From 5220c371176951e12d525ac7908861d111c367d0 Mon Sep 17 00:00:00 2001
From: Kim Motoyoshi Kalland <kim.kalland@nokia.com>
Date: Mon, 20 Sep 2010 12:39:27 +0200
Subject: Fixed infinite loop when loading jpeg without EOI from memory.

Task-number: QTBUG-13653
Reviewed-by: aavit
---
 src/gui/image/qjpeghandler.cpp                       |  19 ++++++++-----------
 tests/auto/qimagereader/images/qtbug13653-no_eoi.jpg | Bin 0 -> 8250 bytes
 tests/auto/qimagereader/qimagereader.qrc             |   1 +
 tests/auto/qimagereader/tst_qimagereader.cpp         |   5 +++++
 4 files changed, 14 insertions(+), 11 deletions(-)
 create mode 100644 tests/auto/qimagereader/images/qtbug13653-no_eoi.jpg

diff --git a/src/gui/image/qjpeghandler.cpp b/src/gui/image/qjpeghandler.cpp
index eda5efb..e685694 100644
--- a/src/gui/image/qjpeghandler.cpp
+++ b/src/gui/image/qjpeghandler.cpp
@@ -134,15 +134,18 @@ static void qt_init_source(j_decompress_ptr)
 static boolean qt_fill_input_buffer(j_decompress_ptr cinfo)
 {
     my_jpeg_source_mgr* src = (my_jpeg_source_mgr*)cinfo->src;
+    qint64 num_read = 0;
     if (src->memDevice) {
         src->next_input_byte = (const JOCTET *)(src->memDevice->data().constData() + src->memDevice->pos());
-        src->bytes_in_buffer = (size_t)(src->memDevice->data().size() - src->memDevice->pos());
-        return true;
+        num_read = src->memDevice->data().size() - src->memDevice->pos();
+        src->device->seek(src->memDevice->data().size());
+    } else {
+        src->next_input_byte = src->buffer;
+        num_read = src->device->read((char*)src->buffer, max_buf);
     }
-    src->next_input_byte = src->buffer;
-    int num_read = src->device->read((char*)src->buffer, max_buf);
     if (num_read <= 0) {
         // Insert a fake EOI marker - as per jpeglib recommendation
+        src->next_input_byte = src->buffer;
         src->buffer[0] = (JOCTET) 0xFF;
         src->buffer[1] = (JOCTET) JPEG_EOI;
         src->bytes_in_buffer = 2;
@@ -183,13 +186,7 @@ static void qt_term_source(j_decompress_ptr cinfo)
 {
     my_jpeg_source_mgr* src = (my_jpeg_source_mgr*)cinfo->src;
     if (!src->device->isSequential())
-    {
-        // read() isn't used for memDevice, so seek past everything that was used
-        if (src->memDevice)
-            src->device->seek(src->device->pos() + (src->memDevice->data().size() - src->memDevice->pos() - src->bytes_in_buffer));
-        else
-            src->device->seek(src->device->pos() - src->bytes_in_buffer);
-    }
+        src->device->seek(src->device->pos() - src->bytes_in_buffer);
 }
 
 #if defined(Q_C_CALLBACKS)
diff --git a/tests/auto/qimagereader/images/qtbug13653-no_eoi.jpg b/tests/auto/qimagereader/images/qtbug13653-no_eoi.jpg
new file mode 100644
index 0000000..605e8a8
Binary files /dev/null and b/tests/auto/qimagereader/images/qtbug13653-no_eoi.jpg differ
diff --git a/tests/auto/qimagereader/qimagereader.qrc b/tests/auto/qimagereader/qimagereader.qrc
index 1acc82f..5536b38 100644
--- a/tests/auto/qimagereader/qimagereader.qrc
+++ b/tests/auto/qimagereader/qimagereader.qrc
@@ -63,5 +63,6 @@
         <file>images/rect.svgz</file>
         <file>images/corrupt.svg</file>
         <file>images/corrupt.svgz</file>
+        <file>images/qtbug13653-no_eoi.jpg</file>
     </qresource>
 </RCC>
diff --git a/tests/auto/qimagereader/tst_qimagereader.cpp b/tests/auto/qimagereader/tst_qimagereader.cpp
index 5b30b04..3bee5d9 100644
--- a/tests/auto/qimagereader/tst_qimagereader.cpp
+++ b/tests/auto/qimagereader/tst_qimagereader.cpp
@@ -239,6 +239,7 @@ void tst_QImageReader::readImage_data()
 
 #if defined QTEST_HAVE_JPEG
     QTest::newRow("JPEG: beavis") << QString("beavis.jpg") << true << QByteArray("jpeg");
+    QTest::newRow("JPEG: qtbug13653") << QString("qtbug13653-no_eoi.jpg") << true << QByteArray("jpeg");
 #endif
 #if defined QTEST_HAVE_GIF
     QTest::newRow("GIF: earth") << QString("earth.gif") << true << QByteArray("gif");
@@ -1039,6 +1040,7 @@ void tst_QImageReader::readFromDevice_data()
     QTest::newRow("jpeg-1") << QString("beavis.jpg") << QByteArray("jpeg");
     QTest::newRow("jpeg-2") << QString("YCbCr_cmyk.jpg") << QByteArray("jpeg");
     QTest::newRow("jpeg-3") << QString("YCbCr_rgb.jpg") << QByteArray("jpeg");
+    QTest::newRow("jpeg-4") << QString("qtbug13653-no_eoi.jpg") << QByteArray("jpeg");
 #endif // QTEST_HAVE_JPEG
 #ifdef QTEST_HAVE_GIF
     QTest::newRow("gif-1") << QString("earth.gif") << QByteArray("gif");
@@ -1314,6 +1316,9 @@ void tst_QImageReader::readFromResources_data()
     QTest::newRow("YCbCr_rgb.jpg") << QString("YCbCr_rgb.jpg")
                                           << QByteArray("jpg") << QSize(75, 50)
                                           << QString("");
+    QTest::newRow("qtbug13653-no_eoi.jpg") << QString("qtbug13653-no_eoi.jpg")
+                                        << QByteArray("jpg") << QSize(240, 180)
+                                        << QString("");
 #endif
 #ifdef QTEST_HAVE_MNG
     QTest::newRow("corrupt.mng") << QString("corrupt.mng")
-- 
cgit v0.12