On 1/30/2019 6:27 PM, chcunningham wrote: > Return replaces an assert0. libfuzzer generated a testcase that > triggered this assert (codec=0), causing a crash of chrome's renderer. > --- > libavcodec/gsm_parser.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavcodec/gsm_parser.c b/libavcodec/gsm_parser.c > index 1054a30ca9..5cf2235f73 100644 > --- a/libavcodec/gsm_parser.c > +++ b/libavcodec/gsm_parser.c > @@ -56,7 +56,7 @@ static int gsm_parse(AVCodecParserContext *s1, > AVCodecContext *avctx, > s->duration = GSM_FRAME_SIZE * 2; > break; > default: > - av_assert0(0); > + return -1; > } > }
Parsers can't return negative values, only the output packet size. For the purpose of errors, they usually return the entire untouched packet size. And this definitely means there's a bug elsewhere. This parser should have not been used for codecs ids other than GSM and GSM_MS. That's precisely what this assert() is making sure of. _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
