Commit e5b8331b for libheif

commit e5b8331bb30787c7e078f6fda4a996ff1a241c7e
Author: Dirk Farin <dirk.farin@gmail.com>
Date:   Wed Apr 29 20:32:51 2026 +0200

    fix deadlock when there are cycles in malicious input

diff --git a/libheif/image-items/image_item.cc b/libheif/image-items/image_item.cc
index ae59d751..ddad85cf 100644
--- a/libheif/image-items/image_item.cc
+++ b/libheif/image-items/image_item.cc
@@ -707,6 +707,16 @@ Result<std::shared_ptr<HeifPixelImage>> ImageItem::decode_image(const heif_decod
                                                                 bool decode_tile_only, uint32_t tile_x0, uint32_t tile_y0,
                                                                 std::set<heif_item_id> processed_ids) const
 {
+  // Check for cycles before taking m_decode_mutex: a derived item that
+  // (transitively) references itself would otherwise re-enter decode_image()
+  // on the same ImageItem and self-deadlock on the non-recursive mutex.
+  if (processed_ids.contains(m_id)) {
+    return Error{heif_error_Invalid_input,
+                 heif_suberror_Unspecified,
+                 "'iref' has cyclic references"};
+  }
+  processed_ids.insert(m_id);
+
   std::lock_guard<std::mutex> lock(m_decode_mutex);

   // --- check whether image size (according to 'ispe') exceeds maximum