lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20201215111843.30269-8-mirela.rabulea@oss.nxp.com>
Date:   Tue, 15 Dec 2020 13:18:41 +0200
From:   "Mirela Rabulea (OSS)" <mirela.rabulea@....nxp.com>
To:     mchehab@...nel.org, hverkuil-cisco@...all.nl, shawnguo@...nel.org,
        robh+dt@...nel.org, p.zabel@...gutronix.de
Cc:     paul.kocialkowski@...tlin.com, linux-media@...r.kernel.org,
        linux-kernel@...r.kernel.org, linux-imx@....com,
        s.hauer@...gutronix.de, aisheng.dong@....com,
        daniel.baluta@....com, robert.chiras@....com,
        laurentiu.palcu@....com, mark.rutland@....com,
        devicetree@...r.kernel.org, ezequiel@...labora.com,
        laurent.pinchart+renesas@...asonboard.com,
        niklas.soderlund+renesas@...natech.se,
        dafna.hirschfeld@...labora.com,
        Mirela Rabulea <mirela.rabulea@....com>
Subject: [PATCH v6 7/9] media: Quit parsing stream if doesn't start with SOI

From: Mirela Rabulea <mirela.rabulea@....com>

In the case we get an invalid stream, such as from v4l2-compliance
streaming test, jpeg_next_marker will end up parsing the entire
stream. The standard describes the high level syntax of a jpeg
as starting with SOI, ending with EOI, so return error if the very
first 2 bytes are not SOI.

Signed-off-by: Mirela Rabulea <mirela.rabulea@....com>
Reviewed-by: Philipp Zabel <p.zabel@...gutronix.de>
---
Changes in v6:
  Reviewed-by: Philipp Zabel <p.zabel@...gutronix.de>

 drivers/media/v4l2-core/v4l2-jpeg.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/drivers/media/v4l2-core/v4l2-jpeg.c b/drivers/media/v4l2-core/v4l2-jpeg.c
index d1483e7a775c..dc9def4c2648 100644
--- a/drivers/media/v4l2-core/v4l2-jpeg.c
+++ b/drivers/media/v4l2-core/v4l2-jpeg.c
@@ -503,11 +503,8 @@ int v4l2_jpeg_parse_header(void *buf, size_t len, struct v4l2_jpeg_header *out)
 	out->num_dht = 0;
 	out->num_dqt = 0;
 
-	/* the first marker must be SOI */
-	marker = jpeg_next_marker(&stream);
-	if (marker < 0)
-		return marker;
-	if (marker != SOI)
+	/* the first bytes must be SOI, B.2.1 High-level syntax */
+	if (jpeg_get_word_be(&stream) != SOI)
 		return -EINVAL;
 
 	/* init value to signal if this marker is not present */
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ