From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTPS id 48DFA4E82C
	for <ffmpegdev@gitmailbox.com>; Wed,  4 Feb 2026 01:13:12 +0000 (UTC)
Authentication-Results: ffbox; dkim=fail (body hash mismatch (got 
   b'jOPEWkVpztxqLmMu9oPWMOYKnmoDTYvz1O8RINNa3bw=', expected 
   b'FVk2eha5nYMH03B56qPPwwn8ToO7w4KbE3OrbnsG/bs=')) header.d=ffmpeg.org 
   header.i=@ffmpeg.org header.a=rsa-sha256
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org;
 i=@ffmpeg.org; q=dns/txt; s=mail; t=1770167584; h=mime-version : to :
 date : message-id : reply-to : subject : list-id : list-archive :
 list-archive : list-help : list-owner : list-post : list-subscribe :
 list-unsubscribe : from : cc : content-type :
 content-transfer-encoding : from;
 bh=jOPEWkVpztxqLmMu9oPWMOYKnmoDTYvz1O8RINNa3bw=;
 b=eBRfIeHTDF0jpf1WWLT7Hi2HE9aav2Hrmw7s7pDQXErjUQZSiPdp5tAtxQ0UBLX6fc7gZ
 QNFVsM2Sl2HDXfkfFLjwTbd9KMX3+kaWw+89mBJ6rEJW62C62DekQhRX4ZGqFs0YCw37KZb
 l6drLFLpULaUHmLWNefoxFXNrnJjb279gZqbGFkQWQWoS8YKEfWpP1PPdMBfRO1LnCFiZK9
 3uvH7DzPGdA6hdS7Q13QnUAjrpBUuA1cFLboX5+fLmG2ZSSSycNM8RMSg1mhfOign+7hTOr
 2PIoS9d8HoI2PV2JkdclTdW2pxP4rcR0mOh3h9mdAfzlrn/aoiQcw1RkX4PA==
Received: from [172.20.0.4] (unknown [172.20.0.4])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id E7A3D691077;
	Wed,  4 Feb 2026 03:13:04 +0200 (EET)
ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1770167574;
 b=fXbszZbgn7SHYFZde2H9LkzAqdfYR8aaTSjzsRSQ8vN9djSkXeiRESvXYg7Yx1BJfdi+2
 ykodYB5HuFL1rBzvCSFd9N9mvxXUDOEPic8zin7MPJqUGfrp8G+csceBgKAq5X+FCgyyv5E
 pJ94uNmYq5rbCGUyeh5lWPkq6HnPj+ovgRKFl+LdoUZQjWwY5FwBE2atjVtE1ER9FrQMDUU
 JrI1qB9QAjascBDtuQv6Tt5Xz/VYBoXNGHcRQwtshVjas298ZkoHwAJC2Kji+Qp/q50Ew98
 OXA1/XUpkFwUXG5hftSDgnXNEN2+8tlRPKNg0bKAX4MTlLejkOE/Dz0hWlXg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=ffmpeg.org; s=arc; t=1770167574; h=from : sender : reply-to :
 subject : date : message-id : to : cc : mime-version : content-type :
 content-transfer-encoding : content-id : content-description :
 resent-date : resent-from : resent-sender : resent-to : resent-cc :
 resent-message-id : in-reply-to : references : list-id : list-help :
 list-unsubscribe : list-subscribe : list-post : list-owner :
 list-archive; bh=WDhgi0BcHh1n2LeJZg9xSizUh/U5bKg3GM1tYhQBF6k=;
 b=mifCXR1cC9TzkUs5OGVcDI8Im54LjYsjZMeplH6kTBDhwdNgMxYxUG0Q+QKu6wnOKU8Vu
 c9i7usLtemcAf9kzcg8k69FGQXumavUb8TelRt7QgxWzApubSo6oly2RCn9KNanZ4F0qwYL
 rhh+6shif6StD+3iJxHozI2AUcdxRfxw6tpr/DX6mDBxRl+pyU3uM7OkrlNz3amcteMnUHH
 OpIMwT6X56PXE9M3OjZyqF/jMlCvPmeq+5W4Hx3cHa0imeviVzezFAL0ppfjdrigLLFJ+wv
 QKpsXycwCJmXvs5V+SyOa+69HNuunU2yZ1pwvXXDjXdx+/IhO0H9/xU4a+lw==
ARC-Authentication-Results: i=1; ffmpeg.org;
 dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org;
 arc=none;
 dmarc=pass header.from=ffmpeg.org policy.dmarc=quarantine
Authentication-Results: ffmpeg.org;
 dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org;
 arc=none (Message is not ARC signed);
 dmarc=pass (Used From Domain Record) header.from=ffmpeg.org
 policy.dmarc=quarantine
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org;
 i=@ffmpeg.org; q=dns/txt; s=mail; t=1770167566; h=content-type :
 mime-version : content-transfer-encoding : from : to : reply-to :
 subject : date : from;
 bh=FVk2eha5nYMH03B56qPPwwn8ToO7w4KbE3OrbnsG/bs=;
 b=DLzvmMC8DDbTrVVNNLq8qRCdcnmYfLz/TyT8CXlYujuxxVeTBgPfGXVnwfqSBC0LUY2+t
 bPPcriDv300GhvAUlHtCfNNAuf7kFg4/6kNYEvDGiEld73jcXWOWjo+5QifUZDz7fIOBZkK
 lHNZp3CrOiEijxjLyTyryk5Zt8ViT8UGaHQu+iDyJqHqTjXbIu6+CpeMmfuoNlfB3mo42of
 rWNuhmXe0VHESb7wZzbXMuPO7AH/Nlwqw3zTWK6YinfEhoLtW8lolsaevKzLLPzJV2eIGG1
 8d0+CEnmzcNrkK0h0xOZ7sgj4rlU/udiocCqlvqGJcfrQv3/kSvxgN3kW7Og==
Received: from c8d966988b92 (code.ffmpeg.org [188.245.149.3])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id DF45E690D92
	for <ffmpeg-devel@ffmpeg.org>; Wed,  4 Feb 2026 03:12:46 +0200 (EET)
MIME-Version: 1.0
To: ffmpeg-devel@ffmpeg.org
Date: Wed, 04 Feb 2026 01:12:46 -0000
Message-ID: <177016756706.25.7494500588138864450@4457048688e7>
Message-ID-Hash: SP4Q4I5RAW2LTDSKJHBKDKXT5C2LYQ4R
X-Message-ID-Hash: SP4Q4I5RAW2LTDSKJHBKDKXT5C2LYQ4R
X-MailFrom: code@ffmpeg.org
X-Mailman-Rule-Hits: nonmember-moderation
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; header-match-ffmpeg-devel.ffmpeg.org-0;
 header-match-ffmpeg-devel.ffmpeg.org-1;
 header-match-ffmpeg-devel.ffmpeg.org-2;
 header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation
X-Mailman-Version: 3.3.10
Precedence: list
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: [FFmpeg-devel] [PR] avcodec/exif: skip EXIF entries with invalid TIFF field
 type 0 (PR #21644)
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
Archived-At: 
 <https://lists.ffmpeg.org/archives/list/ffmpeg-devel@ffmpeg.org/message/SP4Q4I5RAW2LTDSKJHBKDKXT5C2LYQ4R/>
Archived-At: 
 <https://lists.ffmpeg.org/lore/ffmpeg-devel/177016756706.25.7494500588138864450@4457048688e7/>
List-Archive: 
 <https://lists.ffmpeg.org/archives/list/ffmpeg-devel@ffmpeg.org/>
List-Archive: <https://lists.ffmpeg.org/lore/ffmpeg-devel/>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Owner: <mailto:ffmpeg-devel-owner@ffmpeg.org>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Subscribe: <mailto:ffmpeg-devel-join@ffmpeg.org>
List-Unsubscribe: <mailto:ffmpeg-devel-leave@ffmpeg.org>
From: hassanhany via ffmpeg-devel <ffmpeg-devel@ffmpeg.org>
Cc: hassanhany <code@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Archived-At: <https://master.gitmailbox.com/ffmpegdev/177016756706.25.7494500588138864450@4457048688e7/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

PR #21644 opened by hassanhany
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21644
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21644.patch

EXIF IFD entries with TIFF field type 0 are invalid per the specification.
Without a check, exif_read_values() fails to allocate entry->value,
causing an out of memory error.

This patch skips such entries early during parsing, allowing decoding
to continue normally.

Fixes: https://code.ffmpeg.org/FFmpeg/FFmpeg/issues/21623


>>From 98a24db1040b9cc3fee5ba987448a743ee2c1503 Mon Sep 17 00:00:00 2001
From: Hassan Hany <hassanhanyrashad@gmail.com>
Date: Wed, 4 Feb 2026 02:47:57 +0200
Subject: [PATCH] avcodec/exif: skip EXIF entries with invalid TIFF field type
 0

EXIF IFD entries with TIFF field type 0 are invalid per the specification.
Without a check, exif_read_values() fails to allocate entry->value,
causing an out of memory error.

This patch skips such entries early during parsing, allowing decoding
to continue normally.

Fixes: https://code.ffmpeg.org/FFmpeg/FFmpeg/issues/21623
---
 libavcodec/exif.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/exif.c b/libavcodec/exif.c
index 01ffa88194..ac1446c3e3 100644
--- a/libavcodec/exif.c
+++ b/libavcodec/exif.c
@@ -494,6 +494,11 @@ static int exif_decode_tag(void *logctx, GetByteContext *gb, int le,
     av_log(logctx, AV_LOG_DEBUG, "TIFF Tag: id: 0x%04x, type: %d, count: %u, offset: %d, "
                                  "payload: %" PRIu32 "\n", entry->id, type, count, tell, payload);
 
+    if (type == 0) {
+        av_log(logctx, AV_LOG_DEBUG, "Skipping invalid TIFF tag 0\n");
+        goto end;
+    }
+
     /* AV_TIFF_IFD is the largest, numerically */
     if (type > AV_TIFF_IFD || count >= INT_MAX/8U)
         return AVERROR_INVALIDDATA;
-- 
2.52.0

_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org