Commit 952b6e64 for libheif

commit 952b6e64f64ba7a8f4cfb8368d17f3bb65bc12c9
Author: Dirk Farin <dirk.farin@gmail.com>
Date:   Thu May 28 14:10:39 2026 +0200

    move security check before chunk allocation

diff --git a/libheif/sequences/track.cc b/libheif/sequences/track.cc
index b680c7f6..ea5034fd 100644
--- a/libheif/sequences/track.cc
+++ b/libheif/sequences/track.cc
@@ -312,6 +312,19 @@ Error Track::load(const std::shared_ptr<Box_trak>& trak_box)
     };
   }

+  // Enforce the sequence-frame limit before allocating any per-chunk state below.
+  // Box_stsz::parse already applies this when parsing from a file, but check again
+  // here so the invariant holds even if m_stsz was built another way.
+  const auto* limits = m_heif_context->get_security_limits();
+  if (limits->max_sequence_frames > 0 &&
+      m_stsz->num_samples() > limits->max_sequence_frames) {
+    return {
+      heif_error_Memory_allocation_error,
+      heif_suberror_Security_limit_exceeded,
+      "Security limit for maximum number of sequence frames exceeded"
+    };
+  }
+
   m_stts = stbl->get_child_box<Box_stts>();
   if (!m_stts) {
     return {
@@ -536,18 +549,6 @@ Error Track::load(const std::shared_ptr<Box_trak>& trak_box)
   }


-  // --- security checks
-
-  if (m_heif_context->get_security_limits()->max_sequence_frames > 0 &&
-      m_stsz->num_samples() > m_heif_context->get_security_limits()->max_sequence_frames) {
-    return {
-      heif_error_Memory_allocation_error,
-      heif_suberror_Security_limit_exceeded,
-      "Security limit for maximum number of sequence frames exceeded"
-    };
-  }
-
-
   // --- initialize track tables

   Error err = init_sample_timing_table();