libde265: patch CVE-2023-47471

Details: https://nvd.nist.gov/vuln/detail/CVE-2023-47471 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-01-27 12:01:38 +01:00 · 2026-01-10 12:43:43 +13:00 · 2026-01-10 12:43:43 +13:00 · 42b615f953
commit 42b615f953
parent e83565b24a
2 changed files with 43 additions and 0 deletions
--- a/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2023-47471.patch
+++ b/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2023-47471.patch
@ -0,0 +1,42 @@
+From 78bd5752157f34e822cefd8ff8959a96a26b4841 Mon Sep 17 00:00:00 2001
+From: Dirk Farin <dirk.farin@gmail.com>
+Date: Sat, 4 Nov 2023 15:20:50 +0100
+Subject: [PATCH] null-pointer check in debug output (fixes #426)
+
+CVE: CVE-2023-47471
+Upstream-Status: Backport [https://github.com/strukturag/libde265/commit/e36b4a1b0bafa53df47514c419d5be3e8916ebc7]
+(cherry picked from commit e36b4a1b0bafa53df47514c419d5be3e8916ebc7)
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ libde265/slice.cc | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/libde265/slice.cc b/libde265/slice.cc
+index 280b7417..435123dc 100644
+--- a/libde265/slice.cc
+++ b/libde265/slice.cc
+@@ -1277,14 +1277,23 @@ void slice_segment_header::dump_slice_segment_header(const decoder_context* ctx,
+ #define LOG3(t,d1,d2,d3) log2fh(fh, t,d1,d2,d3)
+ #define LOG4(t,d1,d2,d3,d4) log2fh(fh, t,d1,d2,d3,d4)
+ 
+  LOG0("----------------- SLICE -----------------\n");
+
+   const pic_parameter_set* pps = ctx->get_pps(slice_pic_parameter_set_id);
+  if (!pps) {
+    LOG0("invalid PPS referenced\n");
+    return;
+  }
+   assert(pps->pps_read); // TODO: error handling
+ 
+   const seq_parameter_set* sps = ctx->get_sps((int)pps->seq_parameter_set_id);
+  if (!sps) {
+    LOG0("invalid SPS referenced\n");
+    return;
+  }
+   assert(sps->sps_read); // TODO: error handling
+ 
+ 
+-  LOG0("----------------- SLICE -----------------\n");
+   LOG1("first_slice_segment_in_pic_flag      : %d\n", first_slice_segment_in_pic_flag);
+   if (ctx->get_nal_unit_type() >= NAL_UNIT_BLA_W_LP &&
+       ctx->get_nal_unit_type() <= NAL_UNIT_RESERVED_IRAP_VCL23) {
--- a/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.12.bb
+++ b/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.12.bb
@ -10,6 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=695b556799abb2435c97a113cdca512f"

 SRC_URI = "git://github.com/strukturag/libde265.git;branch=master;protocol=https \
           file://CVE-2023-43887.patch \
+           file://CVE-2023-47471.patch \
 "
 SRCREV = "a267c84707ab264928fa9b86de2ee749c48c318c"