From 39e56d5f5a0dde93b2c9601f700d70a73b1ac14f Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Sat, 7 Oct 2023 21:38:30 +0100
Subject: [PATCH] Credit to OSS-Fuzz:
 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61675 Avoid integer
 overflow in the calculation of available_out.

---
 src/bmffimage.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/bmffimage.cpp b/src/bmffimage.cpp
index 4eb2b12344..ad084ea2a4 100644
--- a/src/bmffimage.cpp
+++ b/src/bmffimage.cpp
@@ -216,7 +216,7 @@ void BmffImage::brotliUncompress(const byte* compressedBuf, size_t compressedBuf
       uncompressedLen *= 2;
       // DoS protection - can't be bigger than 128k
       if (uncompressedLen > 131072) {
-        if (++dos > 1)
+        if (++dos > 1 || total_out > 131072)
           break;
         uncompressedLen = 131072;
       }