[FFmpeg-devel] [PATCH] lavc/vvc: Fix assertion bound on qPy_{a, b}

[Nicolas George]

Nuo Mi (12024-08-25):
> Thank you for the patch.
>  Perhaps we can consider removing the assert, as other processes guarantee
> the range, correct?"

Uh, what?!?

The point of an assert is precisely to check that the “other processes”
that are supposed to guarantee something are really doing it.

What happens if a bug is introduced in these “other processes” that lets
invalid value fall through?

With the assert, the code crashes immediately.

Without the assert, it causes a memory corruption, leading to silent
corruption of data or exploitable security issue.

Leave the asserts. Add asserts where there are none.

Regards,

-- 
  Nicolas George