Attention is currently required from: Martin L Roth, Patrick Georgi, Tim Wawrzynczak.
Nigel Tao has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/78271?usp=email )
Change subject: lib/jpeg: Replace decoder with Wuffs' implementation ......................................................................
Patch Set 2:
(1 comment)
File src/lib/bootsplash.c:
https://review.coreboot.org/c/coreboot/+/78271/comment/84afe43b_f8c5c5d0 : PS2, Line 29: printk(BIOS_DEBUG, "Bootsplash image resolution: %dx%d\n", image_width, image_height); image_width (and image_height) will remain uninitialized if the `jpeg_fetch_size` input is an invalid JPEG.
You therefore might be printk'ing junk values. More importantly, the junk values may be negative, which will the pass the `image_width > x_resolution` check but your `framebuffer += etc` calculation might wander out of bounds.
One possible fix:
``` int image_width = -1, image_height = -1; jpeg_fetch_size(jpeg, filesize, &image_width, &image_height); printk(etc); if (((unsigned int)image_width > x_resolution) || ((unsigned int)image_height > y_resolution)) { // etc } ```
Another possible fix, if you want to avoid all the subtlety with implicit signed/unsigned int conversions:
``` if ((image_width <= 0) || (image_width > x_resolution) || (image_height <= 0) || (image_height > y_resolution)) { // etc } ```
Another possible fix is to do the `// TODO: return an error` in `jpeg.c`.
-
Nigel Tao (Code Review)