obu: tile_group and frame OBUs do not have trailing bits

The number of read bits can be equal to the size of the packet. Fixes a triggered assert in clusterfuzz-testcase-minimized-dav1d_fuzzer-5746175664193536. Credits to oss-fuzz.
author: Janne Grunau <janne-vlc@jannau.net> 2018-11-15 12:10:18 +0300
committer: Janne Grunau <janne-vlc@jannau.net> 2018-11-15 12:10:18 +0300
commit: a1e945ca3020ee758a81e78a213c3af41cd4ffcc (patch)
tree: 0c9cbd37c3e390f9bcc92b2eff79428d47b5ef1c
parent: a6b94ca9e5cded0070419a02d9cadaa5f45b2d0d (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/obu.c b/src/obu.c
index dff0010..f775a49 100644
--- a/src/obu.c
+++ b/src/obu.c
@@ -1149,7 +1149,7 @@ int dav1d_parse_obus(Dav1dContext *const c, Dav1dData *const in) {
         // otherwise the overrun check would have fired.
         const unsigned bit_pos = dav1d_get_bits_pos(&gb);
         assert((bit_pos & 7) == 0);
-        assert(pkt_bytelen > (bit_pos >> 3));
+        assert(pkt_bytelen >= (bit_pos >> 3));
         dav1d_ref_inc(in->ref);
         c->tile[c->n_tile_data].data.ref = in->ref;
         c->tile[c->n_tile_data].data.data = in->data + (bit_pos >> 3);
author	Janne Grunau <janne-vlc@jannau.net>	2018-11-15 12:10:18 +0300
committer	Janne Grunau <janne-vlc@jannau.net>	2018-11-15 12:10:18 +0300
commit	a1e945ca3020ee758a81e78a213c3af41cd4ffcc (patch)
tree	0c9cbd37c3e390f9bcc92b2eff79428d47b5ef1c
parent	a6b94ca9e5cded0070419a02d9cadaa5f45b2d0d (diff)