nalika / rpms / grub2

Forked from rpms/grub2 2 years ago
Clone

Blame SOURCES/0521-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch

b9d01e
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
b9d01e
From: Daniel Axtens <dja@axtens.net>
b9d01e
Date: Mon, 28 Jun 2021 14:25:17 +1000
b9d01e
Subject: [PATCH] video/readers/jpeg: Refuse to handle multiple start of
b9d01e
 streams
b9d01e
b9d01e
An invalid file could contain multiple start of stream blocks, which
b9d01e
would cause us to reallocate and leak our bitmap. Refuse to handle
b9d01e
multiple start of streams.
b9d01e
b9d01e
Additionally, fix a grub_error() call formatting.
b9d01e
b9d01e
Signed-off-by: Daniel Axtens <dja@axtens.net>
b9d01e
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
b9d01e
(cherry picked from commit f3a854def3e281b7ad4bbea730cd3046de1da52f)
b9d01e
(cherry picked from commit db0154828989a0a52ee59a4dda8c3803752bc827)
b9d01e
(cherry picked from commit 75afb375ef46bc99a7faf5879d0283934e34db97)
b9d01e
---
b9d01e
 grub-core/video/readers/jpeg.c | 7 +++++--
b9d01e
 1 file changed, 5 insertions(+), 2 deletions(-)
b9d01e
b9d01e
diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c
b9d01e
index caa211f06d..1df1171d78 100644
b9d01e
--- a/grub-core/video/readers/jpeg.c
b9d01e
+++ b/grub-core/video/readers/jpeg.c
b9d01e
@@ -677,6 +677,9 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data)
b9d01e
   if (data->file->offset != data_offset)
b9d01e
     return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: extra byte in sos");
b9d01e
 
b9d01e
+  if (*data->bitmap)
b9d01e
+    return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: too many start of scan blocks");
b9d01e
+
b9d01e
   if (grub_video_bitmap_create (data->bitmap, data->image_width,
b9d01e
 				data->image_height,
b9d01e
 				GRUB_VIDEO_BLIT_FORMAT_RGB_888))
b9d01e
@@ -699,8 +702,8 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data)
b9d01e
   nc1 = (data->image_width + hb - 1)  >> (3 + data->log_hs);
b9d01e
 
b9d01e
   if (data->bitmap_ptr == NULL)
b9d01e
-    return grub_error(GRUB_ERR_BAD_FILE_TYPE,
b9d01e
-		      "jpeg: attempted to decode data before start of stream");
b9d01e
+    return grub_error (GRUB_ERR_BAD_FILE_TYPE,
b9d01e
+		       "jpeg: attempted to decode data before start of stream");
b9d01e
 
b9d01e
   for (; data->r1 < nr1 && (!data->dri || rst);
b9d01e
        data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3)