nalika / rpms / grub2

Forked from rpms/grub2 2 years ago
Clone

Blame SOURCES/0520-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch

b9d01e
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
b9d01e
From: Daniel Axtens <dja@axtens.net>
b9d01e
Date: Mon, 28 Jun 2021 14:16:58 +1000
b9d01e
Subject: [PATCH] video/readers/jpeg: Do not reallocate a given huff table
b9d01e
b9d01e
Fix a memory leak where an invalid file could cause us to reallocate
b9d01e
memory for a huffman table we had already allocated memory for.
b9d01e
b9d01e
Signed-off-by: Daniel Axtens <dja@axtens.net>
b9d01e
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
b9d01e
(cherry picked from commit bc06e12b4de55cc6f926af9f064170c82b1403e9)
b9d01e
(cherry picked from commit 5298bf758ea39a90537f9a1c76541ff2f21b970b)
b9d01e
(cherry picked from commit aae6bac7f26c6b848156ed7adcff83309b833664)
b9d01e
---
b9d01e
 grub-core/video/readers/jpeg.c | 3 +++
b9d01e
 1 file changed, 3 insertions(+)
b9d01e
b9d01e
diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c
b9d01e
index 10225abd53..caa211f06d 100644
b9d01e
--- a/grub-core/video/readers/jpeg.c
b9d01e
+++ b/grub-core/video/readers/jpeg.c
b9d01e
@@ -245,6 +245,9 @@ grub_jpeg_decode_huff_table (struct grub_jpeg_data *data)
b9d01e
 	n += count[i];
b9d01e
 
b9d01e
       id += ac * 2;
b9d01e
+      if (data->huff_value[id] != NULL)
b9d01e
+	return grub_error (GRUB_ERR_BAD_FILE_TYPE,
b9d01e
+			   "jpeg: attempt to reallocate huffman table");
b9d01e
       data->huff_value[id] = grub_malloc (n);
b9d01e
       if (grub_errno)
b9d01e
 	return grub_errno;