From 0736b5d6b3b31bb24531284b44b90b7b225d9e7c Mon Sep 17 00:00:00 2001
From: Vladimir Nadvornik <nadvornik@suse.cz>
Date: Fri, 29 Jul 2011 15:27:09 +0200
Subject: [PATCH] fixed crash on incomplete jpeg file

---
 src/image_load_jpeg.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/image_load_jpeg.c b/src/image_load_jpeg.c
index 6e9877ab..b1a40982 100644
--- a/src/image_load_jpeg.c
+++ b/src/image_load_jpeg.c
@@ -234,7 +234,11 @@ static void skip_input_data (j_decompress_ptr cinfo, long num_bytes)
 {
 	struct jpeg_source_mgr* src = (struct jpeg_source_mgr*) cinfo->src;
 
-	if (num_bytes > 0) 
+	if (num_bytes > src->bytes_in_buffer)
+		{
+		ERREXIT(cinfo, JERR_INPUT_EOF);
+		}
+	else if (num_bytes > 0) 
 		{
 		src->next_input_byte += (size_t) num_bytes;
 		src->bytes_in_buffer -= (size_t) num_bytes;
-- 
2.20.1