Commit 352c3356 for libheif
commit 352c33567f8d71d13f7bcc20f6750a3bc0e3542f
Author: Dirk Farin <dirk.farin@gmail.com>
Date: Fri May 15 20:43:21 2026 +0200
HEVC: check for valid bit-depth range (#1795)
diff --git a/libheif/codecs/hevc_boxes.cc b/libheif/codecs/hevc_boxes.cc
index ea585321..9ca1f111 100644
--- a/libheif/codecs/hevc_boxes.cc
+++ b/libheif/codecs/hevc_boxes.cc
@@ -705,9 +705,19 @@ Error parse_sps_for_hvcC_configuration(const uint8_t* sps, size_t size,
}
reader.get_uvlc(&value);
+ if (value > 8) {
+ return Error{heif_error_Invalid_input,
+ heif_suberror_Invalid_parameter_value,
+ "SPS bit_depth_luma_minus8 out of range"};
+ }
config->bit_depth_luma = (uint8_t) (value + 8);
reader.get_uvlc(&value);
+ if (value > 8) {
+ return Error{heif_error_Invalid_input,
+ heif_suberror_Invalid_parameter_value,
+ "SPS bit_depth_chroma_minus8 out of range"};
+ }
config->bit_depth_chroma = (uint8_t) (value + 8);
diff --git a/libheif/plugins/decoder_webcodecs.cc b/libheif/plugins/decoder_webcodecs.cc
index 31a6d4e2..692180c2 100644
--- a/libheif/plugins/decoder_webcodecs.cc
+++ b/libheif/plugins/decoder_webcodecs.cc
@@ -311,9 +311,19 @@ Error parse_sps_for_hvcC_configuration2(const uint8_t* sps, size_t size,
}
reader.get_uvlc(&value);
+ if (value > 8) {
+ return Error{heif_error_Invalid_input,
+ heif_suberror_Invalid_parameter_value,
+ "SPS bit_depth_luma_minus8 out of range"};
+ }
config->bit_depth_luma = (uint8_t) (value + 8);
reader.get_uvlc(&value);
+ if (value > 8) {
+ return Error{heif_error_Invalid_input,
+ heif_suberror_Invalid_parameter_value,
+ "SPS bit_depth_chroma_minus8 out of range"};
+ }
config->bit_depth_chroma = (uint8_t) (value + 8);