Release 0.12.1

Fuzzer bugfixes and EED 3 for layer handle.
See NEWS

.appveyor.yml

@@ -1,4 +1,4 @@
-version: 0.12.{build}
+version: 0.12.1.{build}
 max_jobs: 4
 image: Visual Studio 2019
 environment:

ChangeLog

@@ -1,6 +1,111 @@
 Full history from the git log
 -----------------------------
 
+2021-01-31  Reini Urban  <[email protected]>
+
+	Release 0.12.1
+	Fuzzer bugfixes and EED 3 for layer handle.
+	See NEWS
+
+2021-01-31  Reini Urban  <[email protected]>
+
+	dwgbmp: fix Preview offset
+	honor the sentinel, esp. >= 2004
+	and fix the size overflow check.
+
+	dwgbmp works now again.
+
+2021-01-31  Reini Urban  <[email protected]>
+
+	unit-testing: -Wuninitialized MTEXT.num_column_heights
+
+2021-01-31  Reini Urban  <[email protected]>
+
+	fix eed_3.layer from 4 to 8 byte
+	causing wrong offsets into the entities. many thanks to @shanzhugit
+	for the DWG example with a EED layer code 3, and wrong entity data.
+	Fixes GH #310.
+
+	This is analog to the xdata OBJECTID which also takes 8 byte.
+
+2021-01-31  Reini Urban  <[email protected]>
+
+	bit_TU_to_utf8_len, bit_read_TU_len
+	and swap the strict-align variants (ubsan) of wchar bytes
+
+2021-01-30  Reini Urban  <[email protected]>
+
+	dwgadd: -Wsometimes-uninitialized
+	on clang
+
+2021-01-17  Reini Urban  <[email protected]>
+
+	decode: fix LOG_TF for null strings
+	fuzzed DWG's only
+
+2021-01-17  Reini Urban  <[email protected]>
+
+	harden dwg_get_first_object
+	not only check the type, but also if _obj is valid.
+	Simplifies a lot of checks.
+
+	dwglayers got a new error warning and early exit
+
+2021-01-17  Reini Urban  <[email protected]>
+
+	eed: detect size overflow earlier
+	we read the size into a short, but multipled it with 2, with possible overflow.
+	eg. with a wstring len of 32810 => 65622 overflowing an ushort.
+	This may lead to a subsequent encode_eed overflow.
+	Fixes GH #307, with invalid fuzzed DWG only
+
+2021-01-17  Reini Urban  <[email protected]>
+
+	decode: check wrong APPID_CONTROL's with malcrafted DWG's
+	add more checks when we search for the matching APPID for
+	ACAD_MLEADERVER with a broken MLEADERSTYLE object.
+	Fixes 1/2 of GH #307
+
+	Modified-by: Reini Urban <[email protected]>
+
+2021-01-17  Reini Urban  <[email protected]>
+
+	dwg_find_class: null-deref of empty class.dxfname
+	which must not happen, but fuzzers create such invalid DWGs.
+	assert more null args for internal code.
+	Fixes GH #309
+
+	dwglayers: fail on empty layer name
+	and report its handle.
+	detected by fuzzing, only invalid DWG's have no layer name.
+	Fixes GH #308
+
+	decode_3dsolid: skip unknown versions
+	usually only needed for fuzzed DWGs
+	See GH #304
+
+	json: more null-deref protections
+	Fixes GH #306, fuzzed by Chew Kin Zhong
+
+	decode preR13: stricter table checks
+	error fatally on wrong end of table offset.
+	heap-buffer-overflow from GH #304, but this code is not
+	used in release versions.
+
+2021-01-17  Reini Urban  <[email protected]>
+
+	decode: wrong TFF VECTOR_CHKCOUNT, fix TFF overflows
+	protect from invalid free on static TFF fields on overload.
+
+	See GH #304, fuzzed by Chew Kin Zhong
+
+2021-01-17  Reini Urban  <[email protected]>
+
+	fix dwg_next_entity null-derefs
+	with broken/undecoded entities from fuzzed DWGs.
+	Fixes GH #305, out_svg. fuzzed by Chew Kin Zhong.
+
+
 2020-12-31  Reini Urban  <[email protected]>
 
 	Release 0.12

NEWS

@@ -1,7 +1,30 @@
 GNU LibreDWG NEWS -- history of user-visible changes.  -*-indented-text-*-
-Copyright (C) 2020 Free Software Foundation, Inc.
+Copyright (C) 2021 Free Software Foundation, Inc.
 See the end for copying conditions.
 
+LibreDWG version 0.12.1 - 2021/01/31 - beta:
+
+Major bugfixes:
+  * fixed dwg_bmp() and dwgbmp for >= r2004. Wrong dat offset.
+  * Fixed EED with code 3 for layer handles. (Fixes GH #310, shanzhugit)
+  * Fixed bit_convert_TU utf8 conversion with ubsan, wrong endian-ness.
+  Various fuzzing errors detected and fuzzed by Chew Kin Zhong (See GH #304):
+  * Fix possible null-deref with broken DWG's in dwg_get_first_object.
+  * Fix possible null-deref with broken DWG's in dwg_find_class with empty
+    CLASS.dxfname. (GH #309)
+  * Fix possible null-deref with broken DWG's in dwglayers with empty
+    LAYER.name. (GH #308)
+  * Fix short integer overflow in EED checks when decoding malcrafted DWG's,
+    which also led to encode buffer overflows. (GH #307)
+  * Fix possible null-derefs with broken DWG's in json export. (GH #306)
+  * Fix possible null-deref with broken DWG's in dwg_next_entity iterator. (GH #305)
+  * Fix wrong TFF overflow check for static strings, where we cannot set
+    the string nor the size. (GH #304)
+  * Fix heap-overflows and invalid free's when decoding broken 3DSOLID's
+    in malcrafted DWG's. Only accept version 1 and 2. (GH #304)
+Minor features:
+  * Added string converters with known TU sizes: bit_TU_to_utf8_len, bit_read_TU_len.
+
 LibreDWG version 0.12 - 2020/12/31 - beta:
 
 New features:

libredwg.spec

@@ -1,6 +1,6 @@
 # -*- sh -*-
 Name:           libredwg
-Version:        0.12
+Version:        0.12.1
 Release:        1%{?dist}
 Summary:        GNU C library and programs to read and write DWG files
 
@@ -137,6 +137,9 @@ fi
 #TODO add to {_libdir}/perl5/perllocal.pod
 
 %changelog
+* Sat 16 Jan 2021 Reini Urban <[email protected]> 0.12.1-1
+- upstream update. Security fixes
+
 * Thu 31 Dec 2020 Reini Urban <[email protected]> 0.12-1
 - upstream update. Add dxfadd
 

programs/dwg2SVG.1

@@ -1,7 +1,7 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.14.
-.TH DWG2SVG "1" "December 2020" "dwg2SVG 0.12" "User Commands"
+.TH DWG2SVG "1" "January 2021" "dwg2SVG 0.12.1" "User Commands"
 .SH NAME
-dwg2SVG \- manual page for dwg2SVG 0.12
+dwg2SVG \- manual page for dwg2SVG 0.12.1
 .SH SYNOPSIS
 .B dwg2SVG
 [\fI\,OPTION\/\fR]... \fI\,DWGFILE >SVGFILE\/\fR

programs/dwg2dxf.1

@@ -1,7 +1,7 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.14.
-.TH DWG2DXF "1" "December 2020" "dwg2dxf 0.12" "User Commands"
+.TH DWG2DXF "1" "January 2021" "dwg2dxf 0.12.1" "User Commands"
 .SH NAME
-dwg2dxf \- manual page for dwg2dxf 0.12
+dwg2dxf \- manual page for dwg2dxf 0.12.1
 .SH SYNOPSIS
 .B dwg2dxf
 [\fI\,OPTION\/\fR]... \fI\,DWGFILES\/\fR...

programs/dwg2ps.1

@@ -1,7 +1,7 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.14.
-.TH DWG2PS "1" "December 2020" "dwg2ps 0.12" "User Commands"
+.TH DWG2PS "1" "January 2021" "dwg2ps 0.12.1" "User Commands"
 .SH NAME
-dwg2ps \- manual page for dwg2ps 0.12
+dwg2ps \- manual page for dwg2ps 0.12.1
 .SH SYNOPSIS
 .B dwg2ps
 [\fI\,OPTION\/\fR]... \fI\,DWGFILE \/\fR[\fI\,PSFILE\/\fR]

programs/dwgbmp.1

@@ -1,7 +1,7 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.14.
-.TH DWGBMP "1" "December 2020" "dwgbmp 0.12" "User Commands"
+.TH DWGBMP "1" "January 2021" "dwgbmp 0.12.1" "User Commands"
 .SH NAME
-dwgbmp \- manual page for dwgbmp 0.12
+dwgbmp \- manual page for dwgbmp 0.12.1
 .SH SYNOPSIS
 .B dwgbmp
 [\fI\,OPTION\/\fR]... \fI\,DWGFILE \/\fR[\fI\,BMPFILE\/\fR]

programs/dwgfilter.1

@@ -1,7 +1,7 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.14.
-.TH DWGFILTER "1" "December 2020" "dwgfilter 0.12" "User Commands"
+.TH DWGFILTER "1" "January 2021" "dwgfilter 0.12.1" "User Commands"
 .SH NAME
-dwgfilter \- manual page for dwgfilter 0.12
+dwgfilter \- manual page for dwgfilter 0.12.1
 .SH DESCRIPTION
 dwgfilter [OPTIONS...] dwgfile
 .PP

programs/dwggrep.1

@@ -1,7 +1,7 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.14.
-.TH DWGGREP "1" "December 2020" "dwggrep 0.12" "User Commands"
+.TH DWGGREP "1" "January 2021" "dwggrep 0.12.1" "User Commands"
 .SH NAME
-dwggrep \- manual page for dwggrep 0.12
+dwggrep \- manual page for dwggrep 0.12.1
 .SH SYNOPSIS
 .B dwggrep
 [\fI\,OPTIONS\/\fR]... \fI\,pattern files\/\fR

programs/dwglayers.1

@@ -1,7 +1,7 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.14.
-.TH DWGLAYERS "1" "December 2020" "dwglayers 0.12" "User Commands"
+.TH DWGLAYERS "1" "January 2021" "dwglayers 0.12.1" "User Commands"
 .SH NAME
-dwglayers \- manual page for dwglayers 0.12
+dwglayers \- manual page for dwglayers 0.12.1
 .SH SYNOPSIS
 .B dwglayers
 [\fI\,OPTION\/\fR]... \fI\,DWGFILE\/\fR

programs/dwgread.1

@@ -1,7 +1,7 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.14.
-.TH DWGREAD "1" "December 2020" "dwgread 0.12" "User Commands"
+.TH DWGREAD "1" "January 2021" "dwgread 0.12.1" "User Commands"
 .SH NAME
-dwgread \- manual page for dwgread 0.12
+dwgread \- manual page for dwgread 0.12.1
 .SH SYNOPSIS
 .B dwgread
 [\fI\,OPTION\/\fR]... \fI\,DWGFILE\/\fR

programs/dwgrewrite.1

@@ -1,7 +1,7 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.14.
-.TH DWGREWRITE "1" "December 2020" "dwgrewrite 0.12" "User Commands"
+.TH DWGREWRITE "1" "January 2021" "dwgrewrite 0.12.1" "User Commands"
 .SH NAME
-dwgrewrite \- manual page for dwgrewrite 0.12
+dwgrewrite \- manual page for dwgrewrite 0.12.1
 .SH SYNOPSIS
 .B dwgrewrite
 [\fI\,OPTION\/\fR]... \fI\,INFILE \/\fR[\fI\,OUTFILE\/\fR]

programs/dwgwrite.1

@@ -1,7 +1,7 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.14.
-.TH DWGWRITE "1" "December 2020" "dwgwrite 0.12" "User Commands"
+.TH DWGWRITE "1" "January 2021" "dwgwrite 0.12.1" "User Commands"
 .SH NAME
-dwgwrite \- manual page for dwgwrite 0.12
+dwgwrite \- manual page for dwgwrite 0.12.1
 .SH SYNOPSIS
 .B dwgwrite
 [\fI\,OPTION\/\fR]... [\fI\,-o DWGFILE\/\fR] \fI\,INFILE\/\fR

programs/dxf2dwg.1

@@ -1,7 +1,7 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.14.
-.TH DXF2DWG "1" "December 2020" "dxf2dwg 0.12" "User Commands"
+.TH DXF2DWG "1" "January 2021" "dxf2dwg 0.12.1" "User Commands"
 .SH NAME
-dxf2dwg \- manual page for dxf2dwg 0.12
+dxf2dwg \- manual page for dxf2dwg 0.12.1
 .SH SYNOPSIS
 .B dxf2dwg
 [\fI\,OPTION\/\fR]... \fI\,DXFFILES \/\fR...

programs/dxfwrite.1

@@ -1,7 +1,7 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.14.
-.TH DXFWRITE "1" "December 2020" "dxfwrite 0.12" "User Commands"
+.TH DXFWRITE "1" "January 2021" "dxfwrite 0.12.1" "User Commands"
 .SH NAME
-dxfwrite \- manual page for dxfwrite 0.12
+dxfwrite \- manual page for dxfwrite 0.12.1
 .SH SYNOPSIS
 .B dxfwrite
 [\fI\,OPTION\/\fR]... [\fI\,-o DXFFILE\/\fR] \fI\,INFILE\/\fR