Blame SOURCES/0466-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch

d18179
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
d18179
From: Daniel Axtens <dja@axtens.net>
d18179
Date: Mon, 28 Jun 2021 14:25:17 +1000
d18179
Subject: [PATCH] video/readers/jpeg: Refuse to handle multiple start of
d18179
 streams
d18179
d18179
An invalid file could contain multiple start of stream blocks, which
d18179
would cause us to reallocate and leak our bitmap. Refuse to handle
d18179
multiple start of streams.
d18179
d18179
Additionally, fix a grub_error() call formatting.
d18179
d18179
Signed-off-by: Daniel Axtens <dja@axtens.net>
d18179
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
d18179
(cherry picked from commit f3a854def3e281b7ad4bbea730cd3046de1da52f)
d18179
(cherry picked from commit db0154828989a0a52ee59a4dda8c3803752bc827)
d18179
(cherry picked from commit 75afb375ef46bc99a7faf5879d0283934e34db97)
d18179
(cherry picked from commit 9d39f2826e0244858a1b531a839a3130a476ecf2)
d18179
---
d18179
 grub-core/video/readers/jpeg.c | 7 +++++--
d18179
 1 file changed, 5 insertions(+), 2 deletions(-)
d18179
d18179
diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c
d18179
index 03b56ea91c..5e46a55710 100644
d18179
--- a/grub-core/video/readers/jpeg.c
d18179
+++ b/grub-core/video/readers/jpeg.c
d18179
@@ -677,6 +677,9 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data)
d18179
   if (data->file->offset != data_offset)
d18179
     return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: extra byte in sos");
d18179
 
d18179
+  if (*data->bitmap)
d18179
+    return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: too many start of scan blocks");
d18179
+
d18179
   if (grub_video_bitmap_create (data->bitmap, data->image_width,
d18179
 				data->image_height,
d18179
 				GRUB_VIDEO_BLIT_FORMAT_RGB_888))
d18179
@@ -699,8 +702,8 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data)
d18179
   nc1 = (data->image_width + hb - 1)  >> (3 + data->log_hs);
d18179
 
d18179
   if (data->bitmap_ptr == NULL)
d18179
-    return grub_error(GRUB_ERR_BAD_FILE_TYPE,
d18179
-		      "jpeg: attempted to decode data before start of stream");
d18179
+    return grub_error (GRUB_ERR_BAD_FILE_TYPE,
d18179
+		       "jpeg: attempted to decode data before start of stream");
d18179
 
d18179
   for (; data->r1 < nr1 && (!data->dri || rst);
d18179
        data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3)