Bug 693503: Fix infinite loop within JPEG2K stream reading.

The openjpeg stream reading code is supposed to return -1 to mean 'EOF'. Update our implementation in line with this. This stops samples_mupdf_001/402.pdf.SIGSEGV.2e4.2672 going into an infinite loop.
author: Robin Watts <robin.watts@artifex.com> 2013-01-08 18:06:30 +0000
committer: Robin Watts <robin.watts@artifex.com> 2013-05-22 15:27:18 +0100
commit: 646690fc7bcfec125dab01db9e04e7db4f3e5363 (patch)
tree: 8c4901f7ffd984eedcff74e195fa2036076bd198 /fitz
parent: a1eb3a2fbda2eb6b9c1b01f1afc43be96c2df744 (diff)
download: mupdf-646690fc7bcfec125dab01db9e04e7db4f3e5363.tar.xz
1 files changed, 2 insertions, 0 deletions
diff --git a/fitz/image_jpx.c b/fitz/image_jpx.c
index f680b50c..f8e6d8c0 100644
--- a/fitz/image_jpx.c
+++ b/fitz/image_jpx.c
@@ -35,6 +35,8 @@ OPJ_SIZE_T stream_read(void * p_buffer, OPJ_SIZE_T p_nb_bytes, void * p_user_dat
 	len = sb->size - sb->pos;
 	if (len < 0)
 		len = 0;
+	if (len == 0)
+		return (OPJ_SIZE_T)-1;  /* End of file! */
 	if (len > p_nb_bytes)
 		len = p_nb_bytes;
 	memcpy(p_buffer, sb->data + sb->pos, len);
author	Robin Watts <robin.watts@artifex.com>	2013-01-08 18:06:30 +0000
committer	Robin Watts <robin.watts@artifex.com>	2013-05-22 15:27:18 +0100
commit	646690fc7bcfec125dab01db9e04e7db4f3e5363 (patch)
tree	8c4901f7ffd984eedcff74e195fa2036076bd198 /fitz
parent	a1eb3a2fbda2eb6b9c1b01f1afc43be96c2df744 (diff)
download	mupdf-646690fc7bcfec125dab01db9e04e7db4f3e5363.tar.xz