870e7552 introduced validating the lace sizes when they are parsed and removed the old check; yet when merging this libav commit in 6902c3ac, the old check for whether the frame extends beyond the frame has been kept. It is unnecessary and has been removed.
Signed-off-by: Andreas Rheinhardt <andreas.rheinha...@gmail.com> --- libavformat/matroskadec.c | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 25f26da074..5901dbd221 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -2996,10 +2996,10 @@ static void matroska_clear_queue(MatroskaDemuxContext *matroska) } static int matroska_parse_laces(MatroskaDemuxContext *matroska, uint8_t **buf, - int *buf_size, int type, + int size, int type, uint32_t **lace_buf, int *laces) { - int n, size = *buf_size; + int n; uint8_t *data = *buf; uint32_t *lace_size; @@ -3095,7 +3095,6 @@ static int matroska_parse_laces(MatroskaDemuxContext *matroska, uint8_t **buf, } *buf = data; - *buf_size = size; return 0; } @@ -3589,7 +3588,7 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, AVBufferRef *buf } } - res = matroska_parse_laces(matroska, &data, &size, (flags & 0x06) >> 1, + res = matroska_parse_laces(matroska, &data, size, (flags & 0x06) >> 1, &lace_size, &laces); if (res) @@ -3613,11 +3612,6 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, AVBufferRef *buf for (n = 0; n < laces; n++) { int64_t lace_duration = block_duration*(n+1) / laces - block_duration*n / laces; - if (lace_size[n] > size) { - av_log(matroska->ctx, AV_LOG_ERROR, "Invalid packet size\n"); - break; - } - if ((st->codecpar->codec_id == AV_CODEC_ID_RA_288 || st->codecpar->codec_id == AV_CODEC_ID_COOK || st->codecpar->codec_id == AV_CODEC_ID_SIPR || @@ -3649,7 +3643,6 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, AVBufferRef *buf if (timecode != AV_NOPTS_VALUE) timecode = lace_duration ? timecode + lace_duration : AV_NOPTS_VALUE; data += lace_size[n]; - size -= lace_size[n]; } end: -- 2.21.0 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".