From b78a83a76e88e95c16fb8534a7c19f15d38c43af Mon Sep 17 00:00:00 2001
From: Emmanuele Bassi <ebassi@gnome.org>
Date: Tue, 9 Aug 2022 23:11:31 +0100
Subject: jpeg: Avoid an infinite loop with invalid images

When loading an invalid image with a missing EOI marker we end up
triggering an infinite loop inside libjpeg.

Original patch by: Sam Ezeh <sam.z.ezeh@gmail.com>

Fixes: #209
---
 gdk-pixbuf/io-jpeg.c |   1 -
 tests/issue209.jpg   | Bin 0 -> 316 bytes
 tests/meson.build    |   1 +
 tests/pixbuf-jpeg.c  |  36 ++++++++++++++++++++++++++++++++++++
 4 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 tests/issue209.jpg

diff --git a/gdk-pixbuf/io-jpeg.c b/gdk-pixbuf/io-jpeg.c
index 22f4174fe..5a92aa4c4 100644
--- a/gdk-pixbuf/io-jpeg.c
+++ b/gdk-pixbuf/io-jpeg.c
@@ -879,7 +879,6 @@ gdk_pixbuf__jpeg_image_stop_load (gpointer data, GError **error)
 				src->buffer[src->skip_next] = (JOCTET) 0xFF;
 				src->buffer[src->skip_next + 1] = (JOCTET) JPEG_EOI;
 				src->pub.next_input_byte = src->buffer + src->skip_next;
-				src->pub.bytes_in_buffer = 2;
 
 				gdk_pixbuf__jpeg_image_load_lines (context, NULL);
 			}
diff --git a/tests/issue209.jpg b/tests/issue209.jpg
new file mode 100644
index 000000000..853dd6b6e
Binary files /dev/null and b/tests/issue209.jpg differ
diff --git a/tests/meson.build b/tests/meson.build
index 28c252535..a8a506fe1 100644
--- a/tests/meson.build
+++ b/tests/meson.build
@@ -153,6 +153,7 @@ test_data = [
   'circular-table.gif',
   'issue70.jpg',
   'issue205.jpg',
+  'issue209.jpg',
 ]
 
 installed_test_bindir = join_paths(gdk_pixbuf_libexecdir, 'installed-tests', meson.project_name())
diff --git a/tests/pixbuf-jpeg.c b/tests/pixbuf-jpeg.c
index be2c6b4fe..45801ba3d 100644
--- a/tests/pixbuf-jpeg.c
+++ b/tests/pixbuf-jpeg.c
@@ -205,6 +205,41 @@ test_jpeg_fbfbfbfb (void)
   g_free (contents);
 }
 
+static void
+test_jpeg_no_eoi (void)
+{
+  GdkPixbufLoader *loader;
+  GdkPixbuf *pixbuf;
+  GError *error = NULL;
+  gchar *contents;
+  gsize size;
+
+  if (!format_supported ("jpeg"))
+    {
+      g_test_skip ("format not supported");
+      return;
+    }
+
+  g_test_message ("Load JPEG with no EOI marker (issue: 209)");
+
+  g_file_get_contents (g_test_get_filename (G_TEST_DIST, "issue209.jpg", NULL), &contents, &size, &error);
+  g_assert_no_error (error);
+
+  loader = gdk_pixbuf_loader_new ();
+
+  gdk_pixbuf_loader_write (loader, (const guchar*)contents, size, &error);
+  g_assert_no_error (error);
+
+  gdk_pixbuf_loader_close (loader, &error);
+  g_assert_error (error, GDK_PIXBUF_ERROR, GDK_PIXBUF_ERROR_CORRUPT_IMAGE);
+
+  pixbuf = gdk_pixbuf_loader_get_pixbuf (loader);
+  g_assert_nonnull (pixbuf);
+
+  g_object_unref (loader);
+  g_free (contents);
+}
+
 int
 main (int argc, char **argv)
 {
@@ -217,6 +252,7 @@ main (int argc, char **argv)
   g_test_add_func ("/pixbuf/jpeg/at_size", test_at_size);
   g_test_add_func ("/pixbuf/jpeg/issue70", test_jpeg_markers);
   g_test_add_func ("/pixbuf/jpeg/issue205", test_jpeg_fbfbfbfb);
+  g_test_add_func ("/pixbuf/jpeg/issue209", test_jpeg_no_eoi);
 
   return g_test_run ();
 }
-- 
cgit v1.2.1