Commit 8af39e0b for libheif
commit 8af39e0be0d94b5f9ed12f598046105d2d025df0
Author: Dirk Farin <dirk.farin@gmail.com>
Date: Sun May 17 19:12:04 2026 +0200
merge heif_security limits v5 into v4
diff --git a/libheif/api/libheif/heif_image.h b/libheif/api/libheif/heif_image.h
index f5c654b9..c7a7cc88 100644
--- a/libheif/api/libheif/heif_image.h
+++ b/libheif/api/libheif/heif_image.h
@@ -105,7 +105,6 @@ typedef enum heif_colorspace
// Images of this type are always planar and use heif_chroma_planar.
heif_colorspace_custom = 3,
- //NEWAPI
// Images of this type are filter-array (CFA / Bayer) mosaics. The single
// mosaicked plane is described as heif_chroma_planar.
heif_colorspace_filter_array = 4
@@ -126,7 +125,6 @@ typedef enum heif_channel
heif_channel_filter_array = 11,
heif_channel_depth = 12,
heif_channel_disparity = 13,
- //NEWAPI
heif_channel_unknown = 65535
} heif_channel;
diff --git a/libheif/api/libheif/heif_security.h b/libheif/api/libheif/heif_security.h
index ef4bc319..0db94037 100644
--- a/libheif/api/libheif/heif_security.h
+++ b/libheif/api/libheif/heif_security.h
@@ -38,7 +38,7 @@ typedef struct heif_security_limits
{
uint8_t version;
- // --- version 1
+ // --- version 1 (v1.19.0)
// Limit on the maximum image size to avoid allocating too much memory.
// For example, setting this to 32768^2 pixels = 1 Gigapixels results
@@ -59,24 +59,22 @@ typedef struct heif_security_limits
uint32_t max_children_per_box; // for all boxes that are not covered by other limits
- // --- version 2
+ // --- version 2 (v1.20.0)
uint64_t max_total_memory;
uint32_t max_sample_description_box_entries;
uint32_t max_sample_group_description_box_entries;
- // --- version 3
+ // --- version 3 (v1.21.0)
uint32_t max_sequence_frames;
uint32_t max_number_of_file_brands;
- // --- version 4
+ // --- version 4 (v1.22.0)
//NEWAPI
uint32_t max_bad_pixels;
- // --- version 5
-
//NEWAPI
// Internal: when libheif derives a limits struct from another one (e.g. to
// tighten the maximum image size for a specific decode), this points back to
diff --git a/libheif/security_limits.cc b/libheif/security_limits.cc
index 765ad2e1..d6d9a7dc 100644
--- a/libheif/security_limits.cc
+++ b/libheif/security_limits.cc
@@ -25,7 +25,7 @@
heif_security_limits global_security_limits{
- .version = 5,
+ .version = 4,
// --- version 1
@@ -55,16 +55,16 @@ heif_security_limits global_security_limits{
.max_sequence_frames = 18'000'000, // 100 hours at 50 fps
.max_number_of_file_brands = 1000,
- .max_bad_pixels = 1000,
- // --- version 5
+ // --- version 4
+ .max_bad_pixels = 1000,
.parent = nullptr
};
heif_security_limits disabled_security_limits{
- .version = 5,
+ .version = 4,
.parent = nullptr
};
@@ -95,8 +95,8 @@ heif_security_limits tighten_image_size_limit_for_ispe(const heif_security_limit
// registered context so MemoryHandle::alloc() can still find the entry in
// sMemoryUsage for total-memory accounting. If base is itself derived, walk
// to the root so we keep the parent chain at one hop.
- result.parent = (base->version >= 5 && base->parent) ? base->parent : base;
- result.version = 5;
+ result.parent = (base->version >= 4 && base->parent) ? base->parent : base;
+ result.version = 4;
if (ispe_width == 0 || ispe_height == 0) {
return result;
@@ -218,7 +218,7 @@ Error MemoryHandle::alloc(size_t memory_amount, const heif_security_limits* limi
// The passed-in limits may be a stack-local derived copy (e.g. tightened for
// ispe) whose `parent` points back to the registered context.
const heif_security_limits* root_limits = limits_context;
- while (root_limits->version >= 5 && root_limits->parent) {
+ while (root_limits->version >= 4 && root_limits->parent) {
root_limits = root_limits->parent;
}