On Mon, Dec 25, 2023 at 12:04:17PM -0500, Leo Izen wrote:
> The specification doesn't mention that clusters cannot have alphabet
> sizes greater than 1 << bundle->log_alphabet_size, but the reference
> implementation rejects these entropy streams as invalid, so we should
> too. Refusing to do so can overflow a stack variable on line 556 that
> should be large enough otherwise.
> 
> Fixes #10738.
> 
> Found-by: Zeng Yunxiang and Li Zeyuan
> Signed-off-by: Leo Izen <leo.izen@gmail.com>
> ---
>  libavcodec/jpegxl_parser.c | 28 +++++++++++++++++++---------
>  1 file changed, 19 insertions(+), 9 deletions(-)
> 
> diff --git a/libavcodec/jpegxl_parser.c b/libavcodec/jpegxl_parser.c
> index 006eb6b295..f026fda9ac 100644
> --- a/libavcodec/jpegxl_parser.c
> +++ b/libavcodec/jpegxl_parser.c
> @@ -64,26 +64,26 @@ typedef struct JXLSymbolDistribution {
>      int log_bucket_size;
>      /* this is the actual size of the alphabet */
>      int alphabet_size;
> -    /* ceil(log(alphabet_size)) */
> -    int log_alphabet_size;
>  
>      /* for prefix code distributions */
>      VLC vlc;
>      /* in case bits == 0 */
>      uint32_t default_symbol;
> +    /* ceil(log(alphabet_size)) */
> +    int log_alphabet_size;
>  

that seems unneeded

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Opposition brings concord. Out of discord comes the fairest harmony.
-- Heraclitus