Panic when using read_box

[frewsxcv]

extern crate mp4parse;

use std::io::Cursor;

fn main() {
    let mut c = Cursor::new(b"\x00\x00\x00\x01\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00".to_vec());
    let mut context = mp4parse::MediaContext::new();
    let _ = mp4parse::read_box(&mut c, &mut context);
}

coreyf@frewbook-pro /t/mp4 (master)> cargo run
     Running `target/debug/mp4`
thread '<main>' panicked at 'assertion failed: size64 >= 16', /private/tmp/mp4parse-rust/src/lib.rs:273
Process didn't exit successfully: `target/debug/mp4` (exit code: 101)

panic discovered using afl.rs

[kinetiknz]

Thanks for the report. I've converted this into error return in kinetiknz@a60ea2d, Ralph will probably merge it tomorrow.

Since this project is very early in development we've been using panics and asserts as placeholders for areas where more thought about the code is needed. Since that's going to make fuzzing difficult, I've converted the remaining ones into error returns in my branch... so it's probably worth testing against my branch at https://github.com/kinetiknz/mp4parse-rust/tree/experimental for now, at least until Ralph merges the changes upstream.

[rillian]

Thanks for that, kinetik. I've merged the changes and added this testcase in abb0f2b, confirming the fix. Hopefully the next one you find will be a real bug!