#include "heif_debug.h"
#include "heif_box_util.h"
+/* There is no practical limit on the HEIF box size (64bit length).
+ * But we limit it to 100MByte due to memory allocation issue.
+ */
+#define MAX_CHUNK_SIZE (100 * 1024 * 1024)
#ifdef __ENABLE_DEBUG_MODE
static void __type_to_fourcc_string(uint32_t type, char *str);
// The smallest valid chunk is 8 bytes long.
heif_error("invalid chunk size: %"PRIu64, chunk_size);
return LIBHEIF_ERROR_INVALID_PARAMETER;
+ } else if (chunk_size > MAX_CHUNK_SIZE) {
+ heif_error("too large chunk size: %"PRIu64, chunk_size);
+ return LIBHEIF_ERROR_INVALID_PARAMETER;
}
DEBUG_CHUNK_TYPE_AND_OFFSET("sub_box", chunk_type, chunk_size, data_offset);
#define START_CODE_LEN 4
#define IMAGE_HEADER_LEN 4
+/* There is no practical limit on the HEIF item size (64bit length).
+ * But we limit it to 100MByte due to memory allocation issue.
+ */
+#define MAX_ITEM_DATA_SIZE (100 * 1024 * 1024)
+
typedef struct {
uint8_t completeness;
uint8_t unit_type;
return ret;
}
+ if (size > MAX_ITEM_DATA_SIZE) {
+ heif_error("invalid item size %zu", size);
+ return LIBHEIF_ERROR_INVALID_PARAMETER;
+ }
+
if (item_info->item_type == FOURCC('E', 'x', 'i', 'f')) {
// Only add if the Exif data is non-empty. The first 4 bytes contain
// the offset to TIFF header, which the Exif parser doesn't use.
projects / platform / core / multimedia / libheif.git / commitdiff