diff -Nru libde265-1.0.8/debian/changelog libde265-1.0.8/debian/changelog --- libde265-1.0.8/debian/changelog 2024-02-06 15:52:09.000000000 +0000 +++ libde265-1.0.8/debian/changelog 2024-02-14 19:24:21.000000000 +0000 @@ -1,3 +1,45 @@ +libde265 (1.0.8-1ubuntu0.2) jammy-security; urgency=medium + + * SECURITY UPDATE: read-out-of-bounds + - debian/patches/CVE-2022-43245.patch: fix illegal table access + when input pixel is out of range. + - CVE-2022-43245 + * SECURITY UPDATE: heap-buffer-overflow + - debian/patches/CVE-2022-43249.patch: checking in MC whether + bit-depths match. + - CVE-2022-43244 + - CVE-2022-43249 + - CVE-2022-43250 + * SECURITY UPDATE: heap-buffer-overflow + - debian/patches/CVE-2022-47665.patch: image's ctb_info has to be + reallocated also when dimensions change even if total number of + CTBs stays the same. + - CVE-2022-47665 + * SECURITY UPDATE: NULL pointer dereference + - debian/patches/CVE-2023-24751.patch: another MC fix for + monochroma images. + - CVE-2023-24751 + * SECURITY UPDATE: NULL pointer dereference + - debian/patches/CVE-2023-24752.patch: another MC fix for + monochroma images. + - CVE-2023-24752 + * SECURITY UPDATE: NULL pointer dereference + - debian/patches/CVE-2023-24754.patch: fix for monochrome MC. + - CVE-2023-24754 + * SECURITY UPDATE: NULL pointer dereference + - debian/patches/CVE-2023-24755.patch: fix for monochrome MC. + - CVE-2023-24755 + - CVE-2023-24756 + - CVE-2023-24757 + - CVE-2023-24758 + * SECURITY UPDATE: heap-buffer-overflow + - debian/patches/CVE-2023-25221.patch: check for invalid refIdx. + - CVE-2023-25221 + * Add patches: + - debian/patches/mc-for-mono-images.patch + + -- Fabian Toepfer Wed, 14 Feb 2024 20:24:21 +0100 + libde265 (1.0.8-1ubuntu0.1) jammy-security; urgency=medium * SECURITY UPDATE: denial-of-service diff -Nru libde265-1.0.8/debian/patches/CVE-2022-43245.patch libde265-1.0.8/debian/patches/CVE-2022-43245.patch --- libde265-1.0.8/debian/patches/CVE-2022-43245.patch 1970-01-01 00:00:00.000000000 +0000 +++ libde265-1.0.8/debian/patches/CVE-2022-43245.patch 2024-02-14 18:56:10.000000000 +0000 @@ -0,0 +1,30 @@ +From ad291690a8c92218b9e86738edd45ed64736b246 Mon Sep 17 00:00:00 2001 +From: Dirk Farin +Date: Tue, 24 Jan 2023 16:53:06 +0100 +Subject: [PATCH] SAO: fix illegal table access when input pixel is out of + range (fixes #351) + +--- + libde265/sao.cc | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/libde265/sao.cc b/libde265/sao.cc +index ed8676ea..33d55580 100644 +--- a/libde265/sao.cc ++++ b/libde265/sao.cc +@@ -217,7 +217,14 @@ void apply_sao_internal(de265_image* img, int xCtb,int yCtb, + if (bandShift >= 8) { + bandIdx = 0; + } else { +- bandIdx = bandTable[ in_img[xC+i+(yC+j)*in_stride]>>bandShift ]; ++ int pixel = in_img[xC+i+(yC+j)*in_stride]; ++ ++ // Note: the input pixel value should never exceed the valid range, but it seems that it still does, ++ // maybe when there was a decoding error and the pixels have not been filled in correctly. ++ // Thus, we have to limit the pixel range to ensure that we have no illegal table access. ++ pixel = Clip3(0,maxPixelValue, pixel); ++ ++ bandIdx = bandTable[ pixel>>bandShift ]; + } + + if (bandIdx>0) { diff -Nru libde265-1.0.8/debian/patches/CVE-2022-43249.patch libde265-1.0.8/debian/patches/CVE-2022-43249.patch --- libde265-1.0.8/debian/patches/CVE-2022-43249.patch 1970-01-01 00:00:00.000000000 +0000 +++ libde265-1.0.8/debian/patches/CVE-2022-43249.patch 2024-02-14 18:57:27.000000000 +0000 @@ -0,0 +1,46 @@ +From fbd0b3a11402e197aecbfa2f7d56625e7c7b9070 Mon Sep 17 00:00:00 2001 +From: Dirk Farin +Date: Tue, 24 Jan 2023 12:20:53 +0100 +Subject: [PATCH] fix-345 by checking in MC whether bit-depths match (#345) + +--- + libde265/de265.cc | 2 ++ + libde265/de265.h | 3 ++- + libde265/motion.cc | 5 +++++ + 3 files changed, 9 insertions(+), 1 deletion(-) + +--- libde265-1.0.8.orig/libde265/de265.cc ++++ libde265-1.0.8/libde265/de265.cc +@@ -163,6 +163,8 @@ LIBDE265_API const char* de265_get_error + return "Chroma format of current image does not match chroma in SPS"; + case DE265_WARNING_REFERENCE_IMAGE_SIZE_DOES_NOT_MATCH_SPS: + return "Size of reference image does not match current size in SPS"; ++ case DE265_WARNING_REFERENCE_IMAGE_BIT_DEPTH_DOES_NOT_MATCH: ++ return "Bit-depth of reference image does not match current image"; + + default: return "unknown error"; + } +--- libde265-1.0.8.orig/libde265/de265.h ++++ libde265-1.0.8/libde265/de265.h +@@ -137,6 +137,7 @@ typedef enum { + DE265_WARNING_SPS_MISSING_CANNOT_DECODE_SEI=1025, + DE265_WARNING_COLLOCATED_MOTION_VECTOR_OUTSIDE_IMAGE_AREA=1026, + DE265_WARNING_PCM_BITDEPTH_TOO_LARGE=1027, ++ DE265_WARNING_REFERENCE_IMAGE_BIT_DEPTH_DOES_NOT_MATCH=1028, + DE265_WARNING_REFERENCE_IMAGE_SIZE_DOES_NOT_MATCH_SPS=1029, + DE265_WARNING_CHROMA_OF_CURRENT_IMAGE_DOES_NOT_MATCH_SPS=1030, + DE265_WARNING_BIT_DEPTH_OF_CURRENT_IMAGE_DOES_NOT_MATCH_SPS=1031 +--- libde265-1.0.8.orig/libde265/motion.cc ++++ libde265-1.0.8/libde265/motion.cc +@@ -373,6 +373,11 @@ void generate_inter_prediction_samples(b + img->integrity = INTEGRITY_DECODING_ERRORS; + ctx->add_warning(DE265_WARNING_REFERENCE_IMAGE_SIZE_DOES_NOT_MATCH_SPS, false); + } ++ else if (img->get_bit_depth(0) != refPic->get_bit_depth(0) || ++ img->get_bit_depth(1) != refPic->get_bit_depth(1)) { ++ img->integrity = INTEGRITY_DECODING_ERRORS; ++ ctx->add_warning(DE265_WARNING_REFERENCE_IMAGE_BIT_DEPTH_DOES_NOT_MATCH, false); ++ } + else { + // 8.5.3.2.2 + diff -Nru libde265-1.0.8/debian/patches/CVE-2022-47665.patch libde265-1.0.8/debian/patches/CVE-2022-47665.patch --- libde265-1.0.8/debian/patches/CVE-2022-47665.patch 1970-01-01 00:00:00.000000000 +0000 +++ libde265-1.0.8/debian/patches/CVE-2022-47665.patch 2024-02-14 18:57:51.000000000 +0000 @@ -0,0 +1,24 @@ +From 2f0430ecda4dc83b5a3feaa3bea4826d1840dc68 Mon Sep 17 00:00:00 2001 +From: Dirk Farin +Date: Wed, 25 Jan 2023 19:43:20 +0100 +Subject: [PATCH] image's ctb_info has to be reallocated also when dimensions + change (even if total number of CTBs stays the same). Fixes #369 + +--- + libde265/image.cc | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/libde265/image.cc b/libde265/image.cc +index 07e4a22d..39813b04 100644 +--- a/libde265/image.cc ++++ b/libde265/image.cc +@@ -445,7 +445,8 @@ de265_error de265_image::alloc_image(int w,int h, enum de265_chroma c, + + // CTB info + +- if (ctb_info.data_size != sps->PicSizeInCtbsY) ++ if (ctb_info.width_in_units != sps->PicWidthInCtbsY || ++ ctb_info.height_in_units != sps->PicHeightInCtbsY) + { + delete[] ctb_progress; + diff -Nru libde265-1.0.8/debian/patches/CVE-2023-24751.patch libde265-1.0.8/debian/patches/CVE-2023-24751.patch --- libde265-1.0.8/debian/patches/CVE-2023-24751.patch 1970-01-01 00:00:00.000000000 +0000 +++ libde265-1.0.8/debian/patches/CVE-2023-24751.patch 2024-02-14 18:58:18.000000000 +0000 @@ -0,0 +1,42 @@ +From 7ea8e3cbb010bc02fa38419e87ed2281d7933850 Mon Sep 17 00:00:00 2001 +From: Dirk Farin +Date: Sat, 28 Jan 2023 15:03:34 +0100 +Subject: [PATCH] another MC fix for monochroma images (fixes #379) + +--- + libde265/motion.cc | 22 ++++++++++++---------- + 1 file changed, 12 insertions(+), 10 deletions(-) + +diff --git a/libde265/motion.cc b/libde265/motion.cc +index 9e5182ec..78303d81 100644 +--- a/libde265/motion.cc ++++ b/libde265/motion.cc +@@ -588,16 +588,18 @@ void generate_inter_prediction_samples(base_context* ctx, + int16_t* in10 = predSamplesC[1][0]; + int16_t* in11 = predSamplesC[1][1]; + +- ctx->acceleration.put_weighted_bipred(pixels[1], stride[1], +- in00,in01, nCS, nPbW/SubWidthC, nPbH/SubHeightC, +- chroma0_w0,chroma0_o0, +- chroma0_w1,chroma0_o1, +- chroma_log2WD, bit_depth_C); +- ctx->acceleration.put_weighted_bipred(pixels[2], stride[2], +- in10,in11, nCS, nPbW/SubWidthC, nPbH/SubHeightC, +- chroma1_w0,chroma1_o0, +- chroma1_w1,chroma1_o1, +- chroma_log2WD, bit_depth_C); ++ if (img->get_chroma_format() != de265_chroma_mono) { ++ ctx->acceleration.put_weighted_bipred(pixels[1], stride[1], ++ in00, in01, nCS, nPbW / SubWidthC, nPbH / SubHeightC, ++ chroma0_w0, chroma0_o0, ++ chroma0_w1, chroma0_o1, ++ chroma_log2WD, bit_depth_C); ++ ctx->acceleration.put_weighted_bipred(pixels[2], stride[2], ++ in10, in11, nCS, nPbW / SubWidthC, nPbH / SubHeightC, ++ chroma1_w0, chroma1_o0, ++ chroma1_w1, chroma1_o1, ++ chroma_log2WD, bit_depth_C); ++ } + } + } + else if (predFlag[0]==1 || predFlag[1]==1) { diff -Nru libde265-1.0.8/debian/patches/CVE-2023-24752.patch libde265-1.0.8/debian/patches/CVE-2023-24752.patch --- libde265-1.0.8/debian/patches/CVE-2023-24752.patch 1970-01-01 00:00:00.000000000 +0000 +++ libde265-1.0.8/debian/patches/CVE-2023-24752.patch 2024-02-14 18:58:36.000000000 +0000 @@ -0,0 +1,39 @@ +From 052bacb2535cf0024042eefde58e48df2c778f7c Mon Sep 17 00:00:00 2001 +From: Dirk Farin +Date: Sat, 28 Jan 2023 15:01:21 +0100 +Subject: [PATCH] another MC fix for monochroma images (fixes #378) + +--- + libde265/motion.cc | 19 +++++++++++-------- + 1 file changed, 11 insertions(+), 8 deletions(-) + +diff --git a/libde265/motion.cc b/libde265/motion.cc +index 7527539d..9e5182ec 100644 +--- a/libde265/motion.cc ++++ b/libde265/motion.cc +@@ -632,14 +632,17 @@ void generate_inter_prediction_samples(base_context* ctx, + ctx->acceleration.put_weighted_pred(pixels[0], stride[0], + predSamplesL[l],nCS, nPbW,nPbH, + luma_w, luma_o, luma_log2WD, bit_depth_L); +- ctx->acceleration.put_weighted_pred(pixels[1], stride[1], +- predSamplesC[0][l],nCS, +- nPbW/SubWidthC,nPbH/SubHeightC, +- chroma0_w, chroma0_o, chroma_log2WD, bit_depth_C); +- ctx->acceleration.put_weighted_pred(pixels[2], stride[2], +- predSamplesC[1][l],nCS, +- nPbW/SubWidthC,nPbH/SubHeightC, +- chroma1_w, chroma1_o, chroma_log2WD, bit_depth_C); ++ ++ if (img->get_chroma_format() != de265_chroma_mono) { ++ ctx->acceleration.put_weighted_pred(pixels[1], stride[1], ++ predSamplesC[0][l], nCS, ++ nPbW / SubWidthC, nPbH / SubHeightC, ++ chroma0_w, chroma0_o, chroma_log2WD, bit_depth_C); ++ ctx->acceleration.put_weighted_pred(pixels[2], stride[2], ++ predSamplesC[1][l], nCS, ++ nPbW / SubWidthC, nPbH / SubHeightC, ++ chroma1_w, chroma1_o, chroma_log2WD, bit_depth_C); ++ } + } + } + else { diff -Nru libde265-1.0.8/debian/patches/CVE-2023-24754.patch libde265-1.0.8/debian/patches/CVE-2023-24754.patch --- libde265-1.0.8/debian/patches/CVE-2023-24754.patch 1970-01-01 00:00:00.000000000 +0000 +++ libde265-1.0.8/debian/patches/CVE-2023-24754.patch 2024-02-14 18:58:50.000000000 +0000 @@ -0,0 +1,34 @@ +From bfb6de155f9fb015d2904cb4ef07809f17995276 Mon Sep 17 00:00:00 2001 +From: Dirk Farin +Date: Sun, 29 Jan 2023 12:20:48 +0100 +Subject: [PATCH] fix for monochrome MC (fixes #381) + +--- + libde265/motion.cc | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +diff --git a/libde265/motion.cc b/libde265/motion.cc +index 37ca68fa..38f768d5 100644 +--- a/libde265/motion.cc ++++ b/libde265/motion.cc +@@ -543,12 +543,14 @@ void generate_inter_prediction_samples(base_context* ctx, + int16_t* in10 = predSamplesC[1][0]; + int16_t* in11 = predSamplesC[1][1]; + +- ctx->acceleration.put_weighted_pred_avg(pixels[1], stride[1], +- in00,in01, nCS, +- nPbW/SubWidthC, nPbH/SubHeightC, bit_depth_C); +- ctx->acceleration.put_weighted_pred_avg(pixels[2], stride[2], +- in10,in11, nCS, +- nPbW/SubWidthC, nPbH/SubHeightC, bit_depth_C); ++ if (img->get_chroma_format() != de265_chroma_mono) { ++ ctx->acceleration.put_weighted_pred_avg(pixels[1], stride[1], ++ in00, in01, nCS, ++ nPbW / SubWidthC, nPbH / SubHeightC, bit_depth_C); ++ ctx->acceleration.put_weighted_pred_avg(pixels[2], stride[2], ++ in10, in11, nCS, ++ nPbW / SubWidthC, nPbH / SubHeightC, bit_depth_C); ++ } + } + else { + // weighted prediction diff -Nru libde265-1.0.8/debian/patches/CVE-2023-24755.patch libde265-1.0.8/debian/patches/CVE-2023-24755.patch --- libde265-1.0.8/debian/patches/CVE-2023-24755.patch 1970-01-01 00:00:00.000000000 +0000 +++ libde265-1.0.8/debian/patches/CVE-2023-24755.patch 2024-02-14 18:59:03.000000000 +0000 @@ -0,0 +1,56 @@ +From 48eb7dafe204b825b4a62948ed171a0cd3f1bda2 Mon Sep 17 00:00:00 2001 +From: Dirk Farin +Date: Sun, 29 Jan 2023 12:18:19 +0100 +Subject: [PATCH] fix for monochrome MC (fixes #380) + +--- + libde265/motion.cc | 29 +++++++++++++++++------------ + 1 file changed, 17 insertions(+), 12 deletions(-) + +diff --git a/libde265/motion.cc b/libde265/motion.cc +index 78303d81..37ca68fa 100644 +--- a/libde265/motion.cc ++++ b/libde265/motion.cc +@@ -509,12 +509,14 @@ void generate_inter_prediction_samples(base_context* ctx, + ctx->acceleration.put_weighted_pred(pixels[0], stride[0], + predSamplesL[0],nCS, nPbW,nPbH, + luma_w0, luma_o0, luma_log2WD, bit_depth_L); +- ctx->acceleration.put_weighted_pred(pixels[1], stride[1], +- predSamplesC[0][0],nCS, nPbW/SubWidthC,nPbH/SubHeightC, +- chroma0_w0, chroma0_o0, chroma_log2WD, bit_depth_C); +- ctx->acceleration.put_weighted_pred(pixels[2], stride[2], +- predSamplesC[1][0],nCS, nPbW/SubWidthC,nPbH/SubHeightC, +- chroma1_w0, chroma1_o0, chroma_log2WD, bit_depth_C); ++ if (img->get_chroma_format() != de265_chroma_mono) { ++ ctx->acceleration.put_weighted_pred(pixels[1], stride[1], ++ predSamplesC[0][0], nCS, nPbW / SubWidthC, nPbH / SubHeightC, ++ chroma0_w0, chroma0_o0, chroma_log2WD, bit_depth_C); ++ ctx->acceleration.put_weighted_pred(pixels[2], stride[2], ++ predSamplesC[1][0], nCS, nPbW / SubWidthC, nPbH / SubHeightC, ++ chroma1_w0, chroma1_o0, chroma_log2WD, bit_depth_C); ++ } + } + else { + ctx->add_warning(DE265_WARNING_BOTH_PREDFLAGS_ZERO, false); +@@ -608,12 +610,15 @@ void generate_inter_prediction_samples(base_context* ctx, + if (pps->weighted_bipred_flag==0) { + ctx->acceleration.put_unweighted_pred(pixels[0], stride[0], + predSamplesL[l],nCS, nPbW,nPbH, bit_depth_L); +- ctx->acceleration.put_unweighted_pred(pixels[1], stride[1], +- predSamplesC[0][l],nCS, +- nPbW/SubWidthC,nPbH/SubHeightC, bit_depth_C); +- ctx->acceleration.put_unweighted_pred(pixels[2], stride[2], +- predSamplesC[1][l],nCS, +- nPbW/SubWidthC,nPbH/SubHeightC, bit_depth_C); ++ ++ if (img->get_chroma_format() != de265_chroma_mono) { ++ ctx->acceleration.put_unweighted_pred(pixels[1], stride[1], ++ predSamplesC[0][l], nCS, ++ nPbW / SubWidthC, nPbH / SubHeightC, bit_depth_C); ++ ctx->acceleration.put_unweighted_pred(pixels[2], stride[2], ++ predSamplesC[1][l], nCS, ++ nPbW / SubWidthC, nPbH / SubHeightC, bit_depth_C); ++ } + } + else { + int refIdx = vi->refIdx[l]; diff -Nru libde265-1.0.8/debian/patches/CVE-2023-25221.patch libde265-1.0.8/debian/patches/CVE-2023-25221.patch --- libde265-1.0.8/debian/patches/CVE-2023-25221.patch 1970-01-01 00:00:00.000000000 +0000 +++ libde265-1.0.8/debian/patches/CVE-2023-25221.patch 2024-02-14 18:59:18.000000000 +0000 @@ -0,0 +1,41 @@ +From 857290982330e82d9e25d9d39527c6737021aa7d Mon Sep 17 00:00:00 2001 +From: Dirk Farin +Date: Mon, 30 Jan 2023 17:06:36 +0100 +Subject: [PATCH] check for invalid refIdx[] (fixes #388) + +--- + libde265/motion.cc | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/libde265/motion.cc b/libde265/motion.cc +index 38f768d5..45d547b0 100644 +--- a/libde265/motion.cc ++++ b/libde265/motion.cc +@@ -1890,6 +1890,12 @@ void derive_spatial_luma_vector_prediction(base_context* ctx, + + const PBMotion& vi = img->get_mv_info(xB[k],yB[k]); + ++ if (vi.refIdx[X] >= MAX_NUM_REF_PICS) { ++ img->integrity = INTEGRITY_DECODING_ERRORS; ++ ctx->add_warning(DE265_WARNING_NONEXISTING_REFERENCE_PICTURE_ACCESSED, false); ++ return; // error // TODO: we actually should make sure that this is never set to an out-of-range value ++ } ++ + if (vi.predFlag[X]==1 && + shdr->LongTermRefPic[X][refIdxLX] == shdr->LongTermRefPic[X][ vi.refIdx[X] ]) { + out_availableFlagLXN[B]=1; +@@ -2099,6 +2105,14 @@ void motion_vectors_and_ref_indices(base_context* ctx, + (inter_pred_idc == PRED_L1 && l==1)) { + out_vi->refIdx[l] = motion.refIdx[l]; + out_vi->predFlag[l] = 1; ++ ++ if (motion.refIdx[l] >= MAX_NUM_REF_PICS) { ++ out_vi->refIdx[l] = 0; ++ ++ img->integrity = INTEGRITY_DECODING_ERRORS; ++ ctx->add_warning(DE265_WARNING_NONEXISTING_REFERENCE_PICTURE_ACCESSED, false); ++ return; ++ } + } + else { + out_vi->refIdx[l] = -1; diff -Nru libde265-1.0.8/debian/patches/mc-for-mono-images.patch libde265-1.0.8/debian/patches/mc-for-mono-images.patch --- libde265-1.0.8/debian/patches/mc-for-mono-images.patch 1970-01-01 00:00:00.000000000 +0000 +++ libde265-1.0.8/debian/patches/mc-for-mono-images.patch 2024-02-14 19:02:39.000000000 +0000 @@ -0,0 +1,102 @@ +From 15b5bcd417356ea1fae8f9d8d5a68445afec8b1c +From: Dirk Farin +Date: Sat Jan 28 14:57:20 2023 +0100 +Subject: MC for mono images (fixes #377) + +--- libde265-1.0.8.orig/libde265/de265.cc ++++ libde265-1.0.8/libde265/de265.cc +@@ -163,6 +163,8 @@ LIBDE265_API const char* de265_get_error + return "Chroma format of current image does not match chroma in SPS"; + case DE265_WARNING_REFERENCE_IMAGE_SIZE_DOES_NOT_MATCH_SPS: + return "Size of reference image does not match current size in SPS"; ++ case DE265_WARNING_REFERENCE_IMAGE_CHROMA_FORMAT_DOES_NOT_MATCH: ++ return "Chroma format of reference image does not match current image"; + case DE265_WARNING_REFERENCE_IMAGE_BIT_DEPTH_DOES_NOT_MATCH: + return "Bit-depth of reference image does not match current image"; + +--- libde265-1.0.8.orig/libde265/de265.h ++++ libde265-1.0.8/libde265/de265.h +@@ -140,7 +140,8 @@ typedef enum { + DE265_WARNING_REFERENCE_IMAGE_BIT_DEPTH_DOES_NOT_MATCH=1028, + DE265_WARNING_REFERENCE_IMAGE_SIZE_DOES_NOT_MATCH_SPS=1029, + DE265_WARNING_CHROMA_OF_CURRENT_IMAGE_DOES_NOT_MATCH_SPS=1030, +- DE265_WARNING_BIT_DEPTH_OF_CURRENT_IMAGE_DOES_NOT_MATCH_SPS=1031 ++ DE265_WARNING_BIT_DEPTH_OF_CURRENT_IMAGE_DOES_NOT_MATCH_SPS=1031, ++ DE265_WARNING_REFERENCE_IMAGE_CHROMA_FORMAT_DOES_NOT_MATCH=1032 + } de265_error; + + LIBDE265_API const char* de265_get_error_text(de265_error err); +--- libde265-1.0.8.orig/libde265/motion.cc ++++ libde265-1.0.8/libde265/motion.cc +@@ -378,6 +378,10 @@ void generate_inter_prediction_samples(b + img->integrity = INTEGRITY_DECODING_ERRORS; + ctx->add_warning(DE265_WARNING_REFERENCE_IMAGE_BIT_DEPTH_DOES_NOT_MATCH, false); + } ++ else if (img->get_chroma_format() != refPic->get_chroma_format()) { ++ img->integrity = INTEGRITY_DECODING_ERRORS; ++ ctx->add_warning(DE265_WARNING_REFERENCE_IMAGE_CHROMA_FORMAT_DOES_NOT_MATCH, false); ++ } + else { + // 8.5.3.2.2 + +@@ -400,21 +404,23 @@ void generate_inter_prediction_samples(b + refPic->get_luma_stride(), nPbW,nPbH, bit_depth_L); + } + +- if (img->high_bit_depth(1)) { +- mc_chroma(ctx, sps, vi->mv[l].x, vi->mv[l].y, xP,yP, +- predSamplesC[0][l],nCS, (const uint16_t*)refPic->get_image_plane(1), +- refPic->get_chroma_stride(), nPbW/SubWidthC,nPbH/SubHeightC, bit_depth_C); +- mc_chroma(ctx, sps, vi->mv[l].x, vi->mv[l].y, xP,yP, +- predSamplesC[1][l],nCS, (const uint16_t*)refPic->get_image_plane(2), +- refPic->get_chroma_stride(), nPbW/SubWidthC,nPbH/SubHeightC, bit_depth_C); +- } +- else { +- mc_chroma(ctx, sps, vi->mv[l].x, vi->mv[l].y, xP,yP, +- predSamplesC[0][l],nCS, (const uint8_t*)refPic->get_image_plane(1), +- refPic->get_chroma_stride(), nPbW/SubWidthC,nPbH/SubHeightC, bit_depth_C); +- mc_chroma(ctx, sps, vi->mv[l].x, vi->mv[l].y, xP,yP, +- predSamplesC[1][l],nCS, (const uint8_t*)refPic->get_image_plane(2), +- refPic->get_chroma_stride(), nPbW/SubWidthC,nPbH/SubHeightC, bit_depth_C); ++ if (img->get_chroma_format() != de265_chroma_mono) { ++ if (img->high_bit_depth(1)) { ++ mc_chroma(ctx, sps, vi->mv[l].x, vi->mv[l].y, xP, yP, ++ predSamplesC[0][l], nCS, (const uint16_t*) refPic->get_image_plane(1), ++ refPic->get_chroma_stride(), nPbW / SubWidthC, nPbH / SubHeightC, bit_depth_C); ++ mc_chroma(ctx, sps, vi->mv[l].x, vi->mv[l].y, xP, yP, ++ predSamplesC[1][l], nCS, (const uint16_t*) refPic->get_image_plane(2), ++ refPic->get_chroma_stride(), nPbW / SubWidthC, nPbH / SubHeightC, bit_depth_C); ++ } ++ else { ++ mc_chroma(ctx, sps, vi->mv[l].x, vi->mv[l].y, xP, yP, ++ predSamplesC[0][l], nCS, (const uint8_t*) refPic->get_image_plane(1), ++ refPic->get_chroma_stride(), nPbW / SubWidthC, nPbH / SubHeightC, bit_depth_C); ++ mc_chroma(ctx, sps, vi->mv[l].x, vi->mv[l].y, xP, yP, ++ predSamplesC[1][l], nCS, (const uint8_t*) refPic->get_image_plane(2), ++ refPic->get_chroma_stride(), nPbW / SubWidthC, nPbH / SubHeightC, bit_depth_C); ++ } + } + } + } +@@ -465,12 +471,15 @@ void generate_inter_prediction_samples(b + if (predFlag[0]==1 && predFlag[1]==0) { + ctx->acceleration.put_unweighted_pred(pixels[0], stride[0], + predSamplesL[0],nCS, nPbW,nPbH, bit_depth_L); +- ctx->acceleration.put_unweighted_pred(pixels[1], stride[1], +- predSamplesC[0][0],nCS, +- nPbW/SubWidthC,nPbH/SubHeightC, bit_depth_C); +- ctx->acceleration.put_unweighted_pred(pixels[2], stride[2], +- predSamplesC[1][0],nCS, +- nPbW/SubWidthC,nPbH/SubHeightC, bit_depth_C); ++ ++ if (img->get_chroma_format() != de265_chroma_mono) { ++ ctx->acceleration.put_unweighted_pred(pixels[1], stride[1], ++ predSamplesC[0][0], nCS, ++ nPbW / SubWidthC, nPbH / SubHeightC, bit_depth_C); ++ ctx->acceleration.put_unweighted_pred(pixels[2], stride[2], ++ predSamplesC[1][0], nCS, ++ nPbW / SubWidthC, nPbH / SubHeightC, bit_depth_C); ++ } + } + else { + ctx->add_warning(DE265_WARNING_BOTH_PREDFLAGS_ZERO, false); diff -Nru libde265-1.0.8/debian/patches/series libde265-1.0.8/debian/patches/series --- libde265-1.0.8/debian/patches/series 2024-02-06 15:52:09.000000000 +0000 +++ libde265-1.0.8/debian/patches/series 2024-02-14 19:01:49.000000000 +0000 @@ -9,3 +9,12 @@ CVE-2022-43236.patch CVE-2022-43237.patch CVE-2022-43238.patch +CVE-2022-43245.patch +CVE-2022-43249.patch +CVE-2022-47665.patch +CVE-2023-24751.patch +CVE-2023-24752.patch +CVE-2023-24754.patch +CVE-2023-24755.patch +CVE-2023-25221.patch +mc-for-mono-images.patch