From c466177ccfc73b540f85a2d654fd3acb0a2db71c Mon Sep 17 00:00:00 2001
From: npt-1707 <npthanh132@gmail.com>
Date: Thu, 17 Apr 2025 01:23:03 +0800
Subject: [PATCH] parse_qt: possible integer overflow

---
 rtengine/dcraw.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/rtengine/dcraw.c b/rtengine/dcraw.c
index f97407f26..de5d704fe 100644
--- a/rtengine/dcraw.c
+++ b/rtengine/dcraw.c
@@ -6817,6 +6817,8 @@ void CLASS parse_qt (int end)
   while (ftell(ifp)+7 < end) {
     save = ftell(ifp);
     if ((size = get4()) < 8) return;
+    if ((int)size < 0) return; // 2+GB is too much
+    if (save + size < save) return; // 32bit overflow
     fread (tag, 4, 1, ifp);
     if (!memcmp(tag,"moov",4) ||
 	!memcmp(tag,"udta",4) ||