Fixes: Assertion length < 256 failed at libavcodec/cbs.c:517 Fixes: 62673/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-6490971837431808
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/cbs.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/cbs.c b/libavcodec/cbs.c index cdd7adebebd..2f5d0334a2a 100644 --- a/libavcodec/cbs.c +++ b/libavcodec/cbs.c @@ -514,6 +514,11 @@ void ff_cbs_trace_read_log(void *trace_context, position = get_bits_count(gbc); + if (length >= 256) { + av_log(ctx->log_ctx, ctx->trace_level, "trace of %d bits truncated at 255\n", length); + length = 255; + } + av_assert0(length < 256); for (i = 0; i < length; i++) bits[i] = get_bits1(gbc) ? '1' : '0'; -- 2.17.1 _______________________________________________ ffmpeg-devel mailing list [email protected] https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email [email protected] with subject "unsubscribe".
