From 3ce1f12d040294167868831c086234d956929a9f Mon Sep 17 00:00:00 2001
From: Justin Maggard <jmaggard@netgear.com>
Date: Wed, 21 Jul 2010 20:19:39 +0000
Subject: [PATCH] * Fix potential infinite loop with some bad JPEGs.

---
 image_utils.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/image_utils.c b/image_utils.c
index d237bc3..f99343f 100644
--- a/image_utils.c
+++ b/image_utils.c
@@ -237,11 +237,17 @@ image_get_jpeg_resolution(const char * path, int * width, int * height)
 	unsigned char buf[8];
 	u_int16_t offset, h, w;
 	int ret = 1;
+	long size;
+	
 
 	img = fopen(path, "r");
 	if( !img )
 		return(-1);
 
+	fseek(img, 0, SEEK_END);
+	size = ftell(img);
+	rewind(img);
+
 	fread(&buf, 2, 1, img);
 	if( (buf[0] != 0xFF) || (buf[1] != 0xD8) )
 	{
@@ -250,7 +256,7 @@ image_get_jpeg_resolution(const char * path, int * width, int * height)
 	}
 	memset(&buf, 0, sizeof(buf));
 
-	while( !feof(img) )
+	while( ftell(img) < size )
 	{
 		while( buf[0] != 0xFF && !feof(img) )
 			fread(&buf, 1, 1, img);
@@ -276,7 +282,8 @@ image_get_jpeg_resolution(const char * path, int * width, int * height)
 			fread(&buf, 2, 1, img);
 			memcpy(&offset, buf, 2);
 			offset = SWAP16(offset) - 2;
-			fseek(img, offset, SEEK_CUR);
+			if( fseek(img, offset, SEEK_CUR) == -1 )
+				break;
 		}
 	}
 	fclose(img);