From: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Date: Fri, 29 Dec 2023 22:03:02 +0000 (+0100)
Subject: CVE-2023-49467
X-Git-Tag: archive/raspbian/1.0.11-0+deb10u6+rpi1^2~2
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=64c3017f133df3eeef5697bec588e3b8a0bd12c3;p=libde265.git

CVE-2023-49467

commit 7e4faf254bbd2e52b0f216cb987573a2cce97b54
Author: Dirk Farin <dirk.farin@gmail.com>
Date:   Thu Nov 23 19:38:34 2023 +0100

    prevent endless loop for #434 input


Gbp-Pq: Name CVE-2023-49467.patch
---

diff --git a/libde265/slice.cc b/libde265/slice.cc
index 435123d..3a8a8de 100644
--- a/libde265/slice.cc
+++ b/libde265/slice.cc
@@ -2582,6 +2582,11 @@ static int decode_rqt_root_cbf(thread_context* tctx)
 
 static int decode_ref_idx_lX(thread_context* tctx, int numRefIdxLXActive)
 {
+  // prevent endless loop when 'numRefIdxLXActive' is invalid
+  if (numRefIdxLXActive <= 1) {
+    return 0;
+  }
+
   logtrace(LogSlice,"# ref_idx_lX\n");
 
   int cMax = numRefIdxLXActive-1;