Commit 0c44a74c for libheif

commit 0c44a74ca630e98ed206841af238208fe5138b2d
Author: Dirk Farin <dirk.farin@gmail.com>
Date:   Mon May 25 12:50:13 2026 +0200

    unci: prevent int overflow when reading icef ranges

diff --git a/libheif/codecs/uncompressed/unc_boxes.cc b/libheif/codecs/uncompressed/unc_boxes.cc
index a07881b5..8015252e 100644
--- a/libheif/codecs/uncompressed/unc_boxes.cc
+++ b/libheif/codecs/uncompressed/unc_boxes.cc
@@ -849,10 +849,11 @@ Error Box_icef::parse(BitstreamRange& range, const heif_security_limits* limits)

     unitInfo.unit_size = range.read_uint(unit_size_bits);

-    if (unitInfo.unit_size >= UINT64_MAX - implied_offset) {
+    // Reject unit_offset + unit_size wrapping past the 64 bit range.
+    if (unitInfo.unit_size >= UINT64_MAX - unitInfo.unit_offset) {
       return {heif_error_Invalid_input,
               heif_suberror_Invalid_parameter_value,
-              "cumulative offsets too large for 64 bit file size"};
+              "icef unit offset + size exceeds 64 bit range"};
     }

     implied_offset += unitInfo.unit_size;