From 2a5f5001c59e3ada15cf8e9823b853889c9b3163 Mon Sep 17 00:00:00 2001
From: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Date: Fri, 29 Dec 2023 23:03:02 +0100
Subject: [PATCH] CVE-2023-49465

commit 1475c7d2f0a6dc35c27e18abc4db9679bfd32568
Author: Dirk Farin <dirk.farin@gmail.com>
Date:   Thu Nov 23 19:43:55 2023 +0100

    possible fix for #435


Gbp-Pq: Name CVE-2023-49465.patch
---
 libde265/motion.cc | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/libde265/motion.cc b/libde265/motion.cc
index f33e23f..f4fa068 100644
--- a/libde265/motion.cc
+++ b/libde265/motion.cc
@@ -1859,7 +1859,14 @@ void derive_spatial_luma_vector_prediction(base_context* ctx,
       logmvcand(vi);
 
       const de265_image* imgX = NULL;
-      if (vi.predFlag[X]) imgX = ctx->get_image(shdr->RefPicList[X][ vi.refIdx[X] ]);
+      if (vi.predFlag[X]) {
+        if (vi.refIdx[X] < 0 || vi.refIdx[X] >= MAX_NUM_REF_PICS) {
+          return;
+        }
+
+        imgX = ctx->get_image(shdr->RefPicList[X][ vi.refIdx[X] ]);
+      }
+
       const de265_image* imgY = NULL;
       if (vi.predFlag[Y]) imgY = ctx->get_image(shdr->RefPicList[Y][ vi.refIdx[Y] ]);
 
-- 
2.30.2