jpegdec: more sanity checks on input

Specifically, verify input components / colour space is as code
subsequently expects, thereby avoiding crashes or otherwise bogus output.
Presently, that means 3 components YCbCr colour space, and somewhat
limited sampling factors.

Fixes #600553.

diff --git a/ext/jpeg/gstjpegdec.c b/ext/jpeg/gstjpegdec.c
index 7daec71..a3fa13a 100644 (file)
--- a/ext/jpeg/gstjpegdec.c
+++ b/ext/jpeg/gstjpegdec.c
@@ -1034,6 +1034,10 @@ gst_jpeg_dec_chain (GstPad * pad, GstBuffer * buf)
   if (dec->cinfo.num_components > 3)
     goto components_not_supported;
 
+  /* verify color space expectation to avoid going *boom* or bogus output */
+  if (dec->cinfo.jpeg_color_space != JCS_YCbCr)
+    goto unsupported_colorspace;
+
 #ifndef GST_DISABLE_GST_DEBUG
   {
     gint i;
@@ -1060,6 +1064,12 @@ gst_jpeg_dec_chain (GstPad * pad, GstBuffer * buf)
     GST_WARNING_OBJECT (dec, "failed to start decompression cycle");
   }
 
+  /* YUV sanity checks to get safe and reasonable I420 output */
+  g_assert (dec->cinfo.num_components == 3);
+  if (r_v > 2 || r_v < dec->cinfo.comp_info[0].v_samp_factor ||
+      r_h < dec->cinfo.comp_info[0].h_samp_factor)
+    goto invalid_yuv;
+
   width = dec->cinfo.output_width;
   height = dec->cinfo.output_height;
 
@@ -1306,6 +1316,20 @@ components_not_supported:
     ret = GST_FLOW_ERROR;
     goto done;
   }
+unsupported_colorspace:
+  {
+    GST_ELEMENT_ERROR (dec, STREAM, DECODE, (NULL),
+        ("Picture has unknown or unsupported colourspace"));
+    ret = GST_FLOW_ERROR;
+    goto done;
+  }
+invalid_yuv:
+  {
+    GST_ELEMENT_ERROR (dec, STREAM, DECODE, (NULL),
+        ("Picture is corrupt or unhandled YUV layout"));
+    ret = GST_FLOW_ERROR;
+    goto done;
+  }
 }
 
 static gboolean