From patchwork Tue Jan 23 02:58:24 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Dai,
 Jianhui J" <jianhui.j.dai-at-intel.com@ffmpeg.org>
X-Patchwork-Id: 45733
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:120f:b0:199:de12:6fa6 with SMTP id v15csp369586pzf;
        Mon, 22 Jan 2024 18:58:42 -0800 (PST)
X-Google-Smtp-Source: 
 AGHT+IFHpjKM5qac6fYCHrNuuzQn1ZAtGl/bxeyKCIyE0+Ed2L5dZBFBQIddMRzlD+UZ8Z3zC2VE
X-Received: by 2002:aa7:da95:0:b0:557:c568:1d03 with SMTP id
 q21-20020aa7da95000000b00557c5681d03mr868958eds.1.1705978722034;
        Mon, 22 Jan 2024 18:58:42 -0800 (PST)
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 p14-20020a50cd8e000000b0055c0302a87fsi2720651edi.167.2024.01.22.18.58.41;
        Mon, 22 Jan 2024 18:58:42 -0800 (PST)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@intel.com
 header.s=Intel header.b=VouVdhXv;
       arc=fail (body hash mismatch);
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id C8FE268CF92;
	Tue, 23 Jan 2024 04:58:38 +0200 (EET)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.11])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 038F568C089
 for <ffmpeg-devel@ffmpeg.org>; Tue, 23 Jan 2024 04:58:30 +0200 (EET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
 d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
 t=1705978716; x=1737514716; h=from:to:subject:date:message-id:
 content-transfer-encoding:mime-version;
 bh=BsqilIiEemgfIgzo9mBLVkV+QAsehdMlMWimRhwc/TU=;
 b=VouVdhXvHRP9kDYsBw6rVUSQJvodv6OI+1o7VRPt6z31Y1WOv2wGK7h8
 3uhSS7aunuMA2CaW77YURoX0rVX5jt5IyMFlYWbcIMuY9zGC27E1pKYdu
 aqQWEGNpDrs7yRq3RTihRKiR8ucGA5qpcofwAu2tsa95HZHggPKp0F2Pm
 Bbpi0q0maSq80Y1HvXnlLzry8jNm94athnJTxU0f/fnxCZxcxxN0LzPuK
 fRXZWN0T4gN/r/rQyG/Sll83edGrGWoJgsWX7Pi1xSw7ivymti6q3bShg
 1Z6o2g97hT3iuRY3lMlQju8SFqiQtmi+tzeqFfFghpbKMRWXPAXaB9h1N Q==;
X-IronPort-AV: E=McAfee;i="6600,9927,10961"; a="8051680"
X-IronPort-AV: E=Sophos;i="6.05,213,1701158400";
   d="scan'208";a="8051680"
Received: from fmviesa004.fm.intel.com ([10.60.135.144])
 by orvoesa103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 22 Jan 2024 18:58:29 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.05,213,1701158400";
   d="scan'208";a="1517968"
Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16])
 by fmviesa004.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384;
 22 Jan 2024 18:58:29 -0800
Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by
 ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.35; Mon, 22 Jan 2024 18:58:27 -0800
Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by
 ORSMSX610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.35; Mon, 22 Jan 2024 18:58:27 -0800
Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by
 orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.35 via Frontend Transport; Mon, 22 Jan 2024 18:58:27 -0800
Received: from NAM04-DM6-obe.outbound.protection.outlook.com (104.47.73.40) by
 edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2507.35; Mon, 22 Jan 2024 18:58:26 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=h/PJXOnMk8W1J5BlLgwuEc6li0qMcC4PKSBDYZ47hdxpAehxOy0BgUwBSdBBSxaDy0RrdL99cwwQK6KR6Y4Uir9UwFW//EJyl6cSvMuEdFmZ7AJY5WRyQODlzUUAr9r66pydtQfFleuju72UT2i/XxvUAHGwalhCb3jCkN3ML7XvIi+pZiXEP7L5AihEwptT3GpCmaY1+pTdSTw1h86n+3ZcQvjAnMby+ki1FlHGU/Vst/lXr/LifCztBDu2Xc42pp+TiQMr+vnQG51bktbe05w4Z6hjnQCq7IPHJo7iBFRhI/YKy2FMLwikHQXnA+R94jCflMMUtB0GDoib4cwXCg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=3CRlDoeahbfJsJC6DA4qgz1BYIfFfj2IxaFVi3wIC7w=;
 b=fQpmkv1oQ4CGJXXLLFPkw1CkUm1/EuB+PbzYLWIBI6viKPH8N6laGdx870msRwNYRHJkDPlZ+veaGuWvwf19NcjQcIfSXWMS25tyKURYIbU2cJpM26YIDPT3jNa10oRyfzSIBXGYc9uPnDRVC79GCZ0v1A/xGXXxD5qrwrYjzaImu5fVRPZSv1gxt3k5kVIyFtrASt2HhC3MIMEaY/Dgje6SaozmxpQfV0sITXqLD3ay5yD4T06Tc00+o51QAYA7lhqAnIEu/3jdoeXoWkY8HHzuO0AmKQdcInsd1jFzc6KmhLuRDaEZQ4i93Ok12ZSc13lMTvxQR5QhCF1qqcgvRQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
Received: from CH3PR11MB7937.namprd11.prod.outlook.com (2603:10b6:610:12c::15)
 by IA0PR11MB7744.namprd11.prod.outlook.com (2603:10b6:208:409::12)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7202.32; Tue, 23 Jan
 2024 02:58:24 +0000
Received: from CH3PR11MB7937.namprd11.prod.outlook.com
 ([fe80::36df:9084:c6e3:6845]) by CH3PR11MB7937.namprd11.prod.outlook.com
 ([fe80::36df:9084:c6e3:6845%4]) with mapi id 15.20.7202.035; Tue, 23 Jan 2024
 02:58:24 +0000
From: "Dai, Jianhui J" <jianhui.j.dai-at-intel.com@ffmpeg.org>
To: "ffmpeg-devel@ffmpeg.org" <ffmpeg-devel@ffmpeg.org>
Thread-Topic: [PATCH v5] avcodec/cbs_vp8: Use little endian in fixed() and
 improve the pos check
Thread-Index: AdoxhcxeCzuJrmabQlqgxVGMPSzOTQ==
Date: Tue, 23 Jan 2024 02:58:24 +0000
Message-ID: 
 <CH3PR11MB793797554CDB411074364733B1742@CH3PR11MB7937.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=intel.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH3PR11MB7937:EE_|IA0PR11MB7744:EE_
x-ms-office365-filtering-correlation-id: a7f7cbc7-4c1b-4526-6802-08dc1bbf2a7e
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 
 jEre5YdPi4+b8WQi2trkWmUR6gOHifM45cLgkdG+mpqUPht387k3AvLEHKXwSDK2fySE5+AFoZ6zDArV/qAxSGRBvThcvpcGjPuFZfu8xM/PCCNKJ03VfpN4ySRP9bXJXu1jzBCwzlkUihS0w9IikbgYzbaU6IrTM0QCUkGYdtL/9g/yqtFCjH8+4eQFqj1VjJh4KNw1woVXIRXYVCANDo34YVLaux1d6Go7PrPZxwqVRdN4Nj44jtxgLaWaqFwAwK34HlmIcLgr2yudxS2YkO2L08iXO7tWVu5WmAlgzszNNkr0xdZgTQXYeIZ0X22F7eTT11pOOgHeKMTYF1yIO3Si6JBBM1eBZbNCUNppju6ZY10p3tAQQ0VJgGxo7G2r5MqcO+PKzxi6GiX48pBqp5/nLjEfx0odYnVeAJKAz1wHpIlAIX3lQh+nu8SWJEvm/8Oy03eKsCB00J1/euH8Svq1piHGLVpEj3/HqwFz85/pBPU4karmdxIRe3Bl51joJ8iXA5wWfx9SI1v0mXF0FCYPtfQUQ3BBCcFiet+catpMUPWuWzRLG7k3xuaPn1M+jFWXBo/spmwEqjNTH6rSHeZ4KwOJqbK2B6GSKno43I2VwW9O1+R9kIK7taX03iY9
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:CH3PR11MB7937.namprd11.prod.outlook.com; PTR:; CAT:NONE;
 SFS:(13230031)(376002)(396003)(346002)(136003)(366004)(39860400002)(230922051799003)(1800799012)(451199024)(64100799003)(186009)(26005)(6506007)(7696005)(71200400001)(9686003)(83380400001)(5660300002)(2906002)(41300700001)(19627235002)(478600001)(64756008)(66556008)(66476007)(8676002)(6916009)(316002)(76116006)(66446008)(8936002)(66946007)(52536014)(33656002)(86362001)(122000001)(38100700002)(82960400001)(38070700009)(55016003);
 DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 
 KnwGIZc64cUU+dm1/CT1K+r1rkenBvgqPzzF6ofWqbNvhkyekWUYVFOh4/dHDYjxXiYbbxG/cPE88+4/ELPTTdFYAg+VPaSRp7wu8Q5DqZoQQhNNXIFRPc9EhkB8Q/QNdJiuUhUvXTZCrilOoh9XWyFXq6LiNeWL+o0I2+E54LxssWCuBtBqY/68tpf+fALOk2mBMBFSAWy1KvPx0yd47l2/AUKaaAwflp0D6cru/YRBq13n7vqp+m/OpaqHH9cndJFZDkRNtGdmgEgcF3nTuJTzWp/ZO32zR4wKy7VIldZzodUeGkaLxy6zoCvc47ufmT3E8NPACdWVezBs4WwbxBiJJYINfG7zOceEIkfs5PnE+YHg4ixSF0x4wMw3kcSNyVQ1iSm193Pi9Xt3tZaZzDOb3JH5y1yHFI0zwzixVgukuyYo9NyV3rp1Zp9bXCUdfblUVoSczCTtypzR5bUkCa4gHTYNQ2EFaHHodCFG6uQrJuYwFPBP4BvGHczovIiuk9/ZZGpS7tGcGa5PGeWQCr1oIaVn30/Xgz5WTmPv0f7O+8P4toTXPsv8IAz2SQCXwxhhyiB9QotmRxFEX+vZTW3WbcOp9Lni2U42W1vQKvR5HFqoXXi5XfCIRH6TfFmW+y3ZWJcqGHmgNMqER6a6dHrGdEEGBW3766P9h3jxOrsbG8KxlcezCot1zqqIDsi6ODy7BHvWdpSHPib1cXZHCIU9poRFEmnz50LUrG4y5SrcF8lc+xqbT4ZmTQvgtWxiFHy0Vl5+e8Q+kNEmOoamoKPLUNU5w1B53NigI0jOox8ZKWF3goDCrcQXWYrP7hQqDiGGSiWkqsfwucM3SreGrZEwqemVAPaLdJl66PbrQoGeoyCQNKoZqoF2JCBZFGwMrc5kLPpo0qd+PHkc8suuFZ29u0RGTl5bFWZ1sWSGv9uY6dNR1dNDzIFzhTJz66gUqxLXgGkbqy2rrNcDXoVd1HjpAKREeQY62vYOk9noyDr+oNUqWT++Mpu4YyBctHk/Md67HZnFb8Za97GjxhX+rUtwUyEV8A7OkXNpijkK+9TKbmBSrse6ef25t+Mni+t5idHFQh6OuLRjVCGM7vwCc8oGVgtf7cJ2Qm2p5nkNryNPw32JXtBI+9kz30/zJuKXqd7K1fbP2fCQVC3+7GHuVFDK1TzpYNA5P5MjztFCXYpoNkyM//F/R2DvChnO+3Evm6luVfjprG9ZTQWPbyAnBL+NEsDQFH+NDfDXGUbohPau/dVoGNu8k/U6c0tbWzwrStvMg6Lk9pr0357vGrsJ50g9BT9SW/+qvGigRUsCnL3dD/lQdDC7xtMhkPaBPSDM1Be/UBfQobDTfVYrfNwARE0Flgd7kBBscQWinv8A9z8vsCzFwubV9YnO2ws9+M0sfbGxkD2KmsKgtc9yVfFxZ0DF/jngQ9gvhFVMq+7WaAEPIrecP9UQQ5P9hrt+bJvk0rtuIjwg39gWymp7hZJfRvimLEU5RjjDUW/TyOe0JuPhrUPnMjtj1nybr5T5qb7n7OG9cAEkK1bCbK+pAqZLO9587IjojE/Kc0fAlkMt+OVQ/AGzGPl+JsJFNmrKhYFF
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH3PR11MB7937.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 a7f7cbc7-4c1b-4526-6802-08dc1bbf2a7e
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jan 2024 02:58:24.5328 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 
 lEB4/VFDb8iGk6Xy7gy9Mb3fABFn3Rl/FeIyvV5y+1BdLIsx/o+Guca4AwbCj+ZOcR7fF+/sOdpFcA66VXMHZw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA0PR11MB7744
X-OriginatorOrg: intel.com
Subject: [FFmpeg-devel] [PATCH v5] avcodec/cbs_vp8: Use little endian in
 fixed() and improve the pos check
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: SD+5Qt0JbpDb

This commit adds value range checks to cbs_vp8_read_unsigned_le,
migrates fixed() to use it, and enforces little-endian consistency for
all read methods.

The VP8 compressed header may not be byte-aligned due to boolean coding.
Use bitwise comparison to prevent the potential overread.

TETS: ffmpeg -i fate-suite/vp8-test-vectors-r1/* -vcodec copy -bsf:v
trace_headers -f null -

Signed-off-by: Jianhui Dai <jianhui.j.dai@intel.com>
---
 libavcodec/cbs_vp8.c | 53 +++++++++++++++++++++++++++++++-------------
 1 file changed, 37 insertions(+), 16 deletions(-)

diff --git a/libavcodec/cbs_vp8.c b/libavcodec/cbs_vp8.c
index 065156c248..338d56ed7f 100644
--- a/libavcodec/cbs_vp8.c
+++ b/libavcodec/cbs_vp8.c
@@ -33,22 +33,22 @@ extern const uint8_t ff_vp8_token_update_probs[4][8][3][11];
 typedef struct CBSVP8BoolDecoder {
     GetBitContext *gbc;
 
-    uint8_t value;
     uint8_t range;
 
-    uint8_t count; // Store the number of bits in the `value` buffer.
-
+    uint8_t value;
+    // Store the number of bits in the `value` buffer.
+    uint8_t count;
 } CBSVP8BoolDecoder;
 
-static int cbs_vp8_bool_decoder_init(CBSVP8BoolDecoder *decoder, GetBitContext *gbc)
+static int cbs_vp8_bool_decoder_init(CBSVP8BoolDecoder *decoder,
+                                     GetBitContext *gbc)
 {
     av_assert0(decoder);
     av_assert0(gbc);
 
     decoder->gbc = gbc;
-    decoder->value = 0;
     decoder->range = 255;
-
+    decoder->value = 0;
     decoder->count = 0;
 
     return 0;
@@ -60,7 +60,7 @@ static bool cbs_vp8_bool_decoder_fill_value(CBSVP8BoolDecoder *decoder)
 
     av_assert0(decoder->count <= 8);
     if (decoder->count == 8) {
-      return true;
+        return true;
     }
 
     if (get_bits_left(decoder->gbc) >= bits) {
@@ -141,7 +141,7 @@ static int cbs_vp8_bool_decoder_read_unsigned(
     }
 
     if (trace_enable) {
-      CBS_TRACE_READ_END();
+        CBS_TRACE_READ_END();
     }
 
     *write_to = value;
@@ -181,9 +181,11 @@ static int cbs_vp8_bool_decoder_read_signed(
     return 0;
 }
 
-static int cbs_vp8_read_unsigned_le(CodedBitstreamContext *ctx, GetBitContext *gbc,
-                                 int width, const char *name,
-                                 const int *subscripts, uint32_t *write_to)
+static int cbs_vp8_read_unsigned_le(CodedBitstreamContext *ctx,
+                                    GetBitContext *gbc, int width,
+                                    const char *name, const int *subscripts,
+                                    uint32_t *write_to, uint32_t range_min,
+                                    uint32_t range_max)
 {
     int32_t value;
 
@@ -200,6 +202,14 @@ static int cbs_vp8_read_unsigned_le(CodedBitstreamContext *ctx, GetBitContext *g
 
     CBS_TRACE_READ_END();
 
+    if (value < range_min || value > range_max) {
+        av_log(ctx->log_ctx, AV_LOG_ERROR,
+               "%s out of range: "
+               "%" PRIu32 ", but must be in [%" PRIu32 ",%" PRIu32 "].\n",
+               name, value, range_min, range_max);
+        return AVERROR_INVALIDDATA;
+    }
+
     *write_to = value;
     return 0;
 }
@@ -246,15 +256,16 @@ static int cbs_vp8_read_unsigned_le(CodedBitstreamContext *ctx, GetBitContext *g
     do { \
         uint32_t value; \
         CHECK(cbs_vp8_read_unsigned_le(ctx, rw, width, #name, \
-                                    SUBSCRIPTS(subs, __VA_ARGS__), &value)); \
+                                       SUBSCRIPTS(subs, __VA_ARGS__), &value, \
+                                       0, MAX_UINT_BITS(width))); \
         current->name = value; \
     } while (0)
 
 #define fixed(width, name, value) \
     do { \
         uint32_t fixed_value; \
-        CHECK(ff_cbs_read_unsigned(ctx, rw, width, #name, 0, &fixed_value, \
-                                   value, value)); \
+        CHECK(cbs_vp8_read_unsigned_le(ctx, rw, width, #name, 0, &fixed_value, \
+                                       value, value)); \
     } while (0)
 
 #define bc_unsigned_subs(width, prob, enable_trace, name, subs, ...) \
@@ -277,6 +288,15 @@ static int cbs_vp8_read_unsigned_le(CodedBitstreamContext *ctx, GetBitContext *g
 
 #include "cbs_vp8_syntax_template.c"
 
+#undef READ
+#undef READWRITE
+#undef RWContext
+#undef CBSVP8BoolCodingRW
+#undef xf
+#undef fixed
+#undef bc_unsigned_subs
+#undef bc_signed_subs
+
 static int cbs_vp8_split_fragment(CodedBitstreamContext *ctx,
                                   CodedBitstreamFragment *frag, int header)
 {
@@ -327,9 +347,10 @@ static int cbs_vp8_read_unit(CodedBitstreamContext *ctx,
     if (err < 0)
         return err;
 
+    // Position may not be byte-aligned after compressed header; use bit-level
+    // comparison.
     pos = get_bits_count(&gbc);
-    pos /= 8;
-    av_assert0(pos <= unit->data_size);
+    av_assert0(pos <= unit->data_size * 8);
 
     frame->data_ref = av_buffer_ref(unit->data_ref);
     if (!frame->data_ref)