Commit 284b8358 for libheif

commit 284b835847db2e24deb85ab14991b35bfdee3fdc
Author: Dirk Farin <dirk.farin@gmail.com>
Date:   Sun Mar 1 13:51:26 2026 +0100

    apply max_components security limit to splz box

diff --git a/libheif/codecs/uncompressed/unc_boxes.cc b/libheif/codecs/uncompressed/unc_boxes.cc
index 06296ef1..5a02862a 100644
--- a/libheif/codecs/uncompressed/unc_boxes.cc
+++ b/libheif/codecs/uncompressed/unc_boxes.cc
@@ -1034,6 +1034,12 @@ Error Box_splz::parse(BitstreamRange& range, const heif_security_limits* limits)
   }

   uint32_t component_count = range.read32();
+  if (limits->max_components && component_count > limits->max_components) {
+    return {heif_error_Invalid_input,
+            heif_suberror_Security_limit_exceeded,
+            "Number of components in splz box exceeds the security limits."};
+  }
+
   m_pattern.component_indices.resize(component_count);
   for (uint32_t i = 0; i < component_count; i++) {
     m_pattern.component_indices[i] = range.read32();