nalika / rpms / grub2

Forked from rpms/grub2 2 years ago
Clone

Blame SOURCES/0521-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch

bf0270
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
bf0270
From: Daniel Axtens <dja@axtens.net>
bf0270
Date: Mon, 28 Jun 2021 14:25:17 +1000
bf0270
Subject: [PATCH] video/readers/jpeg: Refuse to handle multiple start of
bf0270
 streams
bf0270
bf0270
An invalid file could contain multiple start of stream blocks, which
bf0270
would cause us to reallocate and leak our bitmap. Refuse to handle
bf0270
multiple start of streams.
bf0270
bf0270
Additionally, fix a grub_error() call formatting.
bf0270
bf0270
Signed-off-by: Daniel Axtens <dja@axtens.net>
bf0270
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
bf0270
(cherry picked from commit f3a854def3e281b7ad4bbea730cd3046de1da52f)
bf0270
(cherry picked from commit db0154828989a0a52ee59a4dda8c3803752bc827)
bf0270
(cherry picked from commit 75afb375ef46bc99a7faf5879d0283934e34db97)
bf0270
---
bf0270
 grub-core/video/readers/jpeg.c | 7 +++++--
bf0270
 1 file changed, 5 insertions(+), 2 deletions(-)
bf0270
bf0270
diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c
bf0270
index caa211f06d..1df1171d78 100644
bf0270
--- a/grub-core/video/readers/jpeg.c
bf0270
+++ b/grub-core/video/readers/jpeg.c
bf0270
@@ -677,6 +677,9 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data)
bf0270
   if (data->file->offset != data_offset)
bf0270
     return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: extra byte in sos");
bf0270
 
bf0270
+  if (*data->bitmap)
bf0270
+    return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: too many start of scan blocks");
bf0270
+
bf0270
   if (grub_video_bitmap_create (data->bitmap, data->image_width,
bf0270
 				data->image_height,
bf0270
 				GRUB_VIDEO_BLIT_FORMAT_RGB_888))
bf0270
@@ -699,8 +702,8 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data)
bf0270
   nc1 = (data->image_width + hb - 1)  >> (3 + data->log_hs);
bf0270
 
bf0270
   if (data->bitmap_ptr == NULL)
bf0270
-    return grub_error(GRUB_ERR_BAD_FILE_TYPE,
bf0270
-		      "jpeg: attempted to decode data before start of stream");
bf0270
+    return grub_error (GRUB_ERR_BAD_FILE_TYPE,
bf0270
+		       "jpeg: attempted to decode data before start of stream");
bf0270
 
bf0270
   for (; data->r1 < nr1 && (!data->dri || rst);
bf0270
        data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3)