x/ffmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2026-06-11 08:13:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

avcodec/libjxlenc: check orientation tag metadata before reading

Browse Source 
We need to check that entry->count is nonzero and that entry->type is
AV_TIFF_SHORT before reading from the buffer, in case a maliciously
constructed IFD uses a zero-count or an unusual type (e.g. IFD) for it.

Signed-off-by: Leo Izen <leo.izen@gmail.com>
This commit is contained in:
Leo Izen
2026-05-01 07:40:25 -04:00
parent f1cab2d018
commit 05b5add006
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
libavcodec/libjxlenc.c
+2 -1
View File
@@ -434,7 +434,8 @@ static int libjxl_preprocess_stream(AVCodecContext *avctx, const AVFrame *frame,
if (ret >= 0)
ret = av_exif_get_entry(avctx, &ifd, tag, 0, &orient);
if (ret >= 0 && orient) {
if (!have_matrix && orient->value.uint[0] >= 1 && orient->value.uint[0] <= 8) {
if (!have_matrix && orient->type == AV_TIFF_SHORT && orient->count
&& orient->value.uint[0] >= 1 && orient->value.uint[0] <= 8) {
av_exif_orientation_to_matrix(matrix, orient->value.uint[0]);
have_matrix = 1;
}