From 61e3285ffc1b78899be99b25caa091d93bdf233e Mon Sep 17 00:00:00 2001
From: Robert Osfield <robert@openscenegraph.com>
Date: Fri, 9 May 2008 11:27:03 +0000
Subject: [PATCH] From Paul Martz, "Attached are some minor plugin fixes. PNM,
 RGB, and JPEG would all crash if attempting to read an empty file, and FLT
 would go into an infinite loop. All are fixed with this change.

I also fixed some return values for a couple of these, changing FILE_NOT_HANDLED to ERROR_IN_READING_FILE where appropriate."
---
 src/osgPlugins/OpenFlight/ReaderWriterFLT.cpp | 3 +++
 src/osgPlugins/jpeg/ReaderWriterJPEG.cpp      | 3 +++
 src/osgPlugins/pnm/ReaderWriterPNM.cpp        | 5 +++--
 src/osgPlugins/rgb/ReaderWriterRGB.cpp        | 4 +++-
 4 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/src/osgPlugins/OpenFlight/ReaderWriterFLT.cpp b/src/osgPlugins/OpenFlight/ReaderWriterFLT.cpp
index 96ce7efe7..e01235882 100644
--- a/src/osgPlugins/OpenFlight/ReaderWriterFLT.cpp
+++ b/src/osgPlugins/OpenFlight/ReaderWriterFLT.cpp
@@ -299,6 +299,9 @@ class FLTReaderWriter : public ReaderWriter
                 opcode_type opcode = (opcode_type)dataStream.readUInt16();
                 size_type   size   = (size_type)dataStream.readUInt16();
 
+                if (size==0)
+                    return ReadResult::ERROR_IN_READING_FILE;
+
                 // variable length record complete?
                 if (!continuationBuffer.empty() && opcode!=CONTINUATION_OP)
                 {
diff --git a/src/osgPlugins/jpeg/ReaderWriterJPEG.cpp b/src/osgPlugins/jpeg/ReaderWriterJPEG.cpp
index a4cf5d3ea..9ef3b1199 100644
--- a/src/osgPlugins/jpeg/ReaderWriterJPEG.cpp
+++ b/src/osgPlugins/jpeg/ReaderWriterJPEG.cpp
@@ -614,6 +614,9 @@ class ReaderWriterJPEG : public osgDB::ReaderWriter
 {
         WriteResult::WriteStatus write_JPEG_file (std::ostream &fout,int image_width,int image_height,JSAMPLE* image_buffer,int quality = 100) const
         {
+            if ( (image_width == 0) || (image_height == 0) )
+                return WriteResult::ERROR_IN_WRITING_FILE;
+
             /* This struct contains the JPEG compression parameters and pointers to
             * working space (which is allocated as needed by the JPEG library).
             * It is possible to have several such structures, representing multiple
diff --git a/src/osgPlugins/pnm/ReaderWriterPNM.cpp b/src/osgPlugins/pnm/ReaderWriterPNM.cpp
index bc99efc6d..f3ccdbaa0 100644
--- a/src/osgPlugins/pnm/ReaderWriterPNM.cpp
+++ b/src/osgPlugins/pnm/ReaderWriterPNM.cpp
@@ -279,7 +279,8 @@ class ReaderWriterPNM : public osgDB::ReaderWriter
             int row;
             for (row = 1; row <= 3; row++)
             {
-                fgets(line, 300, fp);
+                if ( fgets(line, 300, fp) == NULL)
+                    break;
 
                 char *cp = line;
                 while (*cp && isspace(*cp))
@@ -326,7 +327,7 @@ class ReaderWriterPNM : public osgDB::ReaderWriter
                 ppmtype < 1 || ppmtype > 6)
             {
                 fclose(fp);
-                return ReadResult::FILE_NOT_HANDLED;
+                return ReadResult::ERROR_IN_READING_FILE;
             }
 
             int pixelFormat = 0;
diff --git a/src/osgPlugins/rgb/ReaderWriterRGB.cpp b/src/osgPlugins/rgb/ReaderWriterRGB.cpp
index 77af41920..cbc01953a 100644
--- a/src/osgPlugins/rgb/ReaderWriterRGB.cpp
+++ b/src/osgPlugins/rgb/ReaderWriterRGB.cpp
@@ -168,6 +168,8 @@ static rawImageRec *RawImageOpen(std::istream& fin)
     }
 
     fin.read((char*)raw,12);
+    if (!fin.good())
+        return NULL;
 
     if (raw->swapFlag)
     {
@@ -459,7 +461,7 @@ class ReaderWriterRGB : public osgDB::ReaderWriter
 
             if( (raw = RawImageOpen(fin)) == NULL )
             {
-                return ReadResult::FILE_NOT_HANDLED;
+                return ReadResult::ERROR_IN_READING_FILE;
             }
 
             int s = raw->sizeX;