From: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Date: Tue, 24 Jan 2023 21:39:16 +0000 (+0000)
Subject: fix invalid memory access after unavailable reference frame insertion
X-Git-Tag: archive/raspbian/1.0.3-1+rpi1+deb10u3^2~14
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=d74b13aca50f80e0955fc40739265e254ea905c6;p=libde265.git

fix invalid memory access after unavailable reference frame insertion

Origin: https://github.com/strukturag/libde265/commit/ee8e09a7f6f65b7c409c7801ad64918a2925ed9b
Reviewed-by: Tobias Frost <tobi@debian.org>
Last-Update: 2023-01-24 <YYYY-MM-DD, last update of the meta-information, optional>

Needed to avoid asan errors for the version at hand, otherwise the crash even
happens before the pocs triggers.
Last-Update: 2023-01-24 <YYYY-MM-DD, last update of the meta-information, optional>
Gbp-Pq: Name fix-invalid-memory-access.patch
---

diff --git a/libde265/decctx.cc b/libde265/decctx.cc
index 62cf20e..edebb71 100644
--- a/libde265/decctx.cc
+++ b/libde265/decctx.cc
@@ -1648,9 +1648,8 @@ void decoder_context::process_reference_picture_set(slice_segment_header* hdr)
                                                                     PocStCurrBefore[i], false);
       RefPicSetStCurrBefore[i] = k = concealedPicture;
 
-	  if (concealedPicture < picInAnyList.size()) {
-		  picInAnyList[concealedPicture] = true;
-	  }
+      picInAnyList.resize(dpb.size(), false); // adjust size of array to hold new picture
+      picInAnyList[concealedPicture] = true;
 
       //printf("  concealed: %d\n", concealedPicture);
     }
@@ -1671,6 +1670,9 @@ void decoder_context::process_reference_picture_set(slice_segment_header* hdr)
       int concealedPicture = generate_unavailable_reference_picture(current_sps.get(),
                                                                     PocStCurrAfter[i], false);
       RefPicSetStCurrAfter[i] = k = concealedPicture;
+
+
+      picInAnyList.resize(dpb.size(), false); // adjust size of array to hold new picture
       picInAnyList[concealedPicture]=true;
 
       //printf("  concealed: %d\n", concealedPicture);