/src/libheif/libheif/security_limits.h

Source
/*
 * HEIF codec.
 * Copyright (c) 2018 Dirk Farin <dirk.farin@gmail.com>
 *
 * This file is part of libheif.
 *
 * libheif is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as
 * published by the Free Software Foundation, either version 3 of
 * the License, or (at your option) any later version.
 *
 * libheif is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with libheif.  If not, see <http://www.gnu.org/licenses/>.
 */
#ifndef LIBHEIF_SECURITY_LIMITS_H
#define LIBHEIF_SECURITY_LIMITS_H

#include "libheif/heif.h"
#include <cinttypes>
#include <cstddef>
#include "error.h"


extern heif_security_limits global_security_limits;
extern heif_security_limits disabled_security_limits;

// Maximum nesting level of boxes in input files.
// We put a limit on this to avoid unlimited stack usage by malicious input files.
static const int MAX_BOX_NESTING_LEVEL = 20;

static const int MAX_BOX_SIZE = 0x7FFFFFFF; // 2 GB
static const int64_t MAX_LARGE_BOX_SIZE = 0x0FFFFFFFFFFFFFFF;
static const int64_t MAX_FILE_POS = 0x007FFFFFFFFFFFFFLL; // maximum file position
static const int MAX_FRACTION_VALUE = 0x10000;


Error check_for_valid_image_size(const heif_security_limits* limits, uint32_t width, uint32_t height);


class TotalMemoryTracker
{
public:
  explicit TotalMemoryTracker(const heif_security_limits* limits_context);
  ~TotalMemoryTracker();

  size_t get_max_total_memory_used() const;

  void operator=(const TotalMemoryTracker&) = delete;
  TotalMemoryTracker(const TotalMemoryTracker&) = delete;

private:
  const heif_security_limits* m_limits_context = nullptr;
};


class MemoryHandle
{
public:
  MemoryHandle() = default;
  ~MemoryHandle() { free(); }

  Error alloc(size_t memory_amount, const heif_security_limits* limits_context, const char* reason_description);

  void free();

  void free(size_t memory_amount);

  const heif_security_limits* get_security_limits() const { return m_limits_context; }

  void operator=(const MemoryHandle&) = delete;
  MemoryHandle(const MemoryHandle&) = delete;

private:
  const heif_security_limits* m_limits_context = nullptr;
  size_t m_memory_amount = 0;
};


#endif  // LIBHEIF_SECURITY_LIMITS_H

Line	Count	Source
1		/*
2		* HEIF codec.
3		* Copyright (c) 2018 Dirk Farin <dirk.farin@gmail.com>
4		*
5		* This file is part of libheif.
6		*
7		* libheif is free software: you can redistribute it and/or modify
8		* it under the terms of the GNU Lesser General Public License as
9		* published by the Free Software Foundation, either version 3 of
10		* the License, or (at your option) any later version.
11		*
12		* libheif is distributed in the hope that it will be useful,
13		* but WITHOUT ANY WARRANTY; without even the implied warranty of
14		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15		* GNU Lesser General Public License for more details.
16		*
17		* You should have received a copy of the GNU Lesser General Public License
18		* along with libheif. If not, see <http://www.gnu.org/licenses/>.
19		*/
20		#ifndef LIBHEIF_SECURITY_LIMITS_H
21		#define LIBHEIF_SECURITY_LIMITS_H
22
23		#include "libheif/heif.h"
24		#include <cinttypes>
25		#include <cstddef>
26		#include "error.h"
27
28
29		extern heif_security_limits global_security_limits;
30		extern heif_security_limits disabled_security_limits;
31
32		// Maximum nesting level of boxes in input files.
33		// We put a limit on this to avoid unlimited stack usage by malicious input files.
34		static const int MAX_BOX_NESTING_LEVEL = 20;
35
36		static const int MAX_BOX_SIZE = 0x7FFFFFFF; // 2 GB
37		static const int64_t MAX_LARGE_BOX_SIZE = 0x0FFFFFFFFFFFFFFF;
38		static const int64_t MAX_FILE_POS = 0x007FFFFFFFFFFFFFLL; // maximum file position
39		static const int MAX_FRACTION_VALUE = 0x10000;
40
41
42		Error check_for_valid_image_size(const heif_security_limits* limits, uint32_t width, uint32_t height);
43
44
45		class TotalMemoryTracker
46		{
47		public:
48		explicit TotalMemoryTracker(const heif_security_limits* limits_context);
49		~TotalMemoryTracker();
50
51		size_t get_max_total_memory_used() const;
52
53		void operator=(const TotalMemoryTracker&) = delete;
54		TotalMemoryTracker(const TotalMemoryTracker&) = delete;
55
56		private:
57		const heif_security_limits* m_limits_context = nullptr;
58		};
59
60
61		class MemoryHandle
62		{
63		public:
64	10.0k	MemoryHandle() = default;
65	10.0k	~MemoryHandle() { free(); }
66
67		Error alloc(size_t memory_amount, const heif_security_limits* limits_context, const char* reason_description);
68
69		void free();
70
71		void free(size_t memory_amount);
72
73	110	const heif_security_limits* get_security_limits() const { return m_limits_context; }
74
75		void operator=(const MemoryHandle&) = delete;
76		MemoryHandle(const MemoryHandle&) = delete;
77
78		private:
79		const heif_security_limits* m_limits_context = nullptr;
80		size_t m_memory_amount = 0;
81		};
82
83
84		#endif // LIBHEIF_SECURITY_LIMITS_H

Coverage Report

Created: 2025-09-08 07:52