Re: [FFmpeg-devel] [PATCH 2/4] avcodec/cbs_vp8: Do not use assert to check for end

[James Almer]

On 12/16/2023 9:16 AM, Michael Niedermayer wrote:
Fixes: abort()
Fixes: 
64232/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5417957987319808
Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
---
  libavcodec/cbs_vp8.c | 4 +++-
  1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavcodec/cbs_vp8.c b/libavcodec/cbs_vp8.c
index 01d4b9cefef..b76cde98517 100644
--- a/libavcodec/cbs_vp8.c
+++ b/libavcodec/cbs_vp8.c
@@ -329,7 +329,9 @@ static int cbs_vp8_read_unit(CodedBitstreamContext *ctx,
  
      pos = get_bits_count(&gbc);
      pos /= 8;
-    av_assert0(pos <= unit->data_size);
+
+    if (pos > unit->data_size)
+        return AVERROR_INVALIDDATA;

Wouldn't this be hiding a bug in the parsing code? The assert is there 
to ensure no overread happened.

  
      frame->data_ref = av_buffer_ref(unit->data_ref);
      if (!frame->data_ref)
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".