From: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Date: Fri, 29 Dec 2023 22:03:02 +0000 (+0100)
Subject: CVE-2023-49465
X-Git-Tag: archive/raspbian/1.0.11-0+deb10u6+rpi1^2~3
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=2a5f5001c59e3ada15cf8e9823b853889c9b3163;p=libde265.git

CVE-2023-49465

commit 1475c7d2f0a6dc35c27e18abc4db9679bfd32568
Author: Dirk Farin <dirk.farin@gmail.com>
Date:   Thu Nov 23 19:43:55 2023 +0100

    possible fix for #435


Gbp-Pq: Name CVE-2023-49465.patch
---

diff --git a/libde265/motion.cc b/libde265/motion.cc
index f33e23f..f4fa068 100644
--- a/libde265/motion.cc
+++ b/libde265/motion.cc
@@ -1859,7 +1859,14 @@ void derive_spatial_luma_vector_prediction(base_context* ctx,
       logmvcand(vi);
 
       const de265_image* imgX = NULL;
-      if (vi.predFlag[X]) imgX = ctx->get_image(shdr->RefPicList[X][ vi.refIdx[X] ]);
+      if (vi.predFlag[X]) {
+        if (vi.refIdx[X] < 0 || vi.refIdx[X] >= MAX_NUM_REF_PICS) {
+          return;
+        }
+
+        imgX = ctx->get_image(shdr->RefPicList[X][ vi.refIdx[X] ]);
+      }
+
       const de265_image* imgY = NULL;
       if (vi.predFlag[Y]) imgY = ctx->get_image(shdr->RefPicList[Y][ vi.refIdx[Y] ]);