From 440c2a505dbfa00faf48da9c71f9b4bc57af9a8d Mon Sep 17 00:00:00 2001 From: Brad Hards Date: Thu, 30 Nov 2023 19:55:18 +1100 Subject: [PATCH] uncompressed: protect against broken uncC box component references --- libheif/uncompressed_image.cc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libheif/uncompressed_image.cc b/libheif/uncompressed_image.cc index a0387b6c80..cda5dc3dc2 100644 --- a/libheif/uncompressed_image.cc +++ b/libheif/uncompressed_image.cc @@ -531,6 +531,9 @@ int UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci(cons int alternate_channel_bits = 0; for (Box_uncC::Component component : uncC_box->get_components()) { uint16_t component_index = component.component_index; + if (component_index >= cmpd_box->get_components().size()) { + return -1; + } auto component_type = cmpd_box->get_components()[component_index].component_type; switch (component_type) { case component_type_monochrome: