Merge remote-tracking branch 'origin/develop' into develop

CHANGELOG.md

@@ -15,6 +15,7 @@ All notable changes to this project will be documented in this file.
 - opening home when launching app as media picker
 - removing groups with obsolete albums
 - loading group custom covers
+- crash when parsing some large media with trailing thumbnail
 
 ## <a id="v1.13.1"></a>[v1.13.1] - 2025-05-14
 

android/exifinterface/src/main/java/androidx/exifinterface/media/ExifInterfaceFork.java

@@ -138,6 +138,12 @@ public class ExifInterfaceFork {
     // TLAD threshold for safer Exif attribute parsing
     private static final int ATTRIBUTE_SIZE_DANGER_THRESHOLD = 3 * (1 << 20); // MB
 
+    // TLAD available heap size, to check allocations
+    private long getAvailableHeapSize() {
+        final Runtime runtime = Runtime.getRuntime();
+        return runtime.maxMemory() - (runtime.totalMemory() - runtime.freeMemory());
+    }
+
     private static final String TAG = "ExifInterface";
     private static final boolean DEBUG = Log.isLoggable(TAG, Log.DEBUG);
 
@@ -7554,6 +7560,13 @@ public class ExifInterfaceFork {
                     Log.d(TAG, "Invalid strip offset value");
                     return;
                 }
+
+                // TLAD start
+                if (bytesToSkip > getAvailableHeapSize()) {
+                    throw new IOException("cannot allocate " + bytesToSkip + " bytes to skip to retrieve thumbnail");
+                }
+                // TLAD end
+
                 try {
                     in.skipFully(bytesToSkip);
                 } catch (EOFException e) {