[FFmpeg-devel] [PATCH] lavc/vvc: Fix assertion bound on qPy_{a, b}

[Nicolas George]

Nuo Mi (12024-08-25):
> Thank you for the feedback.
> assert0 will cause a released program to crash, and we have a task to
> remove assert0 in the VVC decoder.

Then something needs to be fixed. Removing the assert is not a fix. It
might be worse than a fix: turning a crash into a silent corruption of
data or exploitable security issue.

(Reminder: in terms of badness, crash < silent corruption < security.)

> However, you're right that assert2 is intended for debugging purposes.

av_assert2() is no more and no less for debugging than av_assert0(), the
only difference is that av_assert2() is meant for cases where the
assertion is expensive in a speed-critical part of the code and disabled
for normal users.

Developers should always use --assert-level=2.

> If you prefer, we can keep the original version.

Of course not. You need to fix the bug. I do not know the technicals of
this instance, but the first version of this patch looks like it could
be the proper fix fix. The second version is not a fix at all, no need
to know the technicals to know it.

Regards,

-- 
  Nicolas George