= GDAL/OGR 2.4.3 Release Notes = The 2.4.3 release is a bug fix release. == Misc == * Replace a few catch of bad_alloc by exception to handle the case of 32 bit trying to allocate more than 4GB of memory and thus throwing a length_error exception. Found by OSS Fuzz * Fix issues with thread_local and C++ objects that don't work well with DLL on Windows == Port == * /vsicrypt/: fix memleak in error code path * /vsitar/: support >100 character file names (#1559) * /vsitar/: accept space as end of field terminator == GDAL core == * fix non-neareset resampling over nodata blocks (#1941) == GDAL utilities == * gdalwarp: adjust nodata values, passed with -srcnodata/-dstnodata, and close to FLT_MAX to exactly it (#1724) * Python scripts: GetOutputDriverFor(): fixes error when multiple drivers found ( #1719) == GDAL drivers == BAG driver: * calculate the northeast pixel corner rather than scaling the resolution, due to an incorrectly shifted northeast corner in some CARIS surveys (#1728) CTable2Dataset driver: * SetGeoTransform(): fix read buffer overflow from stack ENVI driver: * preserve 'byte order' on update (#1796) GTiff driver: * make sure that GetMetadataDomainList() doesn't return EXIF when there's no EXIF metadata (https://github.com/mapbox/rasterio/pull/1740#issuecomment-526660946) * Internal libtiff: backport security related fixes HDF5 and netCDF drivers: * fix crash when reading attributes of type string of variable length with NULL values JP2KAK driver: * fix issue with multi-threaded reads JP2OpenJPEG driver: * fix error logic in multi-threaded code causing memory corruption * fix reading overviews, when tiled API is used, and the dimensions of the full resolution image are not a multiple of 2^numresolutions (#1860) * fix to return the proper number of bytes read when we read more than 2 GB at once (https://github.com/uclouvain/openjpeg/issues/1151) JPEG driver: * fix further calls to RasterIO after reading full image at full resolution (#1947) PDF driver: * fix nullptr dereferences on corrupted files (OSS Fuzz #16438, #16558, #16759) * fix potential heap buffer overflow (OSS Fuzz #16546) * avoid potential integer division by zero (OSS Fuzz #17129) SAFE driver: * avoid potential use-after-free (Coverity 1404037 and 1404140) Terragen driver: * avoid potential use-after-free on error code path in write_header() (Coverity 1404060) USGSDEM driver: * avoid int overflow. Fixes OSS Fuzz #15715 * fix reading FEMA generated Lidar datasets whose header is 918 bytes large VRT driver: * avoid erroneous pixel request do be done with KernelFilteredSource == OGR core == * OGRExpatRealloc(): fix double-free when size to allocate is above the default 10MB threshold. OSS Fuzz #16178 / CVE-2019-17545 * OGR SQLite: do not propagate 'IS / IS NOT value' constructs to OGR SQL * OGRSimpleCurve::getPoints() with XYZM: fix wrong stride used for M array * OGRSimpleCurve: fix reversePoints() and addSubLineString() to take into account M dimension == OGR drivers == CAD driver: * libopencad: CADBuffer: replace m_guard by m_nSize to avoid pointer wrap around on 32 bit platforms on corrupted files. OSS Fuzz #16388 DGN driver: * avoid size_t overflow / illegal memory access. OSS Fuzz #16393 GeoJSON driver: * fix update of file on Windows (https://github.com/qgis/QGIS/issues/28580) GPX driver: * fix memory leak when streaming to /vsistdout/ LIBKML driver: * fix potential memory leak. (Coverity 1404148) MITAB driver: * fix potential double-free (Coverity 1404224) * avoid potential nullptr deref (Coverity 1404174) PDF driver: * fix reading polygon with holes and Bezier curves (#1932) * fix reading strings with escape sequences PostgreSQL driver: * add support for PostgreSQL 12 (#1692) * be more restrictive when deducing non-nullability of columns in SQL result layers (#1734) S57 driver: * s57objectclasses.csv: add missing TXTDSC attribute for DRYDOC class (#1723) XLSX driver: * add support for .xlsm extension WFS3 driver: * correctly handle user query string parameters in connection URL (#1710)