2020.08.16 13:51 "[Tiff] Disable Old JPEG in libtiff by default!", by Bob Friesenhahn

2020.08.16 15:52 "Re: [Tiff] Disable Old JPEG in libtiff by default!", by Even Rouault

In 1995 Adobe published DRAFT TIFF Technical Note #2 which abandoned the JPEG format described by TIFF 6.0. It is now 2020, which has provided plenty of time to stop using the deprecated/defunct format and convert existing files to the modern format.

The libtiff configure script enables support for reading old JPEG by default. I propose that the libtiff default should be to disable support for old JPEG.

While support for the deprecated old JPEG was substantially improved by libtiff 4.x (thanks to considerable effort by Joris Van Damme), support for it is not likely to become any better in the future. The old JPEG format had fundamental defects which caused Adobe to discard it.

Leaving support for old JPEG enabled in libtiff increases its default security exposure, and increases the default security exposure of all distributions which use the default.

Is there any reason this change should not be made now?

Bob,

Regarding security issues in the codec, the last things I looked at were false positive with the memory sanitizer due to libjpeg-turbo using by default hand-written assembly for SIMD acceleration, which cannot be instrumented by MSAN at build time. There's an env variable in libjpegturbo to disable those SIMD accelerated routines when debugging this kind of issues.

More generally, I don't care that much about the OJPEG codec, although there are apparently still people reading such images, since we got bug reports when some recent bug fixes rejected valid images.

I was thinking that a potential compromise could be to still build the codec by default, but require some environment variable (LIBTIFF_ENABLE_OJPEG ?) to be set to proceed to the actual decoding (*). There could be some warning thrown in the Init method of the decode to advertize this.

Even

(*) although there might be some complication since I believe that the generic directory opening code has a special case in the OJPEG case to read the codestream to be able to recover missing tags

Spatialys - Geospatial professional services
http://www.spatialys.com