From e3fb5f894f434c3bf11e14203dc20a28546835c5 Mon Sep 17 00:00:00 2001
From: Nicolas Dufresne <nicolas.dufresne@collabora.com>
Date: Sun, 1 Nov 2020 18:30:34 -0500
Subject: [PATCH] h265decoder: Prevent possible infinite loop

Theoretically, one could produce a broken stream that would lead to
infinite in the specified algorithm to calculate l0/l1 reference lists.
This patch will pearly exit if this condition is met.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/1750>
---
 gst-libs/gst/codecs/gsth265decoder.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/gst-libs/gst/codecs/gsth265decoder.c b/gst-libs/gst/codecs/gsth265decoder.c
index 0d63290..fa2425f 100644
--- a/gst-libs/gst/codecs/gsth265decoder.c
+++ b/gst-libs/gst/codecs/gsth265decoder.c
@@ -376,6 +376,14 @@ gst_h265_decoder_process_ref_pic_lists (GstH265Decoder * self,
   if (GST_H265_IS_I_SLICE (&slice->header))
     return;
 
+  /* Inifinit loop prevention */
+  if (self->NumPocStCurrBefore == 0 && self->NumPocStCurrAfter == 0 &&
+      self->NumPocLtCurr == 0 && !scc_ext->pps_curr_pic_ref_enabled_flag) {
+    GST_WARNING_OBJECT (self,
+        "Expected references, got none, preventing infinit loop.");
+    return;
+  }
+
   /* 8.3.4 Deriving l0 */
   tmp_refs = priv->ref_pic_list_tmp;
 
-- 
2.7.4