nalika / rpms / grub2

Forked from rpms/grub2 2 years ago
Clone

Blame SOURCES/0248-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch

1c6ba0
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
1c6ba0
From: Daniel Axtens <dja@axtens.net>
1c6ba0
Date: Mon, 28 Jun 2021 14:25:17 +1000
1c6ba0
Subject: [PATCH] video/readers/jpeg: Refuse to handle multiple start of
1c6ba0
 streams
1c6ba0
1c6ba0
An invalid file could contain multiple start of stream blocks, which
1c6ba0
would cause us to reallocate and leak our bitmap. Refuse to handle
1c6ba0
multiple start of streams.
1c6ba0
1c6ba0
Additionally, fix a grub_error() call formatting.
1c6ba0
1c6ba0
Signed-off-by: Daniel Axtens <dja@axtens.net>
1c6ba0
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
1c6ba0
(cherry picked from commit f3a854def3e281b7ad4bbea730cd3046de1da52f)
1c6ba0
(cherry picked from commit db0154828989a0a52ee59a4dda8c3803752bc827)
1c6ba0
---
1c6ba0
 grub-core/video/readers/jpeg.c | 7 +++++--
1c6ba0
 1 file changed, 5 insertions(+), 2 deletions(-)
1c6ba0
1c6ba0
diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c
1c6ba0
index caa211f06d..1df1171d78 100644
1c6ba0
--- a/grub-core/video/readers/jpeg.c
1c6ba0
+++ b/grub-core/video/readers/jpeg.c
1c6ba0
@@ -677,6 +677,9 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data)
1c6ba0
   if (data->file->offset != data_offset)
1c6ba0
     return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: extra byte in sos");
1c6ba0
 
1c6ba0
+  if (*data->bitmap)
1c6ba0
+    return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: too many start of scan blocks");
1c6ba0
+
1c6ba0
   if (grub_video_bitmap_create (data->bitmap, data->image_width,
1c6ba0
 				data->image_height,
1c6ba0
 				GRUB_VIDEO_BLIT_FORMAT_RGB_888))
1c6ba0
@@ -699,8 +702,8 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data)
1c6ba0
   nc1 = (data->image_width + hb - 1)  >> (3 + data->log_hs);
1c6ba0
 
1c6ba0
   if (data->bitmap_ptr == NULL)
1c6ba0
-    return grub_error(GRUB_ERR_BAD_FILE_TYPE,
1c6ba0
-		      "jpeg: attempted to decode data before start of stream");
1c6ba0
+    return grub_error (GRUB_ERR_BAD_FILE_TYPE,
1c6ba0
+		       "jpeg: attempted to decode data before start of stream");
1c6ba0
 
1c6ba0
   for (; data->r1 < nr1 && (!data->dri || rst);
1c6ba0
        data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3)