From ea3cb3c0637a9f61226892d38e4d2a563bcb5145 Mon Sep 17 00:00:00 2001 From: Thibault Deckers Date: Mon, 2 Jun 2025 19:45:11 +0200 Subject: [PATCH] fixed crash when parsing some large media with trailing thumbnail --- CHANGELOG.md | 1 + .../exifinterface/media/ExifInterfaceFork.java | 13 +++++++++++++ 2 files changed, 14 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6c95f5d38..77f1b55bb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ All notable changes to this project will be documented in this file. - opening home when launching app as media picker - removing groups with obsolete albums - loading group custom covers +- crash when parsing some large media with trailing thumbnail ## [v1.13.1] - 2025-05-14 diff --git a/android/exifinterface/src/main/java/androidx/exifinterface/media/ExifInterfaceFork.java b/android/exifinterface/src/main/java/androidx/exifinterface/media/ExifInterfaceFork.java index 20a8ab593..19b6a15ae 100644 --- a/android/exifinterface/src/main/java/androidx/exifinterface/media/ExifInterfaceFork.java +++ b/android/exifinterface/src/main/java/androidx/exifinterface/media/ExifInterfaceFork.java @@ -138,6 +138,12 @@ public class ExifInterfaceFork { // TLAD threshold for safer Exif attribute parsing private static final int ATTRIBUTE_SIZE_DANGER_THRESHOLD = 3 * (1 << 20); // MB + // TLAD available heap size, to check allocations + private long getAvailableHeapSize() { + final Runtime runtime = Runtime.getRuntime(); + return runtime.maxMemory() - (runtime.totalMemory() - runtime.freeMemory()); + } + private static final String TAG = "ExifInterface"; private static final boolean DEBUG = Log.isLoggable(TAG, Log.DEBUG); @@ -7554,6 +7560,13 @@ public class ExifInterfaceFork { Log.d(TAG, "Invalid strip offset value"); return; } + + // TLAD start + if (bytesToSkip > getAvailableHeapSize()) { + throw new IOException("cannot allocate " + bytesToSkip + " bytes to skip to retrieve thumbnail"); + } + // TLAD end + try { in.skipFully(bytesToSkip); } catch (EOFException e) {