Commit c0e749ab for libheif

commit c0e749ab890c135c25ab1877f428159d883318f9
Author: Dirk Farin <dirk.farin@gmail.com>
Date:   Wed Jan 14 19:38:41 2026 +0100

    check against number of samples in  box exceeding samples in  box (#1669)

diff --git a/libheif/sequences/seq_boxes.cc b/libheif/sequences/seq_boxes.cc
index 8f834c7c..aec84fd5 100644
--- a/libheif/sequences/seq_boxes.cc
+++ b/libheif/sequences/seq_boxes.cc
@@ -882,6 +882,13 @@ Error Box_stsc::parse(BitstreamRange& range, const heif_security_limits* limits)
       "'sample_description_index' in 'stsc' must not be 0."};
     }

+    if (entry.samples_per_chunk > limits->max_sequence_frames) {
+      return {
+        heif_error_Invalid_input,
+        heif_suberror_Unspecified,
+        "Number of chunk samples in `stsc` box exceeds security limits of maximum number of frames."};
+    }
+
     m_entries[i] = entry;
   }

diff --git a/libheif/sequences/track.cc b/libheif/sequences/track.cc
index d28343fa..acb916fa 100644
--- a/libheif/sequences/track.cc
+++ b/libheif/sequences/track.cc
@@ -375,6 +375,14 @@ Error Track::load(const std::shared_ptr<Box_trak>& trak_box)
       }
     }

+    if (current_sample_idx + sampleToChunk.samples_per_chunk > m_stsz->num_samples()) {
+      return {
+        heif_error_Invalid_input,
+        heif_suberror_Unspecified,
+        "Number of samples in 'stsc' box exceeds sample sizes in 'stsz' box."
+      };
+    }
+
     auto chunk = std::make_shared<Chunk>(m_heif_context, m_id,
                                          current_sample_idx, sampleToChunk.samples_per_chunk,
                                          m_stco->get_offsets()[chunk_idx],