[PATCH v6 7/9] media: Quit parsing stream if doesn't start with SOI

From: Mirela Rabulea (OSS)
Date: Tue Dec 15 2020 - 06:23:32 EST


From: Mirela Rabulea <mirela.rabulea@xxxxxxx>

In the case we get an invalid stream, such as from v4l2-compliance
streaming test, jpeg_next_marker will end up parsing the entire
stream. The standard describes the high level syntax of a jpeg
as starting with SOI, ending with EOI, so return error if the very
first 2 bytes are not SOI.

Signed-off-by: Mirela Rabulea <mirela.rabulea@xxxxxxx>
Reviewed-by: Philipp Zabel <p.zabel@xxxxxxxxxxxxxx>
---
Changes in v6:
Reviewed-by: Philipp Zabel <p.zabel@xxxxxxxxxxxxxx>

drivers/media/v4l2-core/v4l2-jpeg.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/drivers/media/v4l2-core/v4l2-jpeg.c b/drivers/media/v4l2-core/v4l2-jpeg.c
index d1483e7a775c..dc9def4c2648 100644
--- a/drivers/media/v4l2-core/v4l2-jpeg.c
+++ b/drivers/media/v4l2-core/v4l2-jpeg.c
@@ -503,11 +503,8 @@ int v4l2_jpeg_parse_header(void *buf, size_t len, struct v4l2_jpeg_header *out)
out->num_dht = 0;
out->num_dqt = 0;

- /* the first marker must be SOI */
- marker = jpeg_next_marker(&stream);
- if (marker < 0)
- return marker;
- if (marker != SOI)
+ /* the first bytes must be SOI, B.2.1 High-level syntax */
+ if (jpeg_get_word_be(&stream) != SOI)
return -EINVAL;

/* init value to signal if this marker is not present */
--
2.17.1