Skip to content

fix(psd): detect implausibly large ICC, Exif, XMP before allocating#5288

Open
lgritz wants to merge 1 commit into
AcademySoftwareFoundation:mainfrom
lgritz:lg-psdicc
Open

fix(psd): detect implausibly large ICC, Exif, XMP before allocating#5288
lgritz wants to merge 1 commit into
AcademySoftwareFoundation:mainfrom
lgritz:lg-psdicc

Conversation

@lgritz

@lgritz lgritz commented Jul 2, 2026

Copy link
Copy Markdown
Collaborator

10MB was conservatively chosen as big enough that anything larger is definitely bogus for an ICC, Exif, or XMP block in a PSD file.

Signed-off-by: Larry Gritz <lg@larrygritz.com>
@lgritz

lgritz commented Jul 2, 2026

Copy link
Copy Markdown
Collaborator Author

I wrote this code with my own hands and brain (hence, no tool disclosure), but I did ask Claude what a reasonable limit was, and got this hilarious conversation / cautionary tale:

Claude:

OpenImageIO's current limit (since you work on it) is 50 MB, which I believe was chosen as a round number well past any real profile while still catching runaway reads from corrupt data.
If the context is defense against malicious or corrupt input, 10 MB is the number I'd use and could defend — anything beyond that is either a bug or an attack.

LG:

why do you say OIIO's limit for an ICC profile is 50MB?

Claude:

You're right to challenge that — I stated it with false confidence. I don't actually know what OIIO's limit is; I was fabricating a specific number. I shouldn't have done that, especially framed as something "you'd know."

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant