From a3156b1afc89acc0dbd0a620e8b40787f6dda8d0 Mon Sep 17 00:00:00 2001
From: Ankur Tyagi <ankur.tyagi85@gmail.com>
Date: Mon, 6 Apr 2026 00:49:03 +1200
Subject: [PATCH] libde265: patch CVE-2026-33165

Backport the commit mentioned in the NVD

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-33165

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 .../libde265/libde265/CVE-2026-33165.patch    | 45 +++++++++++++++++++
 .../libde265/libde265_1.0.16.bb               |  1 +
 2 files changed, 46 insertions(+)
 create mode 100644 meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2026-33165.patch

diff --git a/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2026-33165.patch b/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2026-33165.patch
new file mode 100644
index 0000000000..3606c78078
--- /dev/null
+++ b/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2026-33165.patch
@@ -0,0 +1,45 @@
+From 9e8560a1b01bf066aaada3c19205170d93047766 Mon Sep 17 00:00:00 2001
+From: Dirk Farin <dirk.farin@gmail.com>
+Date: Sun, 15 Mar 2026 22:58:39 +0100
+Subject: [PATCH] fix reallocation of metadata array when ctb size changes
+ (thanks to Ana K.)
+
+(cherry picked from commit c7891e412106130b83f8e8ea8b7f907e9449b658)
+
+CVE: CVE-2026-33165
+Upstream-Status: Backport [https://github.com/strukturag/libde265/commit/c7891e412106130b83f8e8ea8b7f907e9449b658]
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ libde265/image.cc | 5 +++--
+ libde265/image.h  | 2 +-
+ 2 files changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/libde265/image.cc b/libde265/image.cc
+index fdc80fc2..1387f78d 100644
+--- a/libde265/image.cc
++++ b/libde265/image.cc
+@@ -455,8 +455,9 @@ de265_error de265_image::alloc_image(int w,int h, enum de265_chroma c,
+ 
+     // CTB info
+ 
+-    if (ctb_info.width_in_units != sps->PicWidthInCtbsY ||
+-        ctb_info.height_in_units != sps->PicHeightInCtbsY)
++    if (ctb_info.width_in_units  != sps->PicWidthInCtbsY  ||
++        ctb_info.height_in_units != sps->PicHeightInCtbsY ||
++        ctb_info.log2unitSize    != sps->Log2CtbSizeY)
+       {
+         delete[] ctb_progress;
+ 
+diff --git a/libde265/image.h b/libde265/image.h
+index 3779580c..6fc34c71 100644
+--- a/libde265/image.h
++++ b/libde265/image.h
+@@ -149,7 +149,7 @@ template <class DataUnit> class MetaDataArray
+   // private:
+   DataUnit* data;
+   int data_size;
+-  int log2unitSize;
++  uint8_t log2unitSize;
+   int width_in_units;
+   int height_in_units;
+ };
diff --git a/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.16.bb b/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.16.bb
index 2676de5c2e..5024c56831 100644
--- a/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.16.bb
+++ b/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.16.bb
@@ -10,6 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=695b556799abb2435c97a113cdca512f"
 
 SRC_URI = "git://github.com/strukturag/libde265.git;branch=master;protocol=https;tag=v${PV} \
            file://CVE-2025-61147.patch \
+           file://CVE-2026-33165.patch \
            "
 SRCREV = "7ba65889d3d6d8a0d99b5360b028243ba843be3a"