media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data

The curr pointer has advanced 14 bytes in jpeg_parse_app14_data. 1. jpeg_get_word_be(stream), it goes forward 2 bytes. 2. jpeg_skip(stream, 11), it goes forward 11 bytes. 3. jpeg_get_byte(stream), it goes forward 1 bytes. so the remain bytes of this segment should be (lp - 2 - 11 - 1), but not (lp - 2 - 11). if driver skip 1 extra bytes, the following parsing may go wrong. Fixes: b8035f7988a8 ("media: Add parsing for APP14 data segment in jpeg helpers") Signed-off-by: Ming Qian <ming.qian@nxp.com> Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl> Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
author: Ming Qian <ming.qian@nxp.com> 2022-12-16 11:30:33 +0300
committer: Mauro Carvalho Chehab <mchehab@kernel.org> 2023-02-08 09:25:02 +0300
commit: 41959c4f973b837a12061b84d3a436fc64c73a30 (patch)
tree: 0bc6c4d3ade25d807dc773a5cb5f62b5e5db8a0d
parent: e3f7feb6d89311f369dd4ad903ea62e45328cdbe (diff)
download: linux-41959c4f973b837a12061b84d3a436fc64c73a30.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/media/v4l2-core/v4l2-jpeg.c b/drivers/media/v4l2-core/v4l2-jpeg.c
index c2513b775f6a..75c2af763d55 100644
--- a/drivers/media/v4l2-core/v4l2-jpeg.c
+++ b/drivers/media/v4l2-core/v4l2-jpeg.c
@@ -474,7 +474,7 @@ static int jpeg_parse_app14_data(struct jpeg_stream *stream,
 	*tf = ret;
 
 	/* skip the rest of the segment, this ensures at least it is complete */
-	skip = lp - 2 - 11;
+	skip = lp - 2 - 11 - 1;
 	return jpeg_skip(stream, skip);
 }
author	Ming Qian <ming.qian@nxp.com>	2022-12-16 11:30:33 +0300
committer	Mauro Carvalho Chehab <mchehab@kernel.org>	2023-02-08 09:25:02 +0300
commit	41959c4f973b837a12061b84d3a436fc64c73a30 (patch)
tree	0bc6c4d3ade25d807dc773a5cb5f62b5e5db8a0d
parent	e3f7feb6d89311f369dd4ad903ea62e45328cdbe (diff)
download	linux-41959c4f973b837a12061b84d3a436fc64c73a30.tar.xz