From 9d3074f72f51d1ca95d244da72aca5eb0a8890bb Mon Sep 17 00:00:00 2001
From: Andrew Kaster <akaster@serenityos.org>
Date: Wed, 12 Oct 2022 21:56:27 -0600
Subject: [PATCH] LibVideo: Always check byte length before reading first byte
 in Streamer

The check was missing at the front of
MatroskaReader::Streamer::read_variable_size_integer, causing assertions
on malformed input streams.
---
 Userland/Libraries/LibVideo/MatroskaReader.h | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Userland/Libraries/LibVideo/MatroskaReader.h b/Userland/Libraries/LibVideo/MatroskaReader.h
index 5995bbdc6e..16dc5599bd 100644
--- a/Userland/Libraries/LibVideo/MatroskaReader.h
+++ b/Userland/Libraries/LibVideo/MatroskaReader.h
@@ -67,6 +67,10 @@ private:
         Optional<u64> read_variable_size_integer(bool mask_length = true)
         {
             dbgln_if(MATROSKA_TRACE_DEBUG, "Reading from offset {:p}", m_data_ptr);
+            if (!has_octet()) {
+                dbgln_if(MATROSKA_TRACE_DEBUG, "Ran out of stream data");
+                return {};
+            }
             auto length_descriptor = read_octet();
             dbgln_if(MATROSKA_TRACE_DEBUG, "Reading VINT, first byte is {:#02x}", length_descriptor);
             if (length_descriptor == 0)