare() usage clang-tidy: remove C casts replace several typedefs with using use make_unsigned_t misc stuff clang-tidy: add some missing operators manual namespace concatenations clang-tidy: add ending namespace comment clang-tidy: don't use else after return/throw conversions to make_unique manual unimplemented operator = delete remove some new replace EXV_COUNTOF with std::size clang-tidy: don't use C casts manual move conversions manual nullptr removals some std::array conversions (#2148) clang-tidy: C array to std::array conversions std::array conversions find to std::find static constexpr conversions remove various usages of memset const member function const variable use empty() add missing destructor use = delete and move to public delete nodiscard addition std::function remove unused var from deleted stuff clang-tidy: use auto clang-tidy: add more nodiscard clang-tidy: use default function move clang-tidy: use C++ headers replace Sleep with sleep_for some chrono clang-tidy: use any_of clang-tidy: no else after return clang-tidy: do not use using namespace clang-tidy: fix inconsistent decleration C to std::function struct to std::pair conversions structured binding conversions use auto clang-tidy: add parentheses to macros clang-tidy: use strcmmp properly replace ret variable with return statement try to actually fix null pointer deref remove some unique_ptrs clang-tidy: default member init clang-tidy: replace throw() with noexcept clang-tidy: use delete clang-tidy: use nullptr clang-tidy: manual clang-tidy fixes clang-tidy: manual special functions replace malloc/free with new/delete algorithm conversions remove unused class declarations add constexpr constructor remove default constructor clang-tidy: default member init std::pair conversion minor clang-tidy fixes (#2213) std::function conversions clang-tidy: remove const params in decls reference conversions remove const std::function fix misplaced const remove some double pointer stuff replace readlink with std::filesystem fix mmap compilation use _v clang-tidy: replace pointer magic with data() clang-tidy: add missing special member functions clang-tidy: C casts to C++ clang-tidy: use default member init clang-tidy: add missing override clang-tidy: use C++ casts clang-tidy: no else after return clang-tidy: some llvm- warnings clang-tidy: remove const char operator pass bool by value clang-tidy: remove const clang-tidy: use auto clang-tidy: missing override clang-tidy: replace + with append() clang-tidy: fix mismatching declaration variable try to fix some fanalyzer warnings clang: remove pointless ; at the end of function remove friend operator clang-tidy: use '' for find fix some gcc -Weffc++ warnings find_if conversion find_if and lambda conversions use some auto make upper the same as lower const ref conversions remove pointless &* remove string_view from headers Make headers compatible with C++11 return make_unique directly make_unique conversions po: update files replace [0] with front() where applicable sonarlint: replace lock_guard with scoped_lock sonarlint: replace loop with find_if sonarlint: add an empty do while loop clang-tidy: use auto clang-tidy: avoid C casts replace shared_ptr with make_shared misc sonarlint changes replace structs with std::pair strcmp to == conversions remove GroupName struct get rid of extern const simplify switch statement with returns enum class conversion remove unused using remove explicit constructor default init static variable const conversions misc sonarlint cleanups remove c_str for fs stuff fix compilation with mingw iconv remove pointless UNUSED statement fix iconv handling and windows simplify some defines manual replacement of [0] with front() don't use w32 sockets for cygwin revert std::function back to function pointers remove constructor fix compilation without mmap and non win32 cmakelists.txt: run through cmake-format replace custom gcd function with std std::to_string conversions remove pointless x_default variable move structured bindings up remove using Add more MIME type mappings for TIFF-based raws misc sonarlint stuff use reference to work around MSVC bug cland-tidy: simplify booleans get rid of nested if conditions replace find/rfind with startsWith Use std::enable_if_t and std::is_signed_v. early exit clang-tidy: various fixes clang-tidy: use make_unique use find instead of std::find_if replace any_of with find use some future C++ stuff when possible static_cast make_unsigned clang-tidy: apply to newly merged stuff get rid of -fanalyzer memory leaks clang-tidy on Windows use some if constexpr fix __cplusplus check for MSVC wmain: build as c++ instead of c manual default member init add const avoid reassignment remove double libintl check return nullptr instead of reset fix copy constructors add missing const use find instead of count replace substr with resize/pop_back remove unused variable static_cast xmpsdk: Fix dangling pointer warning fix C++20 deprecation warning fix WIN32 macro std::find to find template more std::find to Exiv2::find use gnu_printf move inline to declaration clang-tidy: add const to parameter safe_op: C++17 improvements add support for gcc and clang 7 namespace enforce.hpp functions to Internal use __has_include remove manual math work around windows.h min/max macros move initialization up default initializations remove deleted Image member functions do the same for Io functions more delete removals remove some overriden defaulted destructors add missing member functions remove deleted members from static classes add meson build add basic meson CI meson: g++-[789] build use EXV_ICONV_CONST remove mmap/munmap checks remove unused defines add missing & meson CI: test static library as well remove constructors simplify loop std to Exiv2 find clang-tidy fixes for recent stuff swap variables use numeric limits instead of -1 don't assign in while replace switch with if/return unreachable code use if constexpr fix comma warning fix implicit conversion clang-tidy: cast initial variable clang-tidy: don't assign in if use lower() clang-tidy: replace memcpy with copy_n replace standard check with feature test macro replace std::pair and tuple with C structs clang-tidy: no else after return clang-tidy: add explicit meson: make xmp boolean a feature meson CI: build with verbose meson CI: add library type to name meson CI: add special clang and libc++ CI meson: add support for linux libc++fs meson: bump warning level link against gtest-main remove base constructor github CI: install gtest with brew unitTests: fix old API usage make conversions explicit use upper() function fix memory leak replace localtime with _s/_r variant explicit conversion fix wrong snprintf format replace array with vector use count_if use std::replace meson: split off internal library meson: add unit tests template second parameter for startsWith add contains function meson: move warning/sanitizer stuff to CI meson CI: build as C++20 avoid shadowing warning github CI: add dependabot github CI: install regular conan github CI: use python -m pip default init variable fix off by 1 error cast expression close socket before return direct init structs clang-tidy: default init various members Remove some constructors use find() use GetCurrentProcessId on Windows github CI: remove no warning options meson CI: use env section meson CI: add lld to clang meson CI: add more clang versions meson CI: add GCC10 too meson CI: build for 32-bit Windows too meson CI: add /analyze for MSVC github CI: use env github CI: remove EXIV2_ENABLE_VIDEO github CI: use ilammy/msvc-dev-cmd github CI: test x86 on Windows coverity: add move operations get rid of convertToUint64 coverity: remove dead code SonarLint cleanups github CI: update conan github CI: remove NoConan meson: update wraps github CI: update conan add various moves meson CI: use vc++latest fix compilation under FreeBSD remove old MSVC workaround remove MSVC hacks replace enable_if with if constexpr clang-tidy: no _ in tests get rid of Key() move operations gcc: remove redundant struct gcc: noexcept gcc: ifdef random fixes extern to static MSVC warning fixes remove inline function don't assign an fs::path to a string clang-tidy: don't use non const refs more SonarLint cleanups clang: fix various documentation errors clang: small fixes remove several constructors constexpr some constructors remove constexpr std::array removals get rid of EXV_CALL_MEMBER_FN geotag: add GCC7 support make runner.py executable meson: build samples meson: remove now unused checks easyaccess const changes remove codecvt direct initialize some structs clang-tidy: remove const from data members meson: fix tests when zlib is disabled geotag: fix compilation with MSYS don't compile WIN32 stuff when iconv is present meson: build iconv with FreeBSD meson CI: add FreeBSD meson CI: remove static build meson CI: add MSYS2 use using in slice remove EXIV2API from src meson: add libobsd wrap meson: only define MinGW stuff for non UCRT meson CI: move clang workflow to the same file meson CI: test oldest and newest compilers only meson CI: remove /analyze meson CI: test all features enabled and disabled meson: fix UCRT check convert manual loop to find remove some unused defines. sonarlint cleanups clang-tidy: add nodiscard const ref to ref conversions clang-tidy: replace defines with enum simplify loops fix asfvideo unicode handling Shawn Baker (1): libcurl is now optional. Updated to the latest versions of libcurl and expat. (#1992) Steve Robbins (1): xmpsdk: Unconditionally use <stdint.h> Sturmflut (8): Add Sigma 12-24mm F4 DG HSM Art lens for Nikon Add test for Pull Request #2069 (Sigma 12-24mm F4 DG HSM Art lens for Nikon) Fix branch names in CONTRIBUTING.md (master was renamed to main) Fix branch names in GIT_GUIDELINES.md (master was renamed to main) [nikon] Add Tokina AT-X 14-20 F2 PRO DX lens [nikon] Add instructions for adding new Nikon F mount lenses [tests] Add test for Tokina AT-X 14-20 F2 PRO DX lens on Nikon bodies [nikon] Add Tokina ATX-i 11-20mm F2.8 CF lens (#2072) Viktor Schneider (17): add support for more fujifilm tags remove auto range for DynamicRangeAuto setting print newer labels first when interpreting Fujifilm tags remove redundant TagDetails and fix formatting add some fujifilm tags from exiftool and extend TagDetails remove TODO entries fix typo in fujiSharpness and prevent undefined behaviour when shifting signed values add comment that fujiColor value 512 differs from exiftool update test cases to respect new fujifilm tags apply fujif…
Hi @clanmills @kevinbackhouse,
There is a memcpy-param-overlap bug in src/tiffvisitor_int.cpp:748:17, and the bug is reproducible on the latest release v0.27.5 and main 65fad9d.
Thank you
Describe the bug
memcpy-param-overlap in src/tiffvisitor_int.cpp:748:17 (Exiv2::Internal::TiffEncoder::updateDirEntry(unsigned char*, Exiv2::ByteOrder, Exiv2::Internal::TiffComponent*))
PoC
poc.gz
Environment:
Ubuntu 20.04.3 LTS (x86_64)
clang version 13.0.1 (https://github.com/llvm/llvm-project.git 19b8368225dc9ec5a0da547eae48c10dae13522d)
To Reproduce
AddressSanitizer Report:
The text was updated successfully, but these errors were encountered: