From d66bab0a69ac1860e78dd951ad8db1a507e75642 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Mon, 6 Jan 2014 02:51:20 +0100
Subject: [PATCH] avcodec/hevc_ps: check that VPS referenced from SPS exists

This matches how its done for SPS/PPS.
An alternative to this is to check it when its used.

Fixes null pointer dereference
Fixes: signal_sigsegv_e30a43_1437_CIP_A_Panasonic_3.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/hevc_ps.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c
index 69500279be..1684d77672 100644
--- a/libavcodec/hevc_ps.c
+++ b/libavcodec/hevc_ps.c
@@ -635,6 +635,12 @@ int ff_hevc_decode_nal_sps(HEVCContext *s)
         goto err;
     }
 
+    if (!s->vps_list[sps->vps_id]) {
+        av_log(s->avctx, AV_LOG_ERROR, "VPS does not exist \n");
+        ret = AVERROR_INVALIDDATA;
+        goto err;
+    }
+
     sps->max_sub_layers = get_bits(gb, 3) + 1;
     if (sps->max_sub_layers > MAX_SUB_LAYERS) {
         av_log(s->avctx, AV_LOG_ERROR, "sps_max_sub_layers out of range: %d\n",