From eb812575fb57ae37cd411ac3f97f71ff5c1ead82 Mon Sep 17 00:00:00 2001
From: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Date: Fri, 29 Dec 2023 23:03:02 +0100
Subject: [PATCH] CVE-2023-27102

commit 0b1752abff97cb542941d317a0d18aa50cb199b1
Author: Dirk Farin <dirk.farin@gmail.com>
Date:   Sat Mar 4 10:32:43 2023 +0100

    check whether referenced PPS exists (fixes #393)


Gbp-Pq: Name CVE-2023-27102.patch
---
 libde265/decctx.cc | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/libde265/decctx.cc b/libde265/decctx.cc
index 8881c0c..3eb5daa 100644
--- a/libde265/decctx.cc
+++ b/libde265/decctx.cc
@@ -2276,9 +2276,10 @@ bool decoder_context::process_slice_segment_header(slice_segment_header* hdr,
   // get PPS and SPS for this slice
 
   int pps_id = hdr->slice_pic_parameter_set_id;
-  if (pps[pps_id]->pps_read==false) {
+  if (pps[pps_id]==nullptr || pps[pps_id]->pps_read==false) {
     logerror(LogHeaders, "PPS %d has not been read\n", pps_id);
-    assert(false); // TODO
+    img->decctx->add_warning(DE265_WARNING_NONEXISTING_PPS_REFERENCED, false);
+    return false;
   }
 
   current_pps = pps[pps_id];
-- 
2.30.2