Ensure max_size_entity_group security limit is enforced

strukturag · Jan 14, 2025 · b44c4ec · b44c4ec
1 parent 2b736bf
commit b44c4ec
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/libheif/box.cc b/libheif/box.cc
@@ -3849,6 +3849,9 @@ Error Box_EntityToGroup::parse(BitstreamRange& range, const heif_security_limits
     std::stringstream sstr;
     sstr << "entity group box contains " << nEntities << " entities, but the security limit is set to " << limits->max_size_entity_group << " entities.";
 
+    return {heif_error_Invalid_input,
+            heif_suberror_End_of_data,
+            sstr.str()};
   }
 
   entity_ids.resize(nEntities);