Commit 5392d264 for libheif

commit 5392d26479b1672e179e667303a28cf40eb8248a
Author: Dirk Farin <dirk.farin@gmail.com>
Date:   Mon May 18 18:43:15 2026 +0200

    vvdec: fix NALU length check (#1809)

diff --git a/libheif/plugins/decoder_vvdec.cc b/libheif/plugins/decoder_vvdec.cc
index 73724325..0c317ee2 100644
--- a/libheif/plugins/decoder_vvdec.cc
+++ b/libheif/plugins/decoder_vvdec.cc
@@ -180,18 +180,18 @@ heif_error vvdec_push_data2(void* decoder_raw, const void* frame_data, size_t fr

   const auto* data = (const uint8_t*) frame_data;

-  if (frame_size < 4) {
-    return {
-      heif_error_Decoder_plugin_error,
-      heif_suberror_End_of_data,
-      kEmptyString
-    };
-  }
+  while (frame_size > 0) {
+    if (frame_size < 4) {
+      return {
+        heif_error_Decoder_plugin_error,
+        heif_suberror_End_of_data,
+        kEmptyString
+      };
+    }

-  for (;;) {
     uint32_t size = four_bytes_to_uint32(data[0], data[1], data[2], data[3]);

-    if (frame_size < 4 + size) {
+    if (frame_size - 4 < size) {
       return {
         heif_error_Decoder_plugin_error,
         heif_suberror_End_of_data,
@@ -210,9 +210,6 @@ heif_error vvdec_push_data2(void* decoder_raw, const void* frame_data, size_t fr
     decoder->nalus.push_back({std::move(nalu), user_data});
     data += size;
     frame_size -= 4 + size;
-    if (frame_size == 0) {
-      break;
-    }
   }

   return heif_error_ok;