[gdk-pixbuf/ebassi/issue-209] jpeg: Avoid an infinite loop with invalid images

[Emmanuele Bassi <ebassi src gnome org>]

commit b78a83a76e88e95c16fb8534a7c19f15d38c43af
Author: Emmanuele Bassi <ebassi gnome org>
Date:   Tue Aug 9 23:11:31 2022 +0100

    jpeg: Avoid an infinite loop with invalid images
    
    When loading an invalid image with a missing EOI marker we end up
    triggering an infinite loop inside libjpeg.
    
    Original patch by: Sam Ezeh <sam z ezeh gmail com>
    
    Fixes: #209

 gdk-pixbuf/io-jpeg.c |   1 -
 tests/issue209.jpg   | Bin 0 -> 316 bytes
 tests/meson.build    |   1 +
 tests/pixbuf-jpeg.c  |  36 ++++++++++++++++++++++++++++++++++++
 4 files changed, 37 insertions(+), 1 deletion(-)
---
diff --git a/gdk-pixbuf/io-jpeg.c b/gdk-pixbuf/io-jpeg.c
index 22f4174fe..5a92aa4c4 100644
--- a/gdk-pixbuf/io-jpeg.c
+++ b/gdk-pixbuf/io-jpeg.c
@@ -879,7 +879,6 @@ gdk_pixbuf__jpeg_image_stop_load (gpointer data, GError **error)
                                src->buffer[src->skip_next] = (JOCTET) 0xFF;
                                src->buffer[src->skip_next + 1] = (JOCTET) JPEG_EOI;
                                src->pub.next_input_byte = src->buffer + src->skip_next;
-                               src->pub.bytes_in_buffer = 2;
 
                                gdk_pixbuf__jpeg_image_load_lines (context, NULL);
                        }
diff --git a/tests/issue209.jpg b/tests/issue209.jpg
new file mode 100644
index 000000000..853dd6b6e
Binary files /dev/null and b/tests/issue209.jpg differ
diff --git a/tests/meson.build b/tests/meson.build
index 28c252535..a8a506fe1 100644
--- a/tests/meson.build
+++ b/tests/meson.build
@@ -153,6 +153,7 @@ test_data = [
   'circular-table.gif',
   'issue70.jpg',
   'issue205.jpg',
+  'issue209.jpg',
 ]
 
 installed_test_bindir = join_paths(gdk_pixbuf_libexecdir, 'installed-tests', meson.project_name())
diff --git a/tests/pixbuf-jpeg.c b/tests/pixbuf-jpeg.c
index be2c6b4fe..45801ba3d 100644
--- a/tests/pixbuf-jpeg.c
+++ b/tests/pixbuf-jpeg.c
@@ -205,6 +205,41 @@ test_jpeg_fbfbfbfb (void)
   g_free (contents);
 }
 
+static void
+test_jpeg_no_eoi (void)
+{
+  GdkPixbufLoader *loader;
+  GdkPixbuf *pixbuf;
+  GError *error = NULL;
+  gchar *contents;
+  gsize size;
+
+  if (!format_supported ("jpeg"))
+    {
+      g_test_skip ("format not supported");
+      return;
+    }
+
+  g_test_message ("Load JPEG with no EOI marker (issue: 209)");
+
+  g_file_get_contents (g_test_get_filename (G_TEST_DIST, "issue209.jpg", NULL), &contents, &size, &error);
+  g_assert_no_error (error);
+
+  loader = gdk_pixbuf_loader_new ();
+
+  gdk_pixbuf_loader_write (loader, (const guchar*)contents, size, &error);
+  g_assert_no_error (error);
+
+  gdk_pixbuf_loader_close (loader, &error);
+  g_assert_error (error, GDK_PIXBUF_ERROR, GDK_PIXBUF_ERROR_CORRUPT_IMAGE);
+
+  pixbuf = gdk_pixbuf_loader_get_pixbuf (loader);
+  g_assert_nonnull (pixbuf);
+
+  g_object_unref (loader);
+  g_free (contents);
+}
+
 int
 main (int argc, char **argv)
 {
@@ -217,6 +252,7 @@ main (int argc, char **argv)
   g_test_add_func ("/pixbuf/jpeg/at_size", test_at_size);
   g_test_add_func ("/pixbuf/jpeg/issue70", test_jpeg_markers);
   g_test_add_func ("/pixbuf/jpeg/issue205", test_jpeg_fbfbfbfb);
+  g_test_add_func ("/pixbuf/jpeg/issue209", test_jpeg_no_eoi);
 
   return g_test_run ();
 }