remove max_iloc_items security limits, because we reuse max_items

strukturag · Oct 20, 2024 · 1ca8b76 · 1ca8b76
1 parent c6e9fed
commit 1ca8b76
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 6 deletions.
diff --git a/libheif/api/libheif/heif.h b/libheif/api/libheif/heif.h
@@ -1138,7 +1138,6 @@ struct heif_security_limits {
 
   uint32_t max_uncompressed_components;
 
-  uint32_t max_iloc_items;
   uint32_t max_iloc_extents_per_item;
   uint32_t max_size_entity_group;
 

diff --git a/libheif/box.cc b/libheif/box.cc
@@ -1336,11 +1336,10 @@ Error Box_iloc::parse(BitstreamRange& range, const heif_security_limits* limits)
   }
 
   // Sanity check. (This might be obsolete now as we check for range.error() below).
-  auto max_iloc_items = limits->max_iloc_items;
-  if (max_iloc_items && item_count > max_iloc_items) {
+  if (limits->max_items && item_count > limits->max_items) {
     std::stringstream sstr;
     sstr << "iloc box contains " << item_count << " items, which exceeds the security limit of "
-         << max_iloc_items << " items.";
+         << limits->max_items << " items.";
 
     return Error(heif_error_Memory_allocation_error,
                  heif_suberror_Security_limit_exceeded,
@@ -2900,6 +2899,16 @@ Error Box_ipma::parse(BitstreamRange& range, const heif_security_limits* limits)
   }
 
   uint32_t entry_cnt = range.read32();
+
+  if (limits->max_items && entry_cnt > limits->max_items) {
+    std::stringstream sstr;
+    sstr << "ipma box wants to define properties for " << entry_cnt
+         << " items, but the security limit has been set to " << limits->max_items << " items";
+    return {heif_error_Invalid_input,
+            heif_suberror_Security_limit_exceeded,
+            sstr.str()};
+  }
+
   for (uint32_t i = 0; i < entry_cnt && !range.error() && !range.eof(); i++) {
     Entry entry;
     if (get_version() < 1) {

diff --git a/libheif/context.cc b/libheif/context.cc
@@ -123,7 +123,6 @@ static void copy_security_limits(heif_security_limits* dst, const heif_security_
   dst->max_memory_block_size = src->max_memory_block_size;
 
   dst->max_uncompressed_components = src->max_uncompressed_components;
-  dst->max_iloc_items = src->max_iloc_items;
   dst->max_iloc_extents_per_item = src->max_iloc_extents_per_item;
   dst->max_size_entity_group = src->max_size_entity_group;
 

diff --git a/libheif/security_limits.cc b/libheif/security_limits.cc
@@ -38,7 +38,6 @@ struct heif_security_limits global_security_limits {
     .max_memory_block_size = 512 * 1024 * 1024,  // 512 MB
 
     .max_uncompressed_components = 256,
-    .max_iloc_items = 2000,
     .max_iloc_extents_per_item = 32,
     .max_size_entity_group = 64,