From: Mirela Rabulea <mirela.rabulea@xxxxxxx> In the case we get an invalid stream, such as from v4l2-compliance streaming test, jpeg_next_marker will end up parsing the entire stream. The standard describes the high level syntax of a jpeg as starting with SOI, ending with EOI, so return error if the very first 2 bytes are not SOI. Signed-off-by: Mirela Rabulea <mirela.rabulea@xxxxxxx> Reviewed-by: Philipp Zabel <p.zabel@xxxxxxxxxxxxxx> --- Changes in v6: Reviewed-by: Philipp Zabel <p.zabel@xxxxxxxxxxxxxx> drivers/media/v4l2-core/v4l2-jpeg.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/drivers/media/v4l2-core/v4l2-jpeg.c b/drivers/media/v4l2-core/v4l2-jpeg.c index d1483e7a775c..dc9def4c2648 100644 --- a/drivers/media/v4l2-core/v4l2-jpeg.c +++ b/drivers/media/v4l2-core/v4l2-jpeg.c @@ -503,11 +503,8 @@ int v4l2_jpeg_parse_header(void *buf, size_t len, struct v4l2_jpeg_header *out) out->num_dht = 0; out->num_dqt = 0; - /* the first marker must be SOI */ - marker = jpeg_next_marker(&stream); - if (marker < 0) - return marker; - if (marker != SOI) + /* the first bytes must be SOI, B.2.1 High-level syntax */ + if (jpeg_get_word_be(&stream) != SOI) return -EINVAL; /* init value to signal if this marker is not present */ -- 2.17.1
