media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data

[ Upstream commit 41959c4f973b837a12061b84d3a436fc64c73a30 ] The curr pointer has advanced 14 bytes in jpeg_parse_app14_data. 1. jpeg_get_word_be(stream), it goes forward 2 bytes. 2. jpeg_skip(stream, 11), it goes forward 11 bytes. 3. jpeg_get_byte(stream), it goes forward 1 bytes. so the remain bytes of this segment should be (lp - 2 - 11 - 1), but not (lp - 2 - 11). if driver skip 1 extra bytes, the following parsing may go wrong. Fixes: b8035f7988 ("media: Add parsing for APP14 data segment in jpeg helpers") Signed-off-by: Ming Qian <ming.qian@nxp.com> Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl> Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-12-16 09:30:33 +01:00
parent 5ed8dde3aa
commit ecefc14dd1
1 changed files with 1 additions and 1 deletions
--- a/drivers/media/v4l2-core/v4l2-jpeg.c
+++ b/drivers/media/v4l2-core/v4l2-jpeg.c
@@ -474,7 +474,7 @@ static int jpeg_parse_app14_data(struct jpeg_stream *stream,
 	*tf = ret;

 	/* skip the rest of the segment, this ensures at least it is complete */
-	skip = lp - 2 - 11;
+	skip = lp - 2 - 11 - 1;
 	return jpeg_skip(stream, skip);
 }