From ba15a8cd3238a3a3c098ad8b7d96cb0e405fc26f Mon Sep 17 00:00:00 2001
From: Tor Andersson <tor.andersson@artifex.com>
Date: Wed, 7 May 2014 12:42:57 +0200
Subject: Fix 695112: patch JPEG streams with missing dimensions

If a JPEG stream is missing valid values for width/height (usually -1),
Adobe Reader substitutes these using the values read from the PDF
object. This can be done by scanning and patching the data before
passing it to libjpeg.

Thanks to zeniko for the patch.
---
 source/fitz/image.c | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

(limited to 'source')

diff --git a/source/fitz/image.c b/source/fitz/image.c
index 3ee5f88d..e2ac2de3 100644
--- a/source/fitz/image.c
+++ b/source/fitz/image.c
@@ -278,6 +278,29 @@ fz_image_get_pixmap(fz_context *ctx, fz_image *image, int w, int h)
 	case FZ_IMAGE_JXR:
 		tile = fz_load_jxr(ctx, image->buffer->buffer->data, image->buffer->buffer->len);
 		break;
+	case FZ_IMAGE_JPEG:
+		/* Scan JPEG stream and patch missing width/height values in header */
+		{
+			unsigned char *d = image->buffer->buffer->data;
+			unsigned char *e = d + image->buffer->buffer->len;
+			for (d += 2; d + 9 < e && d[0] == 0xFF; d += (d[2] << 8 | d[3]) + 2)
+			{
+				if (d[1] < 0xC0 || 0xC3 < d[1])
+					continue;
+				if (d[7] == 0xFF && d[8] == 0xFF)
+				{
+					d[7] = (image->w >> 8) & 0xFF;
+					d[8] = image->w & 0xFF;
+				}
+				if (d[5] == 0xFF && d[6] == 0xFF)
+				{
+					d[5] = (image->h >> 8) & 0xFF;
+					d[6] = image->h & 0xFF;
+				}
+			}
+		}
+		/* fall through */
+
 	default:
 		native_l2factor = l2factor;
 		stm = fz_open_image_decomp_stream_from_buffer(ctx, image->buffer, &native_l2factor);
-- 
cgit v1.2.3