diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 5643e15a20..3b1b447d8a 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -3020,7 +3020,9 @@ static int matroska_parse_laces(MatroskaDemuxContext *matroska, uint8_t **buf, return 0; } - av_assert0(size > 0); + if (size <= 0) + return AVERROR_INVALIDDATA; + *laces = *data + 1; data += 1; size -= 1; @@ -3046,7 +3048,7 @@ static int matroska_parse_laces(MatroskaDemuxContext *matroska, uint8_t **buf, break; } } - if (size <= total) { + if (size < total) { return AVERROR_INVALIDDATA; } @@ -3093,7 +3095,7 @@ static int matroska_parse_laces(MatroskaDemuxContext *matroska, uint8_t **buf, } data += offset; size -= offset; - if (size <= total) { + if (size < total) { return AVERROR_INVALIDDATA; } lace_size[*laces - 1] = size - total; @@ -3413,7 +3415,7 @@ static int matroska_parse_frame(MatroskaDemuxContext *matroska, { MatroskaTrackEncoding *encodings = track->encodings.elem; uint8_t *pkt_data = data; - int res; + int res = 0; AVPacket pktl, *pkt = &pktl; if (encodings && !encodings->type && encodings->scope & 1) { @@ -3449,6 +3451,9 @@ static int matroska_parse_frame(MatroskaDemuxContext *matroska, pkt_data = pr_data; } + if (!pkt_size && !additional_size) + goto no_output; + av_init_packet(pkt); if (pkt_data != data) pkt->buf = av_buffer_create(pkt_data, pkt_size + AV_INPUT_BUFFER_PADDING_SIZE, @@ -3519,6 +3524,7 @@ FF_ENABLE_DEPRECATION_WARNINGS return 0; +no_output: fail: if (pkt_data != data) av_freep(&pkt_data); @@ -3554,8 +3560,8 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, AVBufferRef *buf av_log(matroska->ctx, AV_LOG_INFO, "Invalid stream %"PRIu64"\n", num); return AVERROR_INVALIDDATA; - } else if (size <= 3) - return 0; + } else if (size < 3) + return AVERROR_INVALIDDATA; st = track->stream; if (st->discard >= AVDISCARD_ALL) return res;