PR #21644 opened by hassanhany URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21644 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21644.patch
EXIF IFD entries with TIFF field type 0 are invalid per the specification. Without a check, exif_read_values() fails to allocate entry->value, causing an out of memory error. This patch skips such entries early during parsing, allowing decoding to continue normally. Fixes: https://code.ffmpeg.org/FFmpeg/FFmpeg/issues/21623 >From 98a24db1040b9cc3fee5ba987448a743ee2c1503 Mon Sep 17 00:00:00 2001 From: Hassan Hany <[email protected]> Date: Wed, 4 Feb 2026 02:47:57 +0200 Subject: [PATCH] avcodec/exif: skip EXIF entries with invalid TIFF field type 0 EXIF IFD entries with TIFF field type 0 are invalid per the specification. Without a check, exif_read_values() fails to allocate entry->value, causing an out of memory error. This patch skips such entries early during parsing, allowing decoding to continue normally. Fixes: https://code.ffmpeg.org/FFmpeg/FFmpeg/issues/21623 --- libavcodec/exif.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/exif.c b/libavcodec/exif.c index 01ffa88194..ac1446c3e3 100644 --- a/libavcodec/exif.c +++ b/libavcodec/exif.c @@ -494,6 +494,11 @@ static int exif_decode_tag(void *logctx, GetByteContext *gb, int le, av_log(logctx, AV_LOG_DEBUG, "TIFF Tag: id: 0x%04x, type: %d, count: %u, offset: %d, " "payload: %" PRIu32 "\n", entry->id, type, count, tell, payload); + if (type == 0) { + av_log(logctx, AV_LOG_DEBUG, "Skipping invalid TIFF tag 0\n"); + goto end; + } + /* AV_TIFF_IFD is the largest, numerically */ if (type > AV_TIFF_IFD || count >= INT_MAX/8U) return AVERROR_INVALIDDATA; -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
