From c714a2b31576cc920cf806154a023ecf6bfcb161 Mon Sep 17 00:00:00 2001
From: Lovell Fuller <github@lovell.info>
Date: Fri, 25 Sep 2020 18:51:48 +0100
Subject: [PATCH] heifload: prevent reading beyond end of source buffer

---
 libvips/foreign/heifload.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/libvips/foreign/heifload.c b/libvips/foreign/heifload.c
index 7ee306f6..f9c3830c 100644
--- a/libvips/foreign/heifload.c
+++ b/libvips/foreign/heifload.c
@@ -961,7 +961,11 @@ vips_foreign_load_heif_wait_for_file_size( gint64 target_size, void *userdata )
 
 	enum heif_reader_grow_status status;
 
-	if( heif->length == -1 )
+	if( heif->source->data != NULL && target_size > heif->source->length )
+		/* Target size is beyond known buffer length
+		 */
+		status = heif_reader_grow_status_size_beyond_eof;
+	else if( heif->length == -1 )
 		/* We've not seen EOF yet, so seeking to any point is fine (as
 		 * far as we know).
 		 */