From 44401d9a0dbc5863533215b38a2825a1f96239c8 Mon Sep 17 00:00:00 2001
From: Harald Kuhr <harald.kuhr@gmail.com>
Date: Mon, 8 Aug 2016 11:27:12 +0200
Subject: [PATCH] #275 Fix infinite loop if EOF before header done

---
 .../plugins/svg/SVGImageReaderSpi.java        | 15 ++--
 .../plugins/svg/SVGImageReaderSpiTest.java    | 70 +++++++++++++++++++
 2 files changed, 79 insertions(+), 6 deletions(-)
 create mode 100644 imageio/imageio-batik/src/test/java/com/twelvemonkeys/imageio/plugins/svg/SVGImageReaderSpiTest.java

diff --git a/imageio/imageio-batik/src/main/java/com/twelvemonkeys/imageio/plugins/svg/SVGImageReaderSpi.java b/imageio/imageio-batik/src/main/java/com/twelvemonkeys/imageio/plugins/svg/SVGImageReaderSpi.java
index 492451db..78c250f7 100755
--- a/imageio/imageio-batik/src/main/java/com/twelvemonkeys/imageio/plugins/svg/SVGImageReaderSpi.java
+++ b/imageio/imageio-batik/src/main/java/com/twelvemonkeys/imageio/plugins/svg/SVGImageReaderSpi.java
@@ -52,6 +52,7 @@ public final class SVGImageReaderSpi extends ImageReaderSpiBase {
     /**
      * Creates an {@code SVGImageReaderSpi}.
      */
+    @SuppressWarnings("WeakerAccess")
     public SVGImageReaderSpi() {
         super(new SVGProviderInfo());
     }
@@ -60,6 +61,7 @@ public final class SVGImageReaderSpi extends ImageReaderSpiBase {
         return pSource instanceof ImageInputStream && SVG_READER_AVAILABLE && canDecode((ImageInputStream) pSource);
     }
 
+    @SuppressWarnings("StatementWithEmptyBody")
     private static boolean canDecode(final ImageInputStream pInput) throws IOException {
         // NOTE: This test is quite quick as it does not involve any parsing,
         // however it may not recognize all kinds of SVG documents.
@@ -94,15 +96,15 @@ public final class SVGImageReaderSpi extends ImageReaderSpiBase {
 
                 if (buffer[0] == '?') {
                     // This is the XML declaration or a processing instruction
-                    while (!(pInput.read() == '?' && pInput.read() == '>')) {
-                        // Skip until end of XML declaration or processing instruction
+                    while (!((pInput.readByte() & 0xFF) == '?' && pInput.read() == '>')) {
+                        // Skip until end of XML declaration or processing instruction or EOF
                     }
                 }
                 else if (buffer[0] == '!') {
                     if (buffer[1] == '-' && buffer[2] == '-') {
                         // This is a comment
-                        while (!(pInput.read() == '-' && pInput.read() == '-' && pInput.read() == '>')) {
-                            // Skip until end of comment
+                        while (!((pInput.readByte() & 0xFF) == '-' && pInput.read() == '-' && pInput.read() == '>')) {
+                            // Skip until end of comment or EOF
                         }
                     }
                     else if (buffer[1] == 'D' && buffer[2] == 'O' && buffer[3] == 'C'
@@ -137,8 +139,8 @@ public final class SVGImageReaderSpi extends ImageReaderSpiBase {
                     return false;
                 }
 
-                while (pInput.read() != '<') {
-                    // Skip over, until next begin tag
+                while ((pInput.readByte() & 0xFF) != '<') {
+                    // Skip over, until next begin tag or EOF
                 }
             }
         }
@@ -147,6 +149,7 @@ public final class SVGImageReaderSpi extends ImageReaderSpiBase {
             return false;
         }
         finally {
+            //noinspection ThrowFromFinallyBlock
             pInput.reset();
         }
     }
diff --git a/imageio/imageio-batik/src/test/java/com/twelvemonkeys/imageio/plugins/svg/SVGImageReaderSpiTest.java b/imageio/imageio-batik/src/test/java/com/twelvemonkeys/imageio/plugins/svg/SVGImageReaderSpiTest.java
new file mode 100644
index 00000000..cbe2c457
--- /dev/null
+++ b/imageio/imageio-batik/src/test/java/com/twelvemonkeys/imageio/plugins/svg/SVGImageReaderSpiTest.java
@@ -0,0 +1,70 @@
+package com.twelvemonkeys.imageio.plugins.svg;
+
+import com.twelvemonkeys.imageio.stream.ByteArrayImageInputStream;
+import com.twelvemonkeys.imageio.stream.URLImageInputStreamSpi;
+import org.junit.Test;
+
+import javax.imageio.ImageIO;
+import javax.imageio.spi.IIORegistry;
+import javax.imageio.spi.ImageReaderSpi;
+import javax.imageio.stream.ImageInputStream;
+import java.nio.charset.StandardCharsets;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+/**
+ * SVGImageReaderSpiTest.
+ *
+ * @author <a href="mailto:harald.kuhr@gmail.com">Harald Kuhr</a>
+ * @author last modified by $Author: harald.kuhr$
+ * @version $Id: SVGImageReaderSpiTest.java,v 1.0 08/08/16 harald.kuhr Exp$
+ */
+public class SVGImageReaderSpiTest {
+
+    private static final String[] VALID_INPUTS = {
+            "/svg/Android_robot.svg", // Minimal, no xml dec, no namespace
+            "/svg/batikLogo.svg",     // xml dec, comments, namespace
+            "/svg/blue-square.svg",   // xml dec, namespace
+            "/svg/red-square.svg",
+    };
+
+    private static final String[] INVALID_INPUTS = {
+        "<xml>",
+        "<",
+        "<?",
+        "<?1",
+        "<?12",
+        "<?123", // #275 Infinite loop issue
+        "<!--",
+        "<!-- ", // #275 Infinite loop issue
+        "<?123?>", // #275 Infinite loop issue
+        "<svg",
+    };
+
+    static {
+        IIORegistry.getDefaultInstance().registerServiceProvider(new URLImageInputStreamSpi());
+        ImageIO.setUseCache(false);
+    }
+
+    private final ImageReaderSpi provider = new SVGImageReaderSpi();
+
+    @Test
+    public void canDecodeInput() throws Exception {
+        for (String validInput : VALID_INPUTS) {
+            try (ImageInputStream input = ImageIO.createImageInputStream(getClass().getResource(validInput))) {
+                assertTrue("Can't read valid input: " + validInput, provider.canDecodeInput(input));
+            }
+        }
+    }
+
+    // Test will time out, if EOFs are not properly detected, see #275
+    @Test(timeout = 5000)
+    public void canDecodeInputInvalid() throws Exception {
+        for (String invalidInput : INVALID_INPUTS) {
+            try (ImageInputStream input = new ByteArrayImageInputStream(invalidInput.getBytes(StandardCharsets.UTF_8))) {
+                assertFalse("Claims to read invalid input:" + invalidInput, provider.canDecodeInput(input));
+            }
+        }
+    }
+}
\ No newline at end of file