Commit 38acf5f4 for libheif

commit 38acf5f43293396874e676b93ebcfd2945198561
Author: Dirk Farin <dirk.farin@gmail.com>
Date:   Fri Dec 26 08:55:54 2025 +0100

    check for integer overflow in uncompressed codec

diff --git a/libheif/codecs/uncompressed/unc_codec.cc b/libheif/codecs/uncompressed/unc_codec.cc
index fdb400e8..d1cafe8d 100644
--- a/libheif/codecs/uncompressed/unc_codec.cc
+++ b/libheif/codecs/uncompressed/unc_codec.cc
@@ -667,6 +667,14 @@ Error UncompressedImageCodec::decode_uncompressed_image(const HeifContext* conte
     return error;
   }

+  if (UINT32_MAX / uncC->get_pixel_size() / width < height) {
+    return {
+      heif_error_Invalid_input,
+      heif_suberror_Unspecified,
+      "Aligned total image size exceeds maximum integer range"
+    };
+  }
+
   Result<std::shared_ptr<HeifPixelImage>> createImgResult = create_image(cmpd, uncC, width, height, context->get_security_limits());
   if (!createImgResult) {
     return createImgResult.error();
@@ -750,6 +758,14 @@ UncompressedImageCodec::decode_uncompressed_image(const UncompressedImageCodec::
     return error;
   }

+  if (UINT32_MAX / uncC->get_pixel_size() / width < height) {
+    return Error{
+      heif_error_Invalid_input,
+      heif_suberror_Unspecified,
+      "Aligned total image size exceeds maximum integer range"
+    };
+  }
+
   Result<std::shared_ptr<HeifPixelImage>> createImgResult = create_image(cmpd, uncC, width, height, securityLimits);
   if (!createImgResult) {
     return createImgResult.error();