Fix/webp exif chunk bounds#5175
Open
ssh4net wants to merge 5 commits intoAcademySoftwareFoundation:mainfrom
Open
Fix/webp exif chunk bounds#5175ssh4net wants to merge 5 commits intoAcademySoftwareFoundation:mainfrom
ssh4net wants to merge 5 commits intoAcademySoftwareFoundation:mainfrom
Conversation
avcodec_close (AVCodecContext *avctx) removing in ffmpeg 7.2 and was deprecated for couple years Signed-off-by: Vlad (Kuzmin) Erium <libalias@gmail.com>
Signed-off-by: Vlad (Kuzmin) Erium <libalias@gmail.com>
ssh4net
force-pushed
the
fix/webp-exif-chunk-bounds
branch
from
e9bee11 to
ed18b06
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Fixes bounds handling for WebP EXIF metadata chunks.
Before this change, the WebP reader always skipped the first 6 bytes of an EXIF
chunk before calling
decode_exif():That assumed every WebP EXIF chunk was at least 6 bytes long and always started
with the optional Exif\0\0 prefix. A malformed WebP file with a shorter EXIF
chunk could therefore advance the pointer past the chunk payload and underflow
the remaining size passed to the EXIF parser.
This is reachable through normal OpenImageIO image-open paths, including tools
such as iinfo, iconvert, and oiiotool, when opening a malformed WebP file.
The fix changes the WebP reader to treat the EXIF chunk as a bounded byte span.
Before calling decode_exif(), it now verifies that the payload contains enough
bytes for a TIFF header, either at the start of the chunk or after an optional
Exif\0\0 prefix. The WebP reader no longer performs an unconditional 6-byte
skip; the shared EXIF decoder already handles the optional prefix safely.
Tests
Added WebP regression coverage for malformed short EXIF chunks.
The testsuite/webp test now generates WebP files with EXIF chunk payload
lengths:
Each generated file is opened through oiiotool to verify that malformed EXIF
metadata does not crash or read past the chunk buffer.
Validated locally with:
python3 -m py_compile testsuite/webp/src/make-short-exif-webp.py
git diff --check
cmake --build build-webp --target oiiotool -j 8
Also ran direct oiiotool smoke tests for all generated malformed WebP inputs.
Checklist:
and if I used AI coding assistants, I have an
Assisted-by: Codex GPT5.5xHighline in the pull request description above.
behavior.
PR, by pushing the changes to my fork and seeing that the automated CI
passed there. (Exceptions: If most tests pass and you can't figure out why
the remaining ones fail, it's ok to submit the PR and ask for help. Or if
any failures seem entirely unrelated to your change; sometimes things break
on the GitHub runners.)
fixed any problems reported by the clang-format CI test.
corresponding Python bindings. If altering ImageBufAlgo functions, I also
exposed the new functionality as oiiotool options.