[FFmpeg-devel] [PATCH] avcodec/gsm_parser: return -1 on parse error
James Almer
jamrial at gmail.com
Wed Jan 30 23:39:51 EET 2019
On 1/30/2019 6:27 PM, chcunningham wrote:
> Return replaces an assert0. libfuzzer generated a testcase that
> triggered this assert (codec=0), causing a crash of chrome's renderer.
> ---
> libavcodec/gsm_parser.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavcodec/gsm_parser.c b/libavcodec/gsm_parser.c
> index 1054a30ca9..5cf2235f73 100644
> --- a/libavcodec/gsm_parser.c
> +++ b/libavcodec/gsm_parser.c
> @@ -56,7 +56,7 @@ static int gsm_parse(AVCodecParserContext *s1, AVCodecContext *avctx,
> s->duration = GSM_FRAME_SIZE * 2;
> break;
> default:
> - av_assert0(0);
> + return -1;
> }
> }
Parsers can't return negative values, only the output packet size. For
the purpose of errors, they usually return the entire untouched packet size.
And this definitely means there's a bug elsewhere. This parser should
have not been used for codecs ids other than GSM and GSM_MS. That's
precisely what this assert() is making sure of.
More information about the ffmpeg-devel
mailing list