This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch master in repository ffmpeg.
commit 05b5add00624bba6bbd07aff8ae9a8dfcd8cd2f9 Author: Leo Izen <[email protected]> AuthorDate: Sat Apr 4 12:07:26 2026 -0400 Commit: Leo Izen <[email protected]> CommitDate: Fri May 1 07:40:25 2026 -0400 avcodec/libjxlenc: check orientation tag metadata before reading We need to check that entry->count is nonzero and that entry->type is AV_TIFF_SHORT before reading from the buffer, in case a maliciously constructed IFD uses a zero-count or an unusual type (e.g. IFD) for it. Signed-off-by: Leo Izen <[email protected]> --- libavcodec/libjxlenc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/libjxlenc.c b/libavcodec/libjxlenc.c index ca46061545..228a8eb6ac 100644 --- a/libavcodec/libjxlenc.c +++ b/libavcodec/libjxlenc.c @@ -434,7 +434,8 @@ static int libjxl_preprocess_stream(AVCodecContext *avctx, const AVFrame *frame, if (ret >= 0) ret = av_exif_get_entry(avctx, &ifd, tag, 0, &orient); if (ret >= 0 && orient) { - if (!have_matrix && orient->value.uint[0] >= 1 && orient->value.uint[0] <= 8) { + if (!have_matrix && orient->type == AV_TIFF_SHORT && orient->count + && orient->value.uint[0] >= 1 && orient->value.uint[0] <= 8) { av_exif_orientation_to_matrix(matrix, orient->value.uint[0]); have_matrix = 1; } _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
