fix: Harden JUMB embed media description box parser against integer underflow attack

[ssanthosh]

Changes in this pull request

Security Fix: Index Out-of-Bounds issue in read_embedded_media_desc_box on parsing JUMBF EmbedMediaDesc Box

Issue

BoxReader::read_embedded_media_desc_box (sdk/src/jumbf/boxes.rs) crashes when parsing a crafted bfdb box with size=9 (8-byte BMFF header + 1-byte toggles, no media type data).

data_len = size - HEADER_SIZE - TOGGLE_SIZE = 9 - 8 - 1 = 0 causes read_to_vec(0) to return an empty buffer. The _ match arm then evaluates buf[buf.len() - 1] where buf.len() = 0, causing a usize underflow and an index-out-of-bounds panic in both debug and release builds.

---

Fix

1. Minimum size guard — rejects any bfdb box with size < 9 (HEADER_SIZE + TOGGLE_SIZE) before any reads, preventing u64 underflow in the data_len computation for boxes smaller than a toggles-only payload.

2. Safe last-byte access — replaced buf[buf.len() - 1] with buf.last(), which returns None for an empty slice and safely handles the size=9 empty media type case.

---

Test

embedded_media_desc_box_handles_empty_media_type_and_rejects_undersized:

size	Expected	Why
9	Ok	Valid empty media type — writer produces this; crash fixed by buf.last()
8	Err	No toggles byte — data_len underflows without minimum size guard
0	Err	BMFF "extends to EOF" sentinel; invalid for a bounded inner box

---

Checklist

• This PR represents a single feature, fix, or change.
• All applicable changes have been documented.
• Any TO DO items (or similar) have been entered as GitHub issues and the link to that issue has been included in a comment.

[codspeed-hq]

Merging this PR will not alter performance

✅ 32 untouched benchmarks
⏩ 2 skipped benchmarks¹

---

_{Comparing ssanthosh/vulnerability_fixes_integer_underflow_EmbedMediaDesc_parser (c151f95) with main (f4eaf9e)}

Footnotes

1. 2 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports. ↩

[tmathern]

I think there were Chrome updates. The wasm failures should resolve in 48hours once they update too.