From 5bf7cc60b080d397ef62d37840b664a0bafbc76b Mon Sep 17 00:00:00 2001 From: Kleis Auke Wolthuizen Date: Sun, 17 Nov 2024 14:59:36 +0100 Subject: [PATCH] [WiP] heifload: disable all security limits with `unlimited` Also, increase the default maximum image size to 32768^2 to align with libheif's defaults. See: https://github.com/strukturag/libheif/issues/1389 https://github.com/strukturag/libheif/issues/1359#issuecomment-2451706591 --- ChangeLog | 2 ++ libvips/foreign/heifload.c | 10 +++++++--- meson.build | 4 ++++ 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index e01c79ff5..fa34cd59e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,8 @@ - add `keep_duplicate_frames` option to GIF save [dloebl] - add Magic Kernel support [akimon658] +- heifload: increase maximum image size to 32768^2 [kleisauke] +- heifload: "unlimited" flag disables all security limits [kleisauke] 8.16.1 diff --git a/libvips/foreign/heifload.c b/libvips/foreign/heifload.c index d50fa045d..fe60527fa 100644 --- a/libvips/foreign/heifload.c +++ b/libvips/foreign/heifload.c @@ -350,10 +350,14 @@ vips_foreign_load_heif_build(VipsObject *object) struct heif_error error; heif->ctx = heif_context_alloc(); -#ifdef HAVE_HEIF_SET_MAX_IMAGE_SIZE_LIMIT +#ifdef HAVE_HEIF_CONTEXT_SET_SECURITY_LIMITS + if (heif->unlimited) + heif_context_set_security_limits(heif->ctx, + heif_get_disabled_security_limits()); +#elif defined(HAVE_HEIF_SET_MAX_IMAGE_SIZE_LIMIT) heif_context_set_maximum_image_size_limit(heif->ctx, - heif->unlimited ? USHRT_MAX : 0x4000); -#endif /* HAVE_HEIF_SET_MAX_IMAGE_SIZE_LIMIT */ + heif->unlimited ? USHRT_MAX : 0x8000); +#endif /* HAVE_HEIF_CONTEXT_SET_SECURITY_LIMITS */ error = heif_context_read_from_reader(heif->ctx, heif->reader, heif, NULL); if (error.code) { diff --git a/meson.build b/meson.build index 5f56fb9b7..abfbd1e5e 100644 --- a/meson.build +++ b/meson.build @@ -568,6 +568,10 @@ if libheif_dep.found() if libheif_dep.version().version_compare('>=1.17.0') cfg_var.set('HAVE_HEIF_ERROR_SUCCESS', '1') endif + # heif_context_set_security_limits added in 1.19.0 + if libheif_dep.version().version_compare('>=1.19.0') + cfg_var.set('HAVE_HEIF_CONTEXT_SET_SECURITY_LIMITS', '1') + endif endif libjxl_dep = dependency('libjxl', version: '>=0.6', required: get_option('jpeg-xl'))