From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 641A546438 for ; Tue, 26 Dec 2023 14:23:49 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 161CE68CBE7; Tue, 26 Dec 2023 16:23:46 +0200 (EET) Received: from mail-io1-f53.google.com (mail-io1-f53.google.com [209.85.166.53]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 1FAE568CAD8 for ; Tue, 26 Dec 2023 16:23:40 +0200 (EET) Received: by mail-io1-f53.google.com with SMTP id ca18e2360f4ac-7b74bc536dbso37683939f.0 for ; Tue, 26 Dec 2023 06:23:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1703600618; x=1704205418; darn=ffmpeg.org; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id:from :to:cc:subject:date:message-id:reply-to; bh=V0++UfC6EkAwzzf23xeoCseJeuIIo8kygTrLC4+UQvo=; b=WmnyCsSM+zpBRCIODryjVlIY8/ObXXCUm0eC+KSN0JUpcjqQUWw0UkixHRrAHSaYp7 SuTFa+/0KLCm5GJPzk6EgENMMuLeGxWR3M4J6UB/DFwSVEonFaNyFtv5pzZp8PM9+vx7 M1Ge55ni7doyx8n9DWO7zvWkCnfBnUWMP6nul7K5NfjcgTIkNEHsk6kPwobJ2nhiKGFp fIaaO5D4tmG/bJHHYXdK3/tS6QXpPVp0ws15bbT0ObyuHQtBYqeDYYkPCYwBFGe6DgaB KFgUazp6oNQ2AapW4gOAWso6IiruTa2t8V+Rmue2RsIZuQUuZNjf9hz/nEqSM/bW0uUL fLBA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703600618; x=1704205418; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=V0++UfC6EkAwzzf23xeoCseJeuIIo8kygTrLC4+UQvo=; b=GTZGiDaf3I6xpePcKnSblDixZYsBhGt/Kfo++KpfPYkGgagFm3mEMGyHOpzji5zMAW lH0HpD3mi29Jb6Wjb+9okpiCQU20Y+4B9/kNmsOecJXuQaWEkoytG8kg8j9kdzose/DE anYirbJ7oQnqdU0YGCSmOW+ha5jZvADgTOoXmZOU/LCKyHORmeRXc/0Pjma4UQr928uq zPAhyF1SFntJabx7g2/86jHcsCK+75q+kqKtrJwZlEb8FR5nT9d6RX7ZR/2X3at7CQNu yHyH1WrMTBFcg4sOjQ1wzs31BQRytXNHa9EfptrQGsHNTAK5o1UXUt1H/6UABk2oAghu g47A== X-Gm-Message-State: AOJu0YzThduKToUCTXqCDs2aZWLy7QfP7dHQAAYQJtvav3kaOvjsXF3K mlHn+YFH6bB8S28Hz++bcP7OCX/Qdjo= X-Google-Smtp-Source: AGHT+IHGG5ABMSBCTIOwK8o5S+wZeYDBY4qlBNJJXAg+NGejI+SJzsl9rdDKSJ6SfUPNh7UOn4v5Gg== X-Received: by 2002:a05:6602:1606:b0:7ba:c23b:8d63 with SMTP id x6-20020a056602160600b007bac23b8d63mr6725937iow.0.1703600618384; Tue, 26 Dec 2023 06:23:38 -0800 (PST) Received: from [192.168.1.118] (67-3-6-89.dlth.qwest.net. [67.3.6.89]) by smtp.gmail.com with ESMTPSA id u4-20020a6be304000000b007b001eee33asm3060666ioc.12.2023.12.26.06.23.37 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 26 Dec 2023 06:23:37 -0800 (PST) Message-ID: <7d3ffc8f-b36f-43c6-b17c-d5e6e07c416b@gmail.com> Date: Tue, 26 Dec 2023 08:23:35 -0600 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: ffmpeg-devel@ffmpeg.org References: <20231225170417.153992-1-leo.izen@gmail.com> <20231225210937.GP6420@pb2> Content-Language: en-US From: Leo Izen In-Reply-To: <20231225210937.GP6420@pb2> Subject: Re: [FFmpeg-devel] [PATCH v2] avcodec/jpegxl_parser: check ANS cluster alphabet size vs bundle size X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: On 12/25/23 15:09, Michael Niedermayer wrote: > On Mon, Dec 25, 2023 at 12:04:17PM -0500, Leo Izen wrote: >> The specification doesn't mention that clusters cannot have alphabet >> sizes greater than 1 << bundle->log_alphabet_size, but the reference >> implementation rejects these entropy streams as invalid, so we should >> too. Refusing to do so can overflow a stack variable on line 556 that >> should be large enough otherwise. >> >> Fixes #10738. >> >> Found-by: Zeng Yunxiang and Li Zeyuan >> Signed-off-by: Leo Izen >> --- >> libavcodec/jpegxl_parser.c | 28 +++++++++++++++++++--------- >> 1 file changed, 19 insertions(+), 9 deletions(-) >> >> diff --git a/libavcodec/jpegxl_parser.c b/libavcodec/jpegxl_parser.c >> index 006eb6b295..f026fda9ac 100644 >> --- a/libavcodec/jpegxl_parser.c >> +++ b/libavcodec/jpegxl_parser.c >> @@ -64,26 +64,26 @@ typedef struct JXLSymbolDistribution { >> int log_bucket_size; >> /* this is the actual size of the alphabet */ >> int alphabet_size; >> - /* ceil(log(alphabet_size)) */ >> - int log_alphabet_size; >> >> /* for prefix code distributions */ >> VLC vlc; >> /* in case bits == 0 */ >> uint32_t default_symbol; >> + /* ceil(log(alphabet_size)) */ >> + int log_alphabet_size; >> > > that seems unneeded > dist->log_alphaebet_size is only used for prefix code distributions so I moved it for clarity. I can also remove this change from this commit if you think it's off-topic. In either case, is the commit okay, apart from this one change? If so I'm going to merge it (after I remove this one change from the diff). - Leo Izen (Traneptora) _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".