Commit 4763397d for libheif

commit 4763397d5b9c44f47b470f2de99d78f9a57419b6
Author: Dirk Farin <dirk.farin@gmail.com>
Date:   Fri Dec 26 09:45:28 2025 +0100

    uncC: check row-align-size against maximum integer limit

diff --git a/libheif/codecs/uncompressed/unc_codec.cc b/libheif/codecs/uncompressed/unc_codec.cc
index d8f0e92f..eee2dc9f 100644
--- a/libheif/codecs/uncompressed/unc_codec.cc
+++ b/libheif/codecs/uncompressed/unc_codec.cc
@@ -676,6 +676,15 @@ Error UncompressedImageCodec::decode_uncompressed_image(const HeifContext* conte
     };
   }

+  if (uncC->get_row_align_size() > 0 &&
+      UINT32_MAX / uncC->get_row_align_size() < 8) {
+    return {
+      heif_error_Invalid_input,
+      heif_suberror_Unspecified,
+      "Aligned row size larger than supported maximum"
+    };
+  }
+
   Result<std::shared_ptr<HeifPixelImage>> createImgResult = create_image(cmpd, uncC, width, height, context->get_security_limits());
   if (!createImgResult) {
     return createImgResult.error();