TMI-119: Fixed endless loop, trying to read 0 bytes at EOF caused by bogus segment lengths...

imageio/imageio-jpeg/src/main/java/com/twelvemonkeys/imageio/plugins/jpeg/JPEGSegmentImageInputStream.java

@@ -271,7 +271,8 @@ final class JPEGSegmentImageInputStream extends ImageInputStreamImpl {
         while (total < len) {
             repositionAsNecessary();
 
-            int count = stream.read(b, off + total, (int) Math.min(len - total, segment.end() - streamPos));
+            long bytesLeft = segment.end() - streamPos; // If no more bytes after reposition, we're at EOF
+            int count = bytesLeft == 0 ? -1 : stream.read(b, off + total, (int) Math.min(len - total, bytesLeft));
 
             if (count == -1) {
                 // EOF

imageio/imageio-jpeg/src/test/java/com/twelvemonkeys/imageio/plugins/jpeg/JPEGImageReaderTest.java

@@ -104,7 +104,8 @@ public class JPEGImageReaderTest extends ImageReaderAbstractTestCase<JPEGImageRe
                 new TestData(getClassLoaderResource("/broken-jpeg/broken-adobe-marker-bad-length.jpg"), new Dimension(1800, 1200)), // Unreadable, segment lengths are wrong
                 new TestData(getClassLoaderResource("/broken-jpeg/broken-invalid-adobe-ycc-gray.jpg"), new Dimension(11, 440)), // Image readable, broken metadata (fixable?)
                 new TestData(getClassLoaderResource("/broken-jpeg/broken-no-sof-ascii-transfer-mode.jpg"), new Dimension(-1, -1)), // Unreadable, can't find SOFn marker
-                new TestData(getClassLoaderResource("/broken-jpeg/broken-sos-before-sof.jpg"), new Dimension(-1, -1)) // Unreadable, can't find SOFn marker
+                new TestData(getClassLoaderResource("/broken-jpeg/broken-sos-before-sof.jpg"), new Dimension(-1, -1)), // Unreadable, can't find SOFn marker
+                new TestData(getClassLoaderResource("/broken-jpeg/broken-adobe-segment-length-beyond-eof.jpg"), new Dimension(-1, -1)) // Unreadable, no EOI
         );
 
         // More test data in specific tests below

imageio/imageio-jpeg/src/test/resources/broken-jpeg/broken-adobe-segment-length-beyond-eof.jpg

@@ -0,0 +1,13 @@
+ÿØÿî Adobe d€   
ÿÛ „ 
+
+





#"""#''''''''''
		
+			




!! !!''''''''''ÿÀ  5 )
" 

ÿÄ
¢   




        
 	
+
 




       
 	
+ 
s
 !1AQa"q<>2‘¡±B#ÁRÑá3bð$r‚ñ%C4S’¢²csÂ5D'“£³6TdtÃÒâ&ƒ	
+„”EF¤´VÓU(òãóÄÔäôeu…•¥µÅÕåõfv†–¦¶ÆÖæö7GWgw‡—§·Ç×ç÷8HXhxˆ˜¨¸ÈØèø)9IYiy‰™©¹ÉÙéù*:JZjzŠšªºÊÚêú 
m
 !1AQa"q<>‘2¡±ðÁÑá#BRbrñ3$4C‚’S%¢c²ÂsÒ5âDƒT“	
+&6E'dtU7ò£³Ã()Óã󄔤´ÄÔäôeu…•¥µÅÕåõFVfv†–¦¶ÆÖæöGWgw‡—§·Ç×ç÷8HXhxˆ˜¨¸ÈØèø9IYiy‰™©¹ÉÙéù*:JZjzŠšªºÊÚêúÿÚ 
  ? áÚF“}­êiš|f[™Ø*/aâÄö¾z#@òO—¼·e	žÝ.æ‚0g½›‹Çê´"Zxô¨È?åF<C3A5>s§‹<C2A7>|ˆVoB¦b¡Õ”òT*ƒ¸Éǘtëûý$
2x£Ä$6–Å<E28093>&b*¥˜u>Ùƒ©Èrê±haªQ1–cûÒr}8¡ÜH¢OŸÎ¹“Y2œ2È#.ØýÖßTæzÑÚ‘)åí/Pº<50>W»Ò­Z´6ñ¢Ñ¨Ä
êŠøEI«yʾcYc’Ùlî<6C>8ýk~*êA¦ñ<C2A6>E;í„·^aóG—­m,/­OÖŠñ¶H<C2B6>8<EFBFBD>.Óo¿Žo/\yŽûV“U¿±fH˜z±
+¬<EFBFBD>èG­އ{3´à3f=¡<11>O凉âC(¿Drqú}\®îÜÌà:UþòUÃ!üã<C3BC>‡}¹Õ<SÌ~_¾òέ6•~œdŒÕ³¡û.¾Ç
+sÐ?šº$—”P£5îŸ"˜å–ž©‰Ër‰¸<E280B0>èÝ3ÏÙgçcù_Ípo|ÿ –âààâîâëÜåVü[>¿ƒ‡‹<E280A1>‡ÝÓ½ôo‘/´Í/ÊZ}œÓGª9˜wi¥M”w®Ù –êøÜÛ/ªBK›ÖuR8ú-EG":áEŸ’t/¨Ùꙣ•-âw•_<E280A2>> ví„w>b½ž	,^éî! óQ—‘]èFÙ¯ÇÙíNÒÔeÓ›Çæ9¥<39>pÔw<C394> 9š|˜(ÏGŠ#,å<dã<02>ª_Å;÷윧™&¹¼†þÚËž<C38B>nÖu¨
+$¨«Èb)Û'<27>5m>itË“]¨hî#$¨Ú¿Æ™°óÔlßG¹<47>dK°ÍlªS¡
ý¾¿O3ɧéGD–»[ÈÁà¼èHëí™úþÂÏ©†A¦ÃàKKš8°ÄO÷sÓ}w(<28>¬Hñ8šÑðr‰ÊG/NY\}qÌ=;wì OõÝ=­ü©©Û½Ì·­" _Q½ONE Ÿ‹²øçÿ 
+Ÿùo·ÿ ƒÏAØ-æ£f`ÔdHEÂpX­ÀƒUy7.GâùÊ¿åY/ùðKšAâ
Ò	ÃƆ¬c–ã†òDÊ;Õs<C395>÷mùÂ2<C382>Q„½Pc.ø`eèÿ :&ÞŸ¢IkæO/Ú\\8ºˆÇÁ£CÄ5Ú ùd6/&]ß›”Wœ­âW"BåY˜¯*m‘<6D>ÉÝ~
3P¹Óð ìA"£·ígcu–ÒêKÛ‚©coQRYË©
ë™íV»³²äæÉ!‹V|\Qæ!33Çû?"lzM>{9ˆ‰Ó<E280B0>YåÇA>ïÐ^TÖˆm­:ÏC<‡ì:7„Rµ£m¾N5O+Û\iöúP$ê/9§cð€´æõ¥íˆZÜØù›X
r‘1¢FäÑ) =iÞ™-¶<>/”\GR¼—÷ÊU€Ø·ß—ö¯löŽ—S¥,s†Ë&/à3œxb%__Râè;?lYòãœ1ÉU 
â°ÒHBXzº6<C2BA>'×ç3¤”ÏPv‰Íhh3ƒÿ ÊÁÔß<7F>÷ä¿óCÏ6Éb¾_Ñåyêß[˜
+'vˆt­3Œd†
hÀuƒ?7,ãTpðmp‰„cÁüÿ Q<>~—'‡
xFRðD|!’÷à'ˆËú»û¼‘ZwÖ¾½oõ:ýcÔ_K<5F>kÊ»}<7D>ó°ù<C2B0>þV‡øb?­ˆ½?é<ÞŸöYijfÛ~,5áÿ yüuÇÿ Z÷þSô0Ë[ÝrëìëøKÕÿ -ÿ KV/«ˆÍÇ«'§ë•>{©ôäßÎgÎßSoª,?Tâ}o©—çOÚçÈW<C388><3Î9²½Oç°‰qpCëâüýµÿ ÿ 7«N/«/Õõÿ Ö­ÐþóñIŽ¯ê}q¹P.Ü8Ö”ÿ e€1¹²Ã×ôÿ k³ßÇé|^\?«‡ô?ÿÙ