Commit ccbea178 authored Mar 11, 2021 by Mirela Rabulea Committed by Mauro Carvalho Chehab Mar 22, 2021

media: Quit parsing stream if doesn't start with SOI



In the case we get an invalid stream, such as from v4l2-compliance
streaming test, jpeg_next_marker will end up parsing the entire
stream. The standard describes the high level syntax of a jpeg
as starting with SOI, ending with EOI, so return error if the very
first 2 bytes are not SOI.

Signed-off-by: Mirela Rabulea <mirela.rabulea@nxp.com>
Reviewed-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>

parent b8035f79

drivers/media/v4l2-core/v4l2-jpeg.c

+2 −5

Original line number	Diff line number	Diff line
		@@ -503,11 +503,8 @@ int v4l2_jpeg_parse_header(void buf, size_t len, struct v4l2_jpeg_header out)
		out->num_dht = 0;
		out->num_dqt = 0;

		/* the first marker must be SOI */
		marker = jpeg_next_marker(&stream);
		if (marker < 0)
		return marker;
		if (marker != SOI)
		/* the first bytes must be SOI, B.2.1 High-level syntax */
		if (jpeg_get_word_be(&stream) != SOI)
		return -EINVAL;

		/* init value to signal if this marker is not present */