[vlc-commits] hxxx_nal: remove useless optim

Thu, 04 Jun 2020 05:33:26 -0700 

vlc/vlc-3.0 | branch: master | Thomas Guillem <[email protected]> | Wed May 27 
13:02:08 2020 +0200| [d5c43c21c747ff30ed19fcca745dea3481c733e0] | committer: 
Hugo Beauzée-Luyssen

hxxx_nal: remove useless optim

This special case is now useless since p_source is always copied to p_dest,
right after in the memmove loop.

Furthermore, this caused an invalid payload size when the buffer was actually
reallocated since the payload calculation was comparing two different buffers
offset.

CVE-2020-13428

Signed-off-by: Hugo Beauzée-Luyssen <[email protected]>
(cherry picked from commit 56822f03d7a498bb22257d6075723c0e1c7f91fe)
Signed-off-by: Hugo Beauzée-Luyssen <[email protected]>

> http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0
---

 modules/packetizer/hxxx_nal.c | 15 ---------------
 1 file changed, 15 deletions(-)

diff --git a/modules/packetizer/hxxx_nal.c b/modules/packetizer/hxxx_nal.c
index 73450606e3..6bdfd5a2a5 100644
--- a/modules/packetizer/hxxx_nal.c
+++ b/modules/packetizer/hxxx_nal.c
@@ -122,20 +122,6 @@ block_t *hxxx_AnnexB_to_xVC( block_t *p_block, uint8_t 
i_nal_length_size )
 
     if( p_list[i_nalcount - 1].move != 0 || i_nal_length_size != 4 )  /* We'll 
need to grow or shrink */
     {
-        /* If we grow in size, try using realloc to avoid memcpy */
-        if( p_list[i_nalcount - 1].move > 0 && block_WillRealloc( p_block, 0, 
i_dest ) )
-        {
-            uint32_t i_sizebackup = p_block->i_buffer;
-            block_t *p_newblock = block_Realloc( p_block, 0, i_dest );
-            if( unlikely(!p_newblock) )
-                goto error;
-
-            p_block = p_newblock;
-            p_sourceend = &p_block->p_buffer[i_sizebackup];
-            p_source = p_dest = p_block->p_buffer;
-        }
-        else
-        {
             block_t *p_newblock = block_Alloc( i_dest );
             if( unlikely(!p_newblock) )
                 goto error;
@@ -146,7 +132,6 @@ block_t *hxxx_AnnexB_to_xVC( block_t *p_block, uint8_t 
i_nal_length_size )
 
             p_block = p_newblock;
             p_dest = p_newblock->p_buffer;
-        }
     }
     else
     {

_______________________________________________
vlc-commits mailing list
[email protected]
https://mailman.videolan.org/listinfo/vlc-commits

Reply via email to