Blame SOURCES/0228-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch

fd0330
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
fd0330
From: Daniel Axtens <dja@axtens.net>
fd0330
Date: Mon, 28 Jun 2021 14:25:17 +1000
fd0330
Subject: [PATCH] video/readers/jpeg: Refuse to handle multiple start of
fd0330
 streams
fd0330
fd0330
An invalid file could contain multiple start of stream blocks, which
fd0330
would cause us to reallocate and leak our bitmap. Refuse to handle
fd0330
multiple start of streams.
fd0330
fd0330
Additionally, fix a grub_error() call formatting.
fd0330
fd0330
Signed-off-by: Daniel Axtens <dja@axtens.net>
fd0330
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
fd0330
(cherry picked from commit f3a854def3e281b7ad4bbea730cd3046de1da52f)
fd0330
---
fd0330
 grub-core/video/readers/jpeg.c | 7 +++++--
fd0330
 1 file changed, 5 insertions(+), 2 deletions(-)
fd0330
fd0330
diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c
fd0330
index caa211f06d..1df1171d78 100644
fd0330
--- a/grub-core/video/readers/jpeg.c
fd0330
+++ b/grub-core/video/readers/jpeg.c
fd0330
@@ -677,6 +677,9 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data)
fd0330
   if (data->file->offset != data_offset)
fd0330
     return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: extra byte in sos");
fd0330
 
fd0330
+  if (*data->bitmap)
fd0330
+    return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: too many start of scan blocks");
fd0330
+
fd0330
   if (grub_video_bitmap_create (data->bitmap, data->image_width,
fd0330
 				data->image_height,
fd0330
 				GRUB_VIDEO_BLIT_FORMAT_RGB_888))
fd0330
@@ -699,8 +702,8 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data)
fd0330
   nc1 = (data->image_width + hb - 1)  >> (3 + data->log_hs);
fd0330
 
fd0330
   if (data->bitmap_ptr == NULL)
fd0330
-    return grub_error(GRUB_ERR_BAD_FILE_TYPE,
fd0330
-		      "jpeg: attempted to decode data before start of stream");
fd0330
+    return grub_error (GRUB_ERR_BAD_FILE_TYPE,
fd0330
+		       "jpeg: attempted to decode data before start of stream");
fd0330
 
fd0330
   for (; data->r1 < nr1 && (!data->dri || rst);
fd0330
        data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3)