From: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Date: Fri, 29 Dec 2023 22:03:02 +0000 (+0100)
Subject: CVE-2023-47471
X-Git-Tag: archive/raspbian/1.0.11-0+deb11u3+rpi1^2~4
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=ca4770fb50aa35ec15490d7a8decba459f2b10bb;p=libde265.git

CVE-2023-47471

commit e36b4a1b0bafa53df47514c419d5be3e8916ebc7
Author: Dirk Farin <dirk.farin@gmail.com>
Date:   Sat Nov 4 15:20:50 2023 +0100

    null-pointer check in debug output (fixes #426)


Gbp-Pq: Name CVE-2023-47471.patch
---

diff --git a/libde265/slice.cc b/libde265/slice.cc
index 280b741..435123d 100644
--- a/libde265/slice.cc
+++ b/libde265/slice.cc
@@ -1277,14 +1277,23 @@ void slice_segment_header::dump_slice_segment_header(const decoder_context* ctx,
 #define LOG3(t,d1,d2,d3) log2fh(fh, t,d1,d2,d3)
 #define LOG4(t,d1,d2,d3,d4) log2fh(fh, t,d1,d2,d3,d4)
 
+  LOG0("----------------- SLICE -----------------\n");
+
   const pic_parameter_set* pps = ctx->get_pps(slice_pic_parameter_set_id);
+  if (!pps) {
+    LOG0("invalid PPS referenced\n");
+    return;
+  }
   assert(pps->pps_read); // TODO: error handling
 
   const seq_parameter_set* sps = ctx->get_sps((int)pps->seq_parameter_set_id);
+  if (!sps) {
+    LOG0("invalid SPS referenced\n");
+    return;
+  }
   assert(sps->sps_read); // TODO: error handling
 
 
-  LOG0("----------------- SLICE -----------------\n");
   LOG1("first_slice_segment_in_pic_flag      : %d\n", first_slice_segment_in_pic_flag);
   if (ctx->get_nal_unit_type() >= NAL_UNIT_BLA_W_LP &&
       ctx->get_nal_unit_type() <= NAL_UNIT_RESERVED_IRAP_VCL23) {