From fb4be3894e5c7c3a9820509ff2f4626ba19043fc Mon Sep 17 00:00:00 2001
From: mayeut <mayeut@users.noreply.github.com>
Date: Sat, 7 Nov 2015 01:35:43 +0100
Subject: [PATCH 1/5] Fix undefined size jp2 box handling

Update #653
---
 src/lib/openjp2/jp2.c                   | 36 ++++++++++++++-----------
 tests/nonregression/md5refs.txt         |  1 +
 tests/nonregression/test_suite.ctest.in |  3 +++
 3 files changed, 24 insertions(+), 16 deletions(-)

diff --git a/src/lib/openjp2/jp2.c b/src/lib/openjp2/jp2.c
index fea34771..6c6f6e83 100644
--- a/src/lib/openjp2/jp2.c
+++ b/src/lib/openjp2/jp2.c
@@ -482,12 +482,16 @@ static OPJ_BOOL opj_jp2_read_boxhdr(opj_jp2_box_t *box,
 	opj_read_bytes(l_data_header+4,&(box->type), 4);
     
   if(box->length == 0)/* last box */
-    {
+  {
     const OPJ_OFF_T bleft = opj_stream_get_number_byte_left(cio);
-    box->length = (OPJ_UINT32)bleft;
-    assert( (OPJ_OFF_T)box->length == bleft );
-    return OPJ_TRUE;
+    if (bleft > (OPJ_OFF_T)(0xFFFFFFFFU - 8U)) {
+      opj_event_msg(p_manager, EVT_ERROR, "Cannot handle box sizes higher than 2^32\n");
+      return OPJ_FALSE;
     }
+    box->length = (OPJ_UINT32)bleft + 8U;
+    assert( (OPJ_OFF_T)box->length == bleft + 8 );
+    return OPJ_TRUE;
+  }
 
 	/* do we have a "special very large box ?" */
 	/* read then the XLBox */
@@ -2112,7 +2116,7 @@ static OPJ_BOOL opj_jp2_read_header_procedure(  opj_jp2_t *jp2,
 		if (box.type == JP2_JP2C) {
 			if (jp2->jp2_state & JP2_STATE_HEADER) {
 				jp2->jp2_state |= JP2_STATE_CODESTREAM;
-                                opj_free(l_current_data);
+				opj_free(l_current_data);
 				return OPJ_TRUE;
 			}
 			else {
@@ -2127,7 +2131,7 @@ static OPJ_BOOL opj_jp2_read_header_procedure(  opj_jp2_t *jp2,
 			return OPJ_FALSE;
 		}
 		/* testcase 1851.pdf.SIGSEGV.ce9.948 */
-        else if (box.length < l_nb_bytes_read) {
+		else if (box.length < l_nb_bytes_read) {
 			opj_event_msg(p_manager, EVT_ERROR, "invalid box size %d (%x)\n", box.length, box.type);
 			opj_free(l_current_data);
 			return OPJ_FALSE;
@@ -2184,16 +2188,16 @@ static OPJ_BOOL opj_jp2_read_header_procedure(  opj_jp2_t *jp2,
 			}
 		}
 		else {
-            if (!(jp2->jp2_state & JP2_STATE_SIGNATURE)) {
-                opj_event_msg(p_manager, EVT_ERROR, "Malformed JP2 file format: first box must be JPEG 2000 signature box\n");
-                opj_free(l_current_data);
-                return OPJ_FALSE;
-            }
-            if (!(jp2->jp2_state & JP2_STATE_FILE_TYPE)) {
-                opj_event_msg(p_manager, EVT_ERROR, "Malformed JP2 file format: second box must be file type box\n");
-                opj_free(l_current_data);
-                return OPJ_FALSE;
-            }
+			if (!(jp2->jp2_state & JP2_STATE_SIGNATURE)) {
+				opj_event_msg(p_manager, EVT_ERROR, "Malformed JP2 file format: first box must be JPEG 2000 signature box\n");
+				opj_free(l_current_data);
+				return OPJ_FALSE;
+			}
+			if (!(jp2->jp2_state & JP2_STATE_FILE_TYPE)) {
+				opj_event_msg(p_manager, EVT_ERROR, "Malformed JP2 file format: second box must be file type box\n");
+				opj_free(l_current_data);
+				return OPJ_FALSE;
+			}
 			jp2->jp2_state |= JP2_STATE_UNKNOWN;
 			if (opj_stream_skip(stream,l_current_data_size,p_manager) != l_current_data_size) {
 				opj_event_msg(p_manager, EVT_ERROR, "Problem with skipping JPEG2000 box, stream error\n");
diff --git a/tests/nonregression/md5refs.txt b/tests/nonregression/md5refs.txt
index 82f4cba3..499441c0 100644
--- a/tests/nonregression/md5refs.txt
+++ b/tests/nonregression/md5refs.txt
@@ -269,3 +269,4 @@ e163102afcc857cf001337178241f518  issue559-eci-090-CIELab.jp2_2.pgx
 b004b2e08b0dfb217c131b353cf157eb  issue559-eci-091-CIELab.jp2_0.pgx
 2400da6b8ed6b1747b9913af544580f9  issue559-eci-091-CIELab.jp2_1.pgx
 cf73dda887967928dbcf5cc87ab204cc  issue559-eci-091-CIELab.jp2_2.pgx
+3bf91c974abc17e520c6a5efa883a58a  issue653-zero-unknownbox.jp2.png
diff --git a/tests/nonregression/test_suite.ctest.in b/tests/nonregression/test_suite.ctest.in
index 25201c8f..c316a5ea 100644
--- a/tests/nonregression/test_suite.ctest.in
+++ b/tests/nonregression/test_suite.ctest.in
@@ -505,3 +505,6 @@ opj_decompress -i @INPUT_NR_PATH@/issue236-ESYCC-CDEF.jp2 -o @TEMP_PATH@/issue23
 # issue 326 + PR 559: CIELab colorspace
 opj_decompress -i @INPUT_NR_PATH@/issue559-eci-090-CIELab.jp2 -o @TEMP_PATH@/issue559-eci-090-CIELab.jp2.pgx
 opj_decompress -i @INPUT_NR_PATH@/issue559-eci-091-CIELab.jp2 -o @TEMP_PATH@/issue559-eci-091-CIELab.jp2.pgx
+
+# issue 653 Last box of undefined size byg
+opj_decompress -i @INPUT_NR_PATH@/issue653-zero-unknownbox.jp2 -o @TEMP_PATH@/issue653-zero-unknownbox.jp2.png -p 8S

From 601aa38c30258bc7eae1227e00f29a5557953e66 Mon Sep 17 00:00:00 2001
From: mayeut <mayeut@users.noreply.github.com>
Date: Sat, 7 Nov 2015 02:04:10 +0100
Subject: [PATCH 2/5] fix appveyor build

---
 tools/travis-ci/run.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tools/travis-ci/run.sh b/tools/travis-ci/run.sh
index 7d6bd141..634d05dc 100755
--- a/tools/travis-ci/run.sh
+++ b/tools/travis-ci/run.sh
@@ -70,6 +70,8 @@ if [ "${TRAVIS_OS_NAME:-}" == "" ]; then
 		TRAVIS_OS_NAME=windows
 	elif uname -s | grep -i MINGW &> /dev/null; then
 		TRAVIS_OS_NAME=windows
+	elif [ "${APPVEYOR:-}" == "True"; then
+		TRAVIS_OS_NAME=windows
 	else
 		echo "Failed to guess OS"; exit 1
 	fi

From e5ca873ab13a22e0cdabb4f56367b4c223be0b70 Mon Sep 17 00:00:00 2001
From: mayeut <mayeut@users.noreply.github.com>
Date: Sat, 7 Nov 2015 02:06:22 +0100
Subject: [PATCH 3/5] Fix missing bracket

---
 tools/travis-ci/run.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/travis-ci/run.sh b/tools/travis-ci/run.sh
index 634d05dc..e8c5a281 100755
--- a/tools/travis-ci/run.sh
+++ b/tools/travis-ci/run.sh
@@ -70,7 +70,7 @@ if [ "${TRAVIS_OS_NAME:-}" == "" ]; then
 		TRAVIS_OS_NAME=windows
 	elif uname -s | grep -i MINGW &> /dev/null; then
 		TRAVIS_OS_NAME=windows
-	elif [ "${APPVEYOR:-}" == "True"; then
+	elif [ "${APPVEYOR:-}" == "True" ]; then
 		TRAVIS_OS_NAME=windows
 	else
 		echo "Failed to guess OS"; exit 1

From c414d9c238f404980e6e8b17db652a7fb2635cdf Mon Sep 17 00:00:00 2001
From: mayeut <mayeut@users.noreply.github.com>
Date: Sat, 7 Nov 2015 02:40:18 +0100
Subject: [PATCH 4/5] Check for appveyor update

---
 appveyor.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/appveyor.yml b/appveyor.yml
index d5cc1620..892b3163 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -4,6 +4,7 @@ branches:
   - coverity_scan
 skip_tags: true
 clone_depth: 50
+os: Previous Windows Server 2012 R2
 environment:
   matrix:
   - OPJ_CI_ARCH: x86

From f51d52f85a54a40ad7e792f2b59473aaf9e1e914 Mon Sep 17 00:00:00 2001
From: mayeut <mayeut@users.noreply.github.com>
Date: Sat, 7 Nov 2015 02:59:38 +0100
Subject: [PATCH 5/5] Revert "Check for appveyor update"

This reverts commit c414d9c238f404980e6e8b17db652a7fb2635cdf.
---
 appveyor.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/appveyor.yml b/appveyor.yml
index 892b3163..d5cc1620 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -4,7 +4,6 @@ branches:
   - coverity_scan
 skip_tags: true
 clone_depth: 50
-os: Previous Windows Server 2012 R2
 environment:
   matrix:
   - OPJ_CI_ARCH: x86