libheif Integer overflow in uncompressed

@bradh I got a fuzzer hitting an integer overflow:

libheif/codecs/uncompressed_box.cc:263:38: runtime error: unsigned integer overflow: 4294967295 + 1 cannot be represented in type 'unsigned int'

https://github.com/strukturag/libheif/blob/9d4a5107c469c76fec7146b896819bc215a66fbe/libheif/codecs/uncompressed_box.cc#L263-265

Probably, it is enough to output an error when the number of tiles exceeds a sensible maximum.

Jun 28 '24 10:06 farindk

This is why we should have stuck to the _minus_1 :-) Of course then the overflow could just happen later.

I'll take care of this one.

Jun 28 '24 11:06 bradh

I really would like to have C++ integer types that have a limited range (e.g. `int<-1,1024>'). Then we would not constantly have issues of signed vs unsigned or +1 overflows like this.

Jun 28 '24 12:06 farindk

I really would like to have C++ integer types that have a limited range (e.g. `int<-1,1024>'). Then we would not constantly have issues of signed vs unsigned or +1 overflows like this.

In writing the unit test I found I had an off-by-one error in my comparison...

Jun 28 '24 12:06 bradh

Integer overflow in uncompressed_box.cc