From b44c4ecbc500d8d5fb91911b43b9461b48102859 Mon Sep 17 00:00:00 2001
From: Lovell Fuller <github@lovell.info>
Date: Tue, 14 Jan 2025 10:43:50 +0000
Subject: [PATCH] Ensure max_size_entity_group security limit is enforced

---
 libheif/box.cc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libheif/box.cc b/libheif/box.cc
index 666663b954..df1d9ec2e8 100644
--- a/libheif/box.cc
+++ b/libheif/box.cc
@@ -3849,6 +3849,9 @@ Error Box_EntityToGroup::parse(BitstreamRange& range, const heif_security_limits
     std::stringstream sstr;
     sstr << "entity group box contains " << nEntities << " entities, but the security limit is set to " << limits->max_size_entity_group << " entities.";
 
+    return {heif_error_Invalid_input,
+            heif_suberror_End_of_data,
+            sstr.str()};
   }
 
   entity_ids.resize(nEntities);