On Sat, Dec 16, 2023 at 09:20:24AM -0300, James Almer wrote:
> On 12/16/2023 9:16 AM, Michael Niedermayer wrote:
> > Fixes: abort()
> > Fixes: 64232/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5417957987319808
> > 
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >   libavcodec/cbs_vp8.c | 4 +++-
> >   1 file changed, 3 insertions(+), 1 deletion(-)
> > 
> > diff --git a/libavcodec/cbs_vp8.c b/libavcodec/cbs_vp8.c
> > index 01d4b9cefef..b76cde98517 100644
> > --- a/libavcodec/cbs_vp8.c
> > +++ b/libavcodec/cbs_vp8.c
> > @@ -329,7 +329,9 @@ static int cbs_vp8_read_unit(CodedBitstreamContext *ctx,
> >       pos = get_bits_count(&gbc);
> >       pos /= 8;
> > -    av_assert0(pos <= unit->data_size);
> > +
> > +    if (pos > unit->data_size)
> > +        return AVERROR_INVALIDDATA;
> 
> Wouldn't this be hiding a bug in the parsing code? The assert is there to
> ensure no overread happened.

ill send a better patch, this patch is bad and wrong

thx

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

The educated differ from the uneducated as much as the living from the
dead. -- Aristotle