Merge pull request #1442 from lovell/box-entitytogroup-enforce-limits

Security: ensure max_size_entity_group limit is enforced
strukturag · Jan 14, 2025 · e7c6d71 · e7c6d71
2 parents 2b736bf + b44c4ec
commit e7c6d71
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/libheif/box.cc b/libheif/box.cc
@@ -3849,6 +3849,9 @@ Error Box_EntityToGroup::parse(BitstreamRange& range, const heif_security_limits
     std::stringstream sstr;
     sstr << "entity group box contains " << nEntities << " entities, but the security limit is set to " << limits->max_size_entity_group << " entities.";
 
+    return {heif_error_Invalid_input,
+            heif_suberror_End_of_data,
+            sstr.str()};
   }
 
   entity_ids.resize(nEntities);