From 30686dcec3c6b83fd15a741ae972bf491731abc0 Mon Sep 17 00:00:00 2001
From: wm4 <wm4@nowhere>
Date: Sat, 23 Dec 2017 19:02:33 +0100
Subject: demux_mkv: fix off by one error

Caused by the relatively recent change to packet parsing. This time it
was probably triggered by lace type 0, which reduces the byte length of
a 0 sized packet to 3 (timestamp + flag) instead of 4 (lace count for
other lace types). The thing about laces is just my guess why it worked
for other 0 sized packets, though.

Also remove the redundant and now incorrect check below.

Fixes #5271.
---
 demux/demux_mkv.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'demux')

diff --git a/demux/demux_mkv.c b/demux/demux_mkv.c
index 90c027188f..f51349621e 100644
--- a/demux/demux_mkv.c
+++ b/demux/demux_mkv.c
@@ -2506,14 +2506,12 @@ static int read_block(demuxer_t *demuxer, int64_t end, struct block_info *block)
         goto exit;
 
     /* time (relative to cluster time) */
-    if (stream_tell(s) + 3 >= endpos)
+    if (stream_tell(s) + 3 > endpos)
         goto exit;
     uint8_t c1 = stream_read_char(s);
     uint8_t c2 = stream_read_char(s);
     time = c1 << 8 | c2;
 
-    if (stream_tell(s) + 2 > endpos)
-        goto exit;
     uint8_t header_flags = stream_read_char(s);
 
     block->filepos = stream_tell(s);
-- 
cgit v1.2.3