From b645c9c258f98a12c7ffb006f4265e4eb2a2f1b6 Mon Sep 17 00:00:00 2001
From: Mirco Miranda <mircomir@gmail.com>
Date: Sat, 9 Nov 2024 10:44:04 +0000
Subject: [PATCH] JXL: Fix OSS Fuzz issue 377971416

---
 src/imageformats/jxl.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/imageformats/jxl.cpp b/src/imageformats/jxl.cpp
index 9591a7f..ab5c41b 100644
--- a/src/imageformats/jxl.cpp
+++ b/src/imageformats/jxl.cpp
@@ -1172,7 +1172,7 @@ bool QJpegXLHandler::decodeBoxes()
             JxlDecoderGetBoxType(m_decoder, type, JXL_FALSE);
             if (memcmp(type, "xml ", 4) == 0) {
                 uint64_t size;
-                if (JxlDecoderGetBoxSizeRaw(m_decoder, &size) == JXL_DEC_SUCCESS) {
+                if (JxlDecoderGetBoxSizeRaw(m_decoder, &size) == JXL_DEC_SUCCESS && size < uint64_t(kMaxQVectorSize)) {
                     m_xmp = QByteArray(size, '\0');
                     JxlDecoderSetBoxBuffer(m_decoder, reinterpret_cast<uint8_t *>(m_xmp.data()), m_xmp.size());
                 }