After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 743932 - Poppler JPXStream.cc JPXStream::readTilePartData received SIGSEGV Memory Corruption Vulnerability
Poppler JPXStream.cc JPXStream::readTilePartData received SIGSEGV Memory Corr...
Status: RESOLVED NOTGNOME
Product: evince
Classification: Core
Component: PDF
3.4.x
Other Linux
: Normal normal
: ---
Assigned To: Evince Maintainers
Evince Maintainers
Depends on:
Blocks:
 
 
Reported: 2015-02-03 13:23 UTC by Veysel
Modified: 2015-02-05 11:46 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
Crasher (1.31 KB, application/pdf)
2015-02-05 07:25 UTC, Veysel
Details

Description Veysel 2015-02-03 13:23:13 UTC
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb4bc1b40 (LWP 17603)]
[----------------------------------registers-----------------------------------]
EAX: 0x41 ('A')
EBX: 0xb43a9ff4 --> 0x1b0ba4 
ECX: 0x0 
EDX: 0xb4e35bf0 --> 0xb43a72c8 --> 0xb4258390 (<_ZN9JPXStreamD2Ev>:     sub    esp,0x1c)
ESI: 0xb4e16388 --> 0xb43a7b88 --> 0xb42a4ff0 (<_ZN23GfxDeviceGrayColorSpaceD2Ev>:      push   ebx)
EDI: 0xb4e35bf0 --> 0xb43a72c8 --> 0xb4258390 (<_ZN9JPXStreamD2Ev>:     sub    esp,0x1c)
EBP: 0x67cd3c20 
ESP: 0xb4bc0660 --> 0xb4e00048 --> 0xb4e25448 --> 0x0 
EIP: 0xb425b1b9 (<_ZN9JPXStream16readTilePartDataEjjb+137>:     mov    edi,DWORD PTR [ebp+0x48])
EFLAGS: 0x10a03 (CARRY parity adjust zero sign trap INTERRUPT direction OVERFLOW)
[-------------------------------------code-------------------------------------]
   0xb425b1a8 <_ZN9JPXStream16readTilePartDataEjjb+120>:        mov    eax,DWORD PTR [esp+0xa8]
   0xb425b1af <_ZN9JPXStream16readTilePartDataEjjb+127>:        mov    esi,DWORD PTR [edx+0x28]
   0xb425b1b2 <_ZN9JPXStream16readTilePartDataEjjb+130>:        mov    edx,DWORD PTR [esp+0xa0]
=> 0xb425b1b9 <_ZN9JPXStream16readTilePartDataEjjb+137>:        mov    edi,DWORD PTR [ebp+0x48]
   0xb425b1bc <_ZN9JPXStream16readTilePartDataEjjb+140>:        mov    DWORD PTR [esp+0x48],ebp
   0xb425b1c0 <_ZN9JPXStream16readTilePartDataEjjb+144>:        mov    DWORD PTR [esp+0x4],eax
   0xb425b1c4 <_ZN9JPXStream16readTilePartDataEjjb+148>:        mov    DWORD PTR [esp],edx
   0xb425b1c7 <_ZN9JPXStream16readTilePartDataEjjb+151>:        call   0xb425b0d0 <_ZN9JPXStream11startBitBufEj>
[------------------------------------stack-------------------------------------]
0000| 0xb4bc0660 --> 0xb4e00048 --> 0xb4e25448 --> 0x0 
0004| 0xb4bc0664 --> 0x1 
0008| 0xb4bc0668 --> 0x400 
0012| 0xb4bc066c --> 0x48 ('H')
0016| 0xb4bc0670 --> 0x10 
0020| 0xb4bc0674 --> 0x418 
0024| 0xb4bc0678 --> 0x2 
0028| 0xb4bc067c --> 0x0 
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0xb425b1b9 in JPXStream::readTilePartData(unsigned int, unsigned int, bool) ()
   from /usr/lib/i386-linux-gnu/libpoppler.so.19
gdb-peda$


=========(gdb exploitable log)=============

Linux 3.2 Ubuntu 12.04.1 LTS Evince 3.4.0 

Program received signal SIGSEGV, Segmentation fault.

Thread 3045059392 (LWP 2951)

  • #0 JPXStream::readTilePartData(unsigned int, unsigned int, bool)
    from /usr/lib/i386-linux-gnu/libpoppler.so.19
  • #1 JPXStream::readTilePart()
    from /usr/lib/i386-linux-gnu/libpoppler.so.19
  • #2 JPXStream::readCodestream(unsigned int)
    from /usr/lib/i386-linux-gnu/libpoppler.so.19
  • #3 JPXStream::readBoxes()
    from /usr/lib/i386-linux-gnu/libpoppler.so.19
  • #4 JPXStream::reset()
    from /usr/lib/i386-linux-gnu/libpoppler.so.19
  • #5 ImageStream::reset()
    from /usr/lib/i386-linux-gnu/libpoppler.so.19
  • #6 CairoOutputDev::drawImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, bool, int*, bool)
    from /usr/lib/i386-linux-gnu/libpoppler-glib.so.8
  • #7 Gfx::doImage(Object*, Stream*, bool)
    from /usr/lib/i386-linux-gnu/libpoppler.so.19
  • #8 Gfx::opXObject(Object*, int)
    from /usr/lib/i386-linux-gnu/libpoppler.so.19
  • #9 Gfx::execOp(Object*, Object*, int)
    from /usr/lib/i386-linux-gnu/libpoppler.so.19
  • #10 Gfx::go(bool)
    from /usr/lib/i386-linux-gnu/libpoppler.so.19
  • #11 Gfx::display(Object*, bool)
    from /usr/lib/i386-linux-gnu/libpoppler.so.19
  • #12 Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, Catalog*, bool (*)(void*), void*, bool (*)(Annot*, void*), void*)
    from /usr/lib/i386-linux-gnu/libpoppler.so.19
  • #13 ??
    from /usr/lib/i386-linux-gnu/libpoppler-glib.so.8
  • #14 ??
    from /usr/lib/evince/4/backends/libpdfdocument.so
  • #15 ??
    from /usr/lib/evince/4/backends/libpdfdocument.so
  • #16 ev_document_render
    from /usr/lib/libevdocument3.so.4
  • #17 ??
    from /usr/lib/libevview3.so.3
  • #18 ev_job_run
    from /usr/lib/libevview3.so.3
  • #19 ??
    from /usr/lib/libevview3.so.3
  • #20 ??
    from /lib/i386-linux-gnu/libglib-2.0.so.0
  • #21 start_thread
    at pthread_create.c line 308
  • #22 clone
    at ../sysdeps/unix/sysv/linux/i386/clone.S line 130

eax            0x41	65
ecx            0x0	0
edx            0xb3dcae98	-1277383016
ebx            0xb43ffff4	-1270874124
esp            0xb57fd660	0xb57fd660
ebp            0xfdacfda5	0xfdacfda5
esi            0x40844800	1082411008
edi            0xb3dcae98	-1277383016
eip            0xb42b11b9	0xb42b11b9 <JPXStream::readTilePartData(unsigned int, unsigned int, bool)+137>
eflags         0x10286	[ PF SF IF RF ]
cs             0x73	115
ss             0x7b	123
ds             0x7b	123
es             0x7b	123
fs             0x0	0
gs             0x33	51

=> 0xb42b11b9 <_ZN9JPXStream16readTilePartDataEjjb+137>:	mov    edi,DWORD PTR [ebp+0x48]

Dump of assembler code for function _ZN9JPXStream16readTilePartDataEjjb:
   0xb42b1130 <+0>:	push   ebp
   0xb42b1131 <+1>:	push   edi
   0xb42b1132 <+2>:	push   esi
   0xb42b1133 <+3>:	push   ebx
   0xb42b1134 <+4>:	sub    esp,0x8c
   0xb42b113a <+10>:	mov    ebp,DWORD PTR [esp+0xa0]
   0xb42b1141 <+17>:	imul   esi,DWORD PTR [esp+0xa4],0x34
   0xb42b1149 <+25>:	call   0xb42a1b47
   0xb42b114e <+30>:	add    ebx,0x14eea6
   0xb42b1154 <+36>:	movzx  edx,BYTE PTR [esp+0xac]
   0xb42b115c <+44>:	mov    ebp,DWORD PTR [ebp+0xb4]
   0xb42b1162 <+50>:	mov    BYTE PTR [esp+0x6f],dl
   0xb42b1166 <+54>:	add    esi,ebp
   0xb42b1168 <+56>:	mov    DWORD PTR [esp+0x34],esi
   0xb42b116c <+60>:	cmp    BYTE PTR [esp+0x6f],0x0
   0xb42b1171 <+65>:	jne    0xb42b1182 <_ZN9JPXStream16readTilePartDataEjjb+82>
   0xb42b1173 <+67>:	mov    eax,DWORD PTR [esp+0xa8]
   0xb42b117a <+74>:	test   eax,eax
   0xb42b117c <+76>:	je     0xb42b18bd <_ZN9JPXStream16readTilePartDataEjjb+1933>
   0xb42b1182 <+82>:	mov    edx,DWORD PTR [esp+0x34]
   0xb42b1186 <+86>:	mov    esi,DWORD PTR [esp+0x34]
   0xb42b118a <+90>:	mov    ebp,DWORD PTR [esp+0x34]
   0xb42b118e <+94>:	imul   edx,DWORD PTR [edx+0x20],0x58
   0xb42b1192 <+98>:	mov    esi,DWORD PTR [esi+0x30]
   0xb42b1195 <+101>:	imul   ebp,DWORD PTR [ebp+0x24],0x4c
   0xb42b1199 <+105>:	add    edx,esi
   0xb42b119b <+107>:	mov    eax,DWORD PTR [edx+0x54]
   0xb42b119e <+110>:	mov    DWORD PTR [esp+0x44],edx
   0xb42b11a2 <+114>:	mov    edx,DWORD PTR [esp+0x34]
   0xb42b11a6 <+118>:	add    ebp,eax
   0xb42b11a8 <+120>:	mov    eax,DWORD PTR [esp+0xa8]
   0xb42b11af <+127>:	mov    esi,DWORD PTR [edx+0x28]
   0xb42b11b2 <+130>:	mov    edx,DWORD PTR [esp+0xa0]
=> 0xb42b11b9 <+137>:	mov    edi,DWORD PTR [ebp+0x48]
   0xb42b11bc <+140>:	mov    DWORD PTR [esp+0x48],ebp
   0xb42b11c0 <+144>:	mov    DWORD PTR [esp+0x4],eax
   0xb42b11c4 <+148>:	mov    DWORD PTR [esp],edx
   0xb42b11c7 <+151>:	call   0xb42b10d0 <_ZN9JPXStream11startBitBufEj>
   0xb42b11cc <+156>:	mov    ebp,DWORD PTR [esp+0xa0]
   0xb42b11d3 <+163>:	lea    ecx,[esp+0x7c]
   0xb42b11d7 <+167>:	mov    DWORD PTR [esp+0x8],ecx
   0xb42b11db <+171>:	mov    DWORD PTR [esp+0x4],0x1
   0xb42b11e3 <+179>:	mov    DWORD PTR [esp],ebp
   0xb42b11e6 <+182>:	call   0xb42b0fd0 <_ZN9JPXStream8readBitsEiPj>
   0xb42b11eb <+187>:	test   al,al
   0xb42b11ed <+189>:	je     0xb42b15e3 <_ZN9JPXStream16readTilePartDataEjjb+1203>
   0xb42b11f3 <+195>:	lea    eax,[esi+esi*4]
   0xb42b11f6 <+198>:	lea    eax,[edi+eax*4]
   0xb42b11f9 <+201>:	mov    DWORD PTR [esp+0x40],eax
   0xb42b11fd <+205>:	mov    eax,DWORD PTR [esp+0x7c]
   0xb42b1201 <+209>:	test   eax,eax
   0xb42b1203 <+211>:	je     0xb42b14d8 <_ZN9JPXStream16readTilePartDataEjjb+936>
   0xb42b1209 <+217>:	mov    esi,DWORD PTR [esp+0x34]
   0xb42b120d <+221>:	mov    DWORD PTR [esp+0x64],0x0
   0xb42b1215 <+229>:	mov    DWORD PTR [esp+0x60],0x0
   0xb42b121d <+237>:	mov    edx,DWORD PTR [esi+0x24]
   0xb42b1220 <+240>:	cmp    edx,0x1
   0xb42b1223 <+243>:	sbb    eax,eax
   0xb42b1225 <+245>:	and    eax,0xfffffffe
   0xb42b1228 <+248>:	add    eax,0x3
   0xb42b122b <+251>:	cmp    DWORD PTR [esp+0x60],eax
   0xb42b122f <+255>:	jae    0xb42b13c8 <_ZN9JPXStream16readTilePartDataEjjb+664>
   0xb42b1235 <+261>:	mov    ebp,DWORD PTR [esp+0x40]
   0xb42b1239 <+265>:	mov    edi,DWORD PTR [esp+0x64]
   0xb42b123d <+269>:	add    edi,DWORD PTR [ebp+0x10]
   0xb42b1240 <+272>:	mov    eax,DWORD PTR [edi+0x14]
   0xb42b1243 <+275>:	test   eax,eax
   0xb42b1245 <+277>:	je     0xb42b13b2 <_ZN9JPXStream16readTilePartDataEjjb+642>
   0xb42b124b <+283>:	mov    edx,DWORD PTR [edi+0x10]
   0xb42b124e <+286>:	mov    DWORD PTR [esp+0x3c],0x0
   0xb42b1256 <+294>:	test   edx,edx
   0xb42b1258 <+296>:	je     0xb42b1399 <_ZN9JPXStream16readTilePartDataEjjb+617>
   0xb42b125e <+302>:	mov    DWORD PTR [esp+0x30],0x0
   0xb42b1266 <+310>:	mov    esi,DWORD PTR [esp+0x3c]
   0xb42b126a <+314>:	imul   esi,edx
   0xb42b126d <+317>:	add    esi,DWORD PTR [esp+0x30]
   0xb42b1271 <+321>:	imul   esi,esi,0x38
   0xb42b1274 <+324>:	add    esi,DWORD PTR [edi+0x24]
   0xb42b1277 <+327>:	mov    eax,DWORD PTR [esi+0x8]
   0xb42b127a <+330>:	cmp    DWORD PTR [esi],eax
   0xb42b127c <+332>:	jae    0xb42b1383 <_ZN9JPXStream16readTilePartDataEjjb+595>
   0xb42b1282 <+338>:	mov    ecx,DWORD PTR [esi+0xc]
   0xb42b1285 <+341>:	cmp    DWORD PTR [esi+0x4],ecx
   0xb42b1288 <+344>:	jae    0xb42b1383 <_ZN9JPXStream16readTilePartDataEjjb+595>
   0xb42b128e <+350>:	cmp    BYTE PTR [esi+0x10],0x0
   0xb42b1292 <+354>:	jne    0xb42b1611 <_ZN9JPXStream16readTilePartDataEjjb+1249>
   0xb42b1298 <+360>:	mov    ecx,DWORD PTR [edi+0x18]
   0xb42b129b <+363>:	test   ecx,ecx
   0xb42b129d <+365>:	mov    DWORD PTR [esp+0x38],ecx
   0xb42b12a1 <+369>:	js     0xb42b17c0 <_ZN9JPXStream16readTilePartDataEjjb+1680>
   0xb42b12a7 <+375>:	mov    ebp,DWORD PTR [esp+0x34]
   0xb42b12ab <+379>:	mov    eax,DWORD PTR [edi+0x1c]
   0xb42b12ae <+382>:	mov    DWORD PTR [esp+0x54],0x0
   0xb42b12b6 <+390>:	mov    DWORD PTR [esp+0x2c],0x0
   0xb42b12be <+398>:	mov    ecx,DWORD PTR [ebp+0x2c]
   0xb42b12c1 <+401>:	mov    DWORD PTR [esp+0x4c],esi
   0xb42b12c5 <+405>:	mov    ebp,ecx
   0xb42b12c7 <+407>:	movzx  ecx,BYTE PTR [esp+0x38]
   0xb42b12cc <+412>:	mov    esi,0x1
   0xb42b12d1 <+417>:	shl    esi,cl
   0xb42b12d3 <+419>:	lea    edx,[esi+edx*1-0x1]
   0xb42b12d7 <+423>:	mov    DWORD PTR [esp+0x58],esi
   0xb42b12db <+427>:	mov    esi,DWORD PTR [edi+0x14]
   0xb42b12de <+430>:	shr    edx,cl
   0xb42b12e0 <+432>:	mov    DWORD PTR [esp+0x50],edx
   0xb42b12e4 <+436>:	mov    edx,DWORD PTR [esp+0x30]
   0xb42b12e8 <+440>:	mov    DWORD PTR [esp+0x68],esi
   0xb42b12ec <+444>:	mov    esi,DWORD PTR [esp+0x54]
   0xb42b12f0 <+448>:	shr    edx,cl
   0xb42b12f2 <+450>:	add    esi,edx
   0xb42b12f4 <+452>:	mov    edx,DWORD PTR [esp+0x3c]
   0xb42b12f8 <+456>:	shr    edx,cl
   0xb42b12fa <+458>:	imul   edx,DWORD PTR [esp+0x50]
   0xb42b12ff <+463>:	add    esi,edx
   0xb42b1301 <+465>:	shl    esi,0x3
   0xb42b1304 <+468>:	mov    ecx,esi
   0xb42b1306 <+470>:	add    ecx,eax
   0xb42b1308 <+472>:	movzx  edx,BYTE PTR [ecx]
   0xb42b130b <+475>:	mov    DWORD PTR [esp+0x24],esi
   0xb42b130f <+479>:	mov    esi,DWORD PTR [ecx+0x4]
   0xb42b1312 <+482>:	test   dl,dl
   0xb42b1314 <+484>:	jne    0xb42b17de <_ZN9JPXStream16readTilePartDataEjjb+1710>
   0xb42b131a <+490>:	test   esi,esi
   0xb42b131c <+492>:	mov    DWORD PTR [esp+0x5c],esi
   0xb42b1320 <+496>:	jne    0xb42b17da <_ZN9JPXStream16readTilePartDataEjjb+1706>
   0xb42b1326 <+502>:	mov    esi,DWORD PTR [esp+0x2c]
   0xb42b132a <+506>:	mov    DWORD PTR [ecx+0x4],esi
   0xb42b132d <+509>:	mov    esi,DWORD PTR [esp+0x24]
   0xb42b1331 <+513>:	lea    esi,[esi+eiz*1+0x0]
   0xb42b1338 <+520>:	test   dl,dl
   0xb42b133a <+522>:	je     0xb42b1758 <_ZN9JPXStream16readTilePartDataEjjb+1576>
   0xb42b1340 <+528>:	mov    esi,DWORD PTR [esp+0x2c]
   0xb42b1344 <+532>:	cmp    esi,ebp
   0xb42b1346 <+534>:	mov    DWORD PTR [ecx+0x4],esi
   0xb42b1349 <+537>:	ja     0xb42b18c7 <_ZN9JPXStream16readTilePartDataEjjb+1943>
   0xb42b134f <+543>:	mov    ecx,DWORD PTR [esp+0x58]
   0xb42b1353 <+547>:	mov    esi,DWORD PTR [esp+0x68]
   0xb42b1357 <+551>:	lea    edx,[ecx+esi*1-0x1]
   0xb42b135b <+555>:	movzx  ecx,BYTE PTR [esp+0x38]
   0xb42b1360 <+560>:	sub    DWORD PTR [esp+0x38],0x1
   0xb42b1365 <+565>:	shr    edx,cl
   0xb42b1367 <+567>:	imul   edx,DWORD PTR [esp+0x50]
   0xb42b136c <+572>:	add    DWORD PTR [esp+0x54],edx
   0xb42b1370 <+576>:	cmp    DWORD PTR [esp+0x38],0xffffffff
   0xb42b1375 <+581>:	je     0xb42b18c7 <_ZN9JPXStream16readTilePartDataEjjb+1943>
   0xb42b137b <+587>:	mov    edx,DWORD PTR [edi+0x10]
   0xb42b137e <+590>:	jmp    0xb42b12c7 <_ZN9JPXStream16readTilePartDataEjjb+407>
   0xb42b1383 <+595>:	mov    DWORD PTR [esi+0x20],0x0
   0xb42b138a <+602>:	add    DWORD PTR [esp+0x30],0x1
   0xb42b138f <+607>:	cmp    edx,DWORD PTR [esp+0x30]
   0xb42b1393 <+611>:	ja     0xb42b1266 <_ZN9JPXStream16readTilePartDataEjjb+310>
   0xb42b1399 <+617>:	add    DWORD PTR [esp+0x3c],0x1
   0xb42b139e <+622>:	mov    esi,DWORD PTR [esp+0x3c]
   0xb42b13a2 <+626>:	cmp    DWORD PTR [edi+0x14],esi
   0xb42b13a5 <+629>:	ja     0xb42b1256 <_ZN9JPXStream16readTilePartDataEjjb+294>
   0xb42b13ab <+635>:	mov    ebp,DWORD PTR [esp+0x34]
   0xb42b13af <+639>:	mov    edx,DWORD PTR [ebp+0x24]
   0xb42b13b2 <+642>:	add    DWORD PTR [esp+0x60],0x1
   0xb42b13b7 <+647>:	add    DWORD PTR [esp+0x64],0x28
   0xb42b13bc <+652>:	jmp    0xb42b1220 <_ZN9JPXStream16readTilePartDataEjjb+240>
   0xb42b13c1 <+657>:	lea    esi,[esi+eiz*1+0x0]
   0xb42b13c8 <+664>:	mov    edx,DWORD PTR [esp+0xa0]
   0xb42b13cf <+671>:	mov    DWORD PTR [esp],edx
   0xb42b13d2 <+674>:	call   0xb42b10f0 <_ZN9JPXStream12finishBitBufEv>
   0xb42b13d7 <+679>:	mov    esi,DWORD PTR [esp+0x34]
   0xb42b13db <+683>:	mov    DWORD PTR [esp+0x38],0x0
   0xb42b13e3 <+691>:	mov    DWORD PTR [esp+0x30],0x0
   0xb42b13eb <+699>:	mov    ecx,DWORD PTR [esi+0x24]
   0xb42b13ee <+702>:	mov    DWORD PTR [esp+0xa8],eax
   0xb42b13f5 <+709>:	cmp    ecx,0x1
   0xb42b13f8 <+712>:	sbb    eax,eax
   0xb42b13fa <+714>:	and    eax,0xfffffffe
   0xb42b13fd <+717>:	add    eax,0x3
   0xb42b1400 <+720>:	cmp    DWORD PTR [esp+0x30],eax
   0xb42b1404 <+724>:	jae    0xb42b190b <_ZN9JPXStream16readTilePartDataEjjb+2011>
   0xb42b140a <+730>:	mov    edx,DWORD PTR [esp+0x40]
   0xb42b140e <+734>:	mov    ebp,DWORD PTR [esp+0x38]
   0xb42b1412 <+738>:	add    ebp,DWORD PTR [edx+0x10]
   0xb42b1415 <+741>:	mov    eax,DWORD PTR [ebp+0x14]
   0xb42b1418 <+744>:	test   eax,eax
   0xb42b141a <+746>:	je     0xb42b14bc <_ZN9JPXStream16readTilePartDataEjjb+908>
   0xb42b1420 <+752>:	mov    eax,DWORD PTR [ebp+0x10]
   0xb42b1423 <+755>:	xor    edx,edx
   0xb42b1425 <+757>:	xor    edi,edi
   0xb42b1427 <+759>:	test   eax,eax
   0xb42b1429 <+761>:	jne    0xb42b1437 <_ZN9JPXStream16readTilePartDataEjjb+775>
   0xb42b142b <+763>:	jmp    0xb42b14b0 <_ZN9JPXStream16readTilePartDataEjjb+896>
   0xb42b1430 <+768>:	add    edi,0x1
   0xb42b1433 <+771>:	cmp    eax,edi
   0xb42b1435 <+773>:	jbe    0xb42b14b0 <_ZN9JPXStream16readTilePartDataEjjb+896>
   0xb42b1437 <+775>:	mov    esi,eax
   0xb42b1439 <+777>:	imul   esi,edx
   0xb42b143c <+780>:	add    esi,edi
   0xb42b143e <+782>:	imul   esi,esi,0x38
   0xb42b1441 <+785>:	add    esi,DWORD PTR [ebp+0x24]
   0xb42b1444 <+788>:	cmp    DWORD PTR [esi+0x20],0x0
   0xb42b1448 <+792>:	je     0xb42b1430 <_ZN9JPXStream16readTilePartDataEjjb+768>
   0xb42b144a <+794>:	mov    eax,DWORD PTR [esp+0x30]
   0xb42b144e <+798>:	mov    DWORD PTR [esp+0x14],ecx
   0xb42b1452 <+802>:	mov    ecx,DWORD PTR [esp+0x40]
   0xb42b1456 <+806>:	mov    DWORD PTR [esp+0x28],edx
   0xb42b145a <+810>:	mov    DWORD PTR [esp+0x1c],esi
   0xb42b145e <+814>:	mov    DWORD PTR [esp+0x18],eax
   0xb42b1462 <+818>:	mov    eax,DWORD PTR [esp+0x48]
   0xb42b1466 <+822>:	mov    DWORD PTR [esp+0xc],ecx
   0xb42b146a <+826>:	mov    ecx,DWORD PTR [esp+0x44]
   0xb42b146e <+830>:	mov    DWORD PTR [esp+0x10],ebp
   0xb42b1472 <+834>:	mov    DWORD PTR [esp+0x8],eax
   0xb42b1476 <+838>:	mov    eax,DWORD PTR [esp+0xa0]
   0xb42b147d <+845>:	mov    DWORD PTR [esp+0x4],ecx
   0xb42b1481 <+849>:	mov    DWORD PTR [esp],eax
   0xb42b1484 <+852>:	call   0xb42ae7a0 <_ZN9JPXStream17readCodeBlockDataEP11JPXTileCompP11JPXResLevelP11JPXPrecinctP10JPXSubbandjjP12JPXCodeBlock>
   0xb42b1489 <+857>:	mov    edx,DWORD PTR [esp+0x28]
   0xb42b148d <+861>:	test   al,al
   0xb42b148f <+863>:	je     0xb42b14cb <_ZN9JPXStream16readTilePartDataEjjb+923>
   0xb42b1491 <+865>:	mov    eax,DWORD PTR [ebp+0x10]
   0xb42b1494 <+868>:	add    edi,0x1
   0xb42b1497 <+871>:	mov    ecx,DWORD PTR [esi+0x28]
   0xb42b149a <+874>:	mov    BYTE PTR [esi+0x10],0x1
   0xb42b149e <+878>:	mov    esi,DWORD PTR [esp+0x34]
   0xb42b14a2 <+882>:	sub    DWORD PTR [esp+0xa8],ecx
   0xb42b14a9 <+889>:	cmp    eax,edi
   0xb42b14ab <+891>:	mov    ecx,DWORD PTR [esi+0x24]
   0xb42b14ae <+894>:	ja     0xb42b1437 <_ZN9JPXStream16readTilePartDataEjjb+775>
   0xb42b14b0 <+896>:	add    edx,0x1
   0xb42b14b3 <+899>:	cmp    DWORD PTR [ebp+0x14],edx
   0xb42b14b6 <+902>:	ja     0xb42b1425 <_ZN9JPXStream16readTilePartDataEjjb+757>
   0xb42b14bc <+908>:	add    DWORD PTR [esp+0x30],0x1
   0xb42b14c1 <+913>:	add    DWORD PTR [esp+0x38],0x28
   0xb42b14c6 <+918>:	jmp    0xb42b13f5 <_ZN9JPXStream16readTilePartDataEjjb+709>
   0xb42b14cb <+923>:	xor    eax,eax
   0xb42b14cd <+925>:	add    esp,0x8c
   0xb42b14d3 <+931>:	pop    ebx
   0xb42b14d4 <+932>:	pop    esi
   0xb42b14d5 <+933>:	pop    edi
   0xb42b14d6 <+934>:	pop    ebp
   0xb42b14d7 <+935>:	ret    
   0xb42b14d8 <+936>:	mov    ebp,DWORD PTR [esp+0x34]
   0xb42b14dc <+940>:	mov    DWORD PTR [esp+0x3c],0x0
   0xb42b14e4 <+948>:	mov    DWORD PTR [esp+0x38],0x0
   0xb42b14ec <+956>:	mov    ebp,DWORD PTR [ebp+0x24]
   0xb42b14ef <+959>:	mov    DWORD PTR [esp+0x4c],ebp
   0xb42b14f3 <+963>:	nop
   0xb42b14f4 <+964>:	lea    esi,[esi+eiz*1+0x0]
   0xb42b14f8 <+968>:	cmp    DWORD PTR [esp+0x4c],0x1
   0xb42b14fd <+973>:	sbb    eax,eax
   0xb42b14ff <+975>:	and    eax,0xfffffffe
   0xb42b1502 <+978>:	add    eax,0x3
   0xb42b1505 <+981>:	cmp    DWORD PTR [esp+0x38],eax
   0xb42b1509 <+985>:	jae    0xb42b13c8 <_ZN9JPXStream16readTilePartDataEjjb+664>
   0xb42b150f <+991>:	mov    edx,DWORD PTR [esp+0x40]
   0xb42b1513 <+995>:	mov    ebp,DWORD PTR [esp+0x3c]
   0xb42b1517 <+999>:	add    ebp,DWORD PTR [edx+0x10]
   0xb42b151a <+1002>:	mov    ecx,DWORD PTR [ebp+0x14]
   0xb42b151d <+1005>:	test   ecx,ecx
   0xb42b151f <+1007>:	mov    DWORD PTR [esp+0x2c],ecx
   0xb42b1523 <+1011>:	je     0xb42b1565 <_ZN9JPXStream16readTilePartDataEjjb+1077>
   0xb42b1525 <+1013>:	mov    ecx,DWORD PTR [ebp+0x10]
   0xb42b1528 <+1016>:	xor    edi,edi
   0xb42b152a <+1018>:	imul   esi,ecx,0x38
   0xb42b152d <+1021>:	mov    DWORD PTR [esp+0x30],esi
   0xb42b1531 <+1025>:	xor    esi,esi
   0xb42b1533 <+1027>:	nop
   0xb42b1534 <+1028>:	lea    esi,[esi+eiz*1+0x0]
   0xb42b1538 <+1032>:	test   ecx,ecx
   0xb42b153a <+1034>:	je     0xb42b1558 <_ZN9JPXStream16readTilePartDataEjjb+1064>
   0xb42b153c <+1036>:	mov    edx,DWORD PTR [ebp+0x24]
   0xb42b153f <+1039>:	xor    eax,eax
   0xb42b1541 <+1041>:	add    edx,edi
   0xb42b1543 <+1043>:	add    edx,0x20
   0xb42b1546 <+1046>:	xchg   ax,ax
   0xb42b1548 <+1048>:	add    eax,0x1
   0xb42b154b <+1051>:	mov    DWORD PTR [edx],0x0
   0xb42b1551 <+1057>:	add    edx,0x38
   0xb42b1554 <+1060>:	cmp    eax,ecx
   0xb42b1556 <+1062>:	jne    0xb42b1548 <_ZN9JPXStream16readTilePartDataEjjb+1048>
   0xb42b1558 <+1064>:	add    esi,0x1
   0xb42b155b <+1067>:	add    edi,DWORD PTR [esp+0x30]
   0xb42b155f <+1071>:	cmp    esi,DWORD PTR [esp+0x2c]
   0xb42b1563 <+1075>:	jne    0xb42b1538 <_ZN9JPXStream16readTilePartDataEjjb+1032>
   0xb42b1565 <+1077>:	add    DWORD PTR [esp+0x38],0x1
   0xb42b156a <+1082>:	add    DWORD PTR [esp+0x3c],0x28
   0xb42b156f <+1087>:	jmp    0xb42b14f8 <_ZN9JPXStream16readTilePartDataEjjb+968>
   0xb42b1571 <+1089>:	xor    ebp,ebp
   0xb42b1573 <+1091>:	mov    DWORD PTR [esi+0x1c],ebp
   0xb42b1576 <+1094>:	mov    edx,DWORD PTR [esp+0xa0]
   0xb42b157d <+1101>:	lea    ebp,[esp+0x7c]
   0xb42b1581 <+1105>:	mov    DWORD PTR [esp+0x8],ebp
   0xb42b1585 <+1109>:	mov    DWORD PTR [esp+0x4],0x1
   0xb42b158d <+1117>:	mov    DWORD PTR [esp],edx
   0xb42b1590 <+1120>:	call   0xb42b0fd0 <_ZN9JPXStream8readBitsEiPj>
   0xb42b1595 <+1125>:	test   al,al
   0xb42b1597 <+1127>:	je     0xb42b15e3 <_ZN9JPXStream16readTilePartDataEjjb+1203>
   0xb42b1599 <+1129>:	mov    ebp,DWORD PTR [esp+0x7c]
   0xb42b159d <+1133>:	test   ebp,ebp
   0xb42b159f <+1135>:	jne    0xb42b1847 <_ZN9JPXStream16readTilePartDataEjjb+1815>
   0xb42b15a5 <+1141>:	mov    DWORD PTR [esi+0x24],0x1
   0xb42b15ac <+1148>:	jmp    0xb42b15c0 <_ZN9JPXStream16readTilePartDataEjjb+1168>
   0xb42b15ae <+1150>:	xchg   ax,ax
   0xb42b15b0 <+1152>:	mov    edx,DWORD PTR [esp+0x7c]
   0xb42b15b4 <+1156>:	test   edx,edx
   0xb42b15b6 <+1158>:	je     0xb42b1813 <_ZN9JPXStream16readTilePartDataEjjb+1763>
   0xb42b15bc <+1164>:	add    DWORD PTR [esi+0x14],0x1
   0xb42b15c0 <+1168>:	mov    ebp,DWORD PTR [esp+0xa0]
   0xb42b15c7 <+1175>:	lea    ecx,[esp+0x7c]
   0xb42b15cb <+1179>:	mov    DWORD PTR [esp+0x8],ecx
   0xb42b15cf <+1183>:	mov    DWORD PTR [esp+0x4],0x1
   0xb42b15d7 <+1191>:	mov    DWORD PTR [esp],ebp
   0xb42b15da <+1194>:	call   0xb42b0fd0 <_ZN9JPXStream8readBitsEiPj>
   0xb42b15df <+1199>:	test   al,al
   0xb42b15e1 <+1201>:	jne    0xb42b15b0 <_ZN9JPXStream16readTilePartDataEjjb+1152>
   0xb42b15e3 <+1203>:	mov    esi,DWORD PTR [esp+0xa0]
   0xb42b15ea <+1210>:	mov    eax,DWORD PTR [esi]
   0xb42b15ec <+1212>:	mov    DWORD PTR [esp],esi
   0xb42b15ef <+1215>:	call   DWORD PTR [eax+0x30]
   0xb42b15f2 <+1218>:	lea    edx,[ebx-0x680b9]
   0xb42b15f8 <+1224>:	mov    DWORD PTR [esp+0x4],edx
   0xb42b15fc <+1228>:	mov    DWORD PTR [esp],eax
   0xb42b15ff <+1231>:	call   0xb42d4020 <_Z5erroriPcz>
   0xb42b1604 <+1236>:	add    esp,0x8c
   0xb42b160a <+1242>:	xor    eax,eax
   0xb42b160c <+1244>:	pop    ebx
   0xb42b160d <+1245>:	pop    esi
   0xb42b160e <+1246>:	pop    edi
   0xb42b160f <+1247>:	pop    ebp
   0xb42b1610 <+1248>:	ret    
   0xb42b1611 <+1249>:	mov    ebp,DWORD PTR [esp+0xa0]
   0xb42b1618 <+1256>:	lea    eax,[esi+0x20]
   0xb42b161b <+1259>:	mov    DWORD PTR [esp+0x8],eax
   0xb42b161f <+1263>:	mov    DWORD PTR [esp+0x4],0x1
   0xb42b1627 <+1271>:	mov    DWORD PTR [esp],ebp
   0xb42b162a <+1274>:	call   0xb42b0fd0 <_ZN9JPXStream8readBitsEiPj>
   0xb42b162f <+1279>:	test   al,al
   0xb42b1631 <+1281>:	je     0xb42b15e3 <_ZN9JPXStream16readTilePartDataEjjb+1203>
   0xb42b1633 <+1283>:	mov    eax,DWORD PTR [esi+0x20]
   0xb42b1636 <+1286>:	test   eax,eax
   0xb42b1638 <+1288>:	je     0xb42b17d2 <_ZN9JPXStream16readTilePartDataEjjb+1698>
   0xb42b163e <+1294>:	cmp    BYTE PTR [esi+0x10],0x0
   0xb42b1642 <+1298>:	jne    0xb42b1576 <_ZN9JPXStream16readTilePartDataEjjb+1094>
   0xb42b1648 <+1304>:	mov    ecx,DWORD PTR [edi+0x18]
   0xb42b164b <+1307>:	test   ecx,ecx
   0xb42b164d <+1309>:	mov    DWORD PTR [esp+0x2c],ecx
   0xb42b1651 <+1313>:	js     0xb42b1571 <_ZN9JPXStream16readTilePartDataEjjb+1089>
   0xb42b1657 <+1319>:	mov    eax,DWORD PTR [edi+0x20]
   0xb42b165a <+1322>:	xor    ebp,ebp
   0xb42b165c <+1324>:	mov    DWORD PTR [esp+0x50],0x0
   0xb42b1664 <+1332>:	mov    DWORD PTR [esp+0x68],esi
   0xb42b1668 <+1336>:	movzx  ecx,BYTE PTR [esp+0x2c]
   0xb42b166d <+1341>:	mov    esi,0x1
   0xb42b1672 <+1346>:	mov    edx,DWORD PTR [edi+0x10]
   0xb42b1675 <+1349>:	shl    esi,cl
   0xb42b1677 <+1351>:	lea    edx,[esi+edx*1-0x1]
   0xb42b167b <+1355>:	mov    DWORD PTR [esp+0x54],esi
   0xb42b167f <+1359>:	mov    esi,DWORD PTR [edi+0x14]
   0xb42b1682 <+1362>:	shr    edx,cl
   0xb42b1684 <+1364>:	mov    DWORD PTR [esp+0x38],edx
   0xb42b1688 <+1368>:	mov    edx,DWORD PTR [esp+0x30]
   0xb42b168c <+1372>:	mov    DWORD PTR [esp+0x5c],esi
   0xb42b1690 <+1376>:	mov    esi,DWORD PTR [esp+0x50]
   0xb42b1694 <+1380>:	shr    edx,cl
   0xb42b1696 <+1382>:	add    esi,edx
   0xb42b1698 <+1384>:	mov    edx,DWORD PTR [esp+0x3c]
   0xb42b169c <+1388>:	shr    edx,cl
   0xb42b169e <+1390>:	imul   edx,DWORD PTR [esp+0x38]
   0xb42b16a3 <+1395>:	add    edx,esi
   0xb42b16a5 <+1397>:	mov    esi,edx
   0xb42b16a7 <+1399>:	shl    esi,0x3
   0xb42b16aa <+1402>:	mov    DWORD PTR [esp+0x58],edx
   0xb42b16ae <+1406>:	lea    edx,[eax+esi*1]
   0xb42b16b1 <+1409>:	movzx  ecx,BYTE PTR [edx]
   0xb42b16b4 <+1412>:	test   cl,cl
   0xb42b16b6 <+1414>:	mov    BYTE PTR [esp+0x24],cl
   0xb42b16ba <+1418>:	jne    0xb42b17fe <_ZN9JPXStream16readTilePartDataEjjb+1742>
   0xb42b16c0 <+1424>:	mov    ecx,DWORD PTR [edx+0x4]
   0xb42b16c3 <+1427>:	test   ecx,ecx
   0xb42b16c5 <+1429>:	mov    DWORD PTR [esp+0x4c],ecx
   0xb42b16c9 <+1433>:	jne    0xb42b1805 <_ZN9JPXStream16readTilePartDataEjjb+1749>
   0xb42b16cf <+1439>:	movzx  ecx,BYTE PTR [esp+0x24]
   0xb42b16d4 <+1444>:	mov    DWORD PTR [edx+0x4],ebp
   0xb42b16d7 <+1447>:	test   cl,cl
   0xb42b16d9 <+1449>:	jne    0xb42b171e <_ZN9JPXStream16readTilePartDataEjjb+1518>
   0xb42b16db <+1451>:	mov    edx,DWORD PTR [esp+0xa0]
   0xb42b16e2 <+1458>:	lea    eax,[esp+0x7c]
   0xb42b16e6 <+1462>:	mov    DWORD PTR [esp+0x8],eax
   0xb42b16ea <+1466>:	mov    DWORD PTR [esp+0x4],0x1
   0xb42b16f2 <+1474>:	mov    DWORD PTR [esp],edx
   0xb42b16f5 <+1477>:	call   0xb42b0fd0 <_ZN9JPXStream8readBitsEiPj>
   0xb42b16fa <+1482>:	test   al,al
   0xb42b16fc <+1484>:	je     0xb42b15e3 <_ZN9JPXStream16readTilePartDataEjjb+1203>
   0xb42b1702 <+1490>:	cmp    DWORD PTR [esp+0x7c],0x1
   0xb42b1707 <+1495>:	je     0xb42b17eb <_ZN9JPXStream16readTilePartDataEjjb+1723>
   0xb42b170d <+1501>:	mov    eax,DWORD PTR [edi+0x20]
   0xb42b1710 <+1504>:	add    ebp,0x1
   0xb42b1713 <+1507>:	movzx  ecx,BYTE PTR [eax+esi*1]
   0xb42b1717 <+1511>:	lea    edx,[eax+esi*1]
   0xb42b171a <+1514>:	test   cl,cl
   0xb42b171c <+1516>:	je     0xb42b16db <_ZN9JPXStream16readTilePartDataEjjb+1451>
   0xb42b171e <+1518>:	mov    ecx,DWORD PTR [esp+0x54]
   0xb42b1722 <+1522>:	mov    esi,DWORD PTR [esp+0x5c]
   0xb42b1726 <+1526>:	mov    DWORD PTR [edx+0x4],ebp
   0xb42b1729 <+1529>:	lea    edx,[ecx+esi*1-0x1]
   0xb42b172d <+1533>:	movzx  ecx,BYTE PTR [esp+0x2c]
   0xb42b1732 <+1538>:	sub    DWORD PTR [esp+0x2c],0x1
   0xb42b1737 <+1543>:	shr    edx,cl
   0xb42b1739 <+1545>:	imul   edx,DWORD PTR [esp+0x38]
   0xb42b173e <+1550>:	add    DWORD PTR [esp+0x50],edx
   0xb42b1742 <+1554>:	cmp    DWORD PTR [esp+0x2c],0xffffffff
   0xb42b1747 <+1559>:	jne    0xb42b1668 <_ZN9JPXStream16readTilePartDataEjjb+1336>
   0xb42b174d <+1565>:	mov    esi,DWORD PTR [esp+0x68]
   0xb42b1751 <+1569>:	jmp    0xb42b1573 <_ZN9JPXStream16readTilePartDataEjjb+1091>
   0xb42b1756 <+1574>:	xchg   ax,ax
   0xb42b1758 <+1576>:	cmp    DWORD PTR [esp+0x2c],ebp
   0xb42b175c <+1580>:	ja     0xb42b17b5 <_ZN9JPXStream16readTilePartDataEjjb+1669>
   0xb42b175e <+1582>:	mov    edx,DWORD PTR [esp+0xa0]
   0xb42b1765 <+1589>:	lea    ebp,[esp+0x7c]
   0xb42b1769 <+1593>:	mov    DWORD PTR [esp+0x8],ebp
   0xb42b176d <+1597>:	mov    DWORD PTR [esp+0x4],0x1
   0xb42b1775 <+1605>:	mov    DWORD PTR [esp],edx
   0xb42b1778 <+1608>:	call   0xb42b0fd0 <_ZN9JPXStream8readBitsEiPj>
   0xb42b177d <+1613>:	test   al,al
   0xb42b177f <+1615>:	je     0xb42b15e3 <_ZN9JPXStream16readTilePartDataEjjb+1203>
   0xb42b1785 <+1621>:	cmp    DWORD PTR [esp+0x7c],0x1
   0xb42b178a <+1626>:	je     0xb42b17a7 <_ZN9JPXStream16readTilePartDataEjjb+1655>
   0xb42b178c <+1628>:	mov    eax,DWORD PTR [edi+0x1c]
   0xb42b178f <+1631>:	add    DWORD PTR [esp+0x2c],0x1
   0xb42b1794 <+1636>:	movzx  edx,BYTE PTR [eax+esi*1]
   0xb42b1798 <+1640>:	mov    ecx,DWORD PTR [esp+0x34]
   0xb42b179c <+1644>:	mov    ebp,DWORD PTR [ecx+0x2c]
   0xb42b179f <+1647>:	lea    ecx,[eax+esi*1]
   0xb42b17a2 <+1650>:	jmp    0xb42b1338 <_ZN9JPXStream16readTilePartDataEjjb+520>
   0xb42b17a7 <+1655>:	mov    eax,DWORD PTR [edi+0x1c]
   0xb42b17aa <+1658>:	mov    edx,0x1
   0xb42b17af <+1663>:	mov    BYTE PTR [eax+esi*1],0x1
   0xb42b17b3 <+1667>:	jmp    0xb42b1798 <_ZN9JPXStream16readTilePartDataEjjb+1640>
   0xb42b17b5 <+1669>:	mov    ebp,DWORD PTR [esp+0x2c]
   0xb42b17b9 <+1673>:	mov    esi,DWORD PTR [esp+0x4c]
   0xb42b17bd <+1677>:	mov    DWORD PTR [ecx+0x4],ebp
   0xb42b17c0 <+1680>:	mov    eax,DWORD PTR [esp+0x38]
   0xb42b17c4 <+1684>:	shr    eax,0x1f
   0xb42b17c7 <+1687>:	test   eax,eax
   0xb42b17c9 <+1689>:	mov    DWORD PTR [esi+0x20],eax
   0xb42b17cc <+1692>:	jne    0xb42b163e <_ZN9JPXStream16readTilePartDataEjjb+1294>
   0xb42b17d2 <+1698>:	mov    edx,DWORD PTR [edi+0x10]
   0xb42b17d5 <+1701>:	jmp    0xb42b138a <_ZN9JPXStream16readTilePartDataEjjb+602>
   0xb42b17da <+1706>:	mov    esi,DWORD PTR [esp+0x5c]
   0xb42b17de <+1710>:	mov    DWORD PTR [esp+0x2c],esi
   0xb42b17e2 <+1714>:	mov    esi,DWORD PTR [esp+0x24]
   0xb42b17e6 <+1718>:	jmp    0xb42b1338 <_ZN9JPXStream16readTilePartDataEjjb+520>
   0xb42b17eb <+1723>:	mov    eax,DWORD PTR [edi+0x20]
   0xb42b17ee <+1726>:	mov    ecx,DWORD PTR [esp+0x58]
   0xb42b17f2 <+1730>:	lea    edx,[eax+esi*1]
   0xb42b17f5 <+1733>:	mov    BYTE PTR [eax+ecx*8],0x1
   0xb42b17f9 <+1737>:	jmp    0xb42b171e <_ZN9JPXStream16readTilePartDataEjjb+1518>
   0xb42b17fe <+1742>:	mov    ebp,DWORD PTR [edx+0x4]
   0xb42b1801 <+1745>:	mov    DWORD PTR [esp+0x4c],ebp
   0xb42b1805 <+1749>:	mov    ebp,DWORD PTR [esp+0x4c]
   0xb42b1809 <+1753>:	movzx  ecx,BYTE PTR [esp+0x24]
   0xb42b180e <+1758>:	jmp    0xb42b16d7 <_ZN9JPXStream16readTilePartDataEjjb+1447>
   0xb42b1813 <+1763>:	mov    edx,DWORD PTR [esi+0x24]
   0xb42b1816 <+1766>:	mov    eax,DWORD PTR [esi+0x14]
   0xb42b1819 <+1769>:	shr    edx,1
   0xb42b181b <+1771>:	je     0xb42b1824 <_ZN9JPXStream16readTilePartDataEjjb+1780>
   0xb42b181d <+1773>:	add    eax,0x1
   0xb42b1820 <+1776>:	shr    edx,1
   0xb42b1822 <+1778>:	jne    0xb42b181d <_ZN9JPXStream16readTilePartDataEjjb+1773>
   0xb42b1824 <+1780>:	mov    edx,DWORD PTR [esp+0xa0]
   0xb42b182b <+1787>:	add    esi,0x28
   0xb42b182e <+1790>:	mov    DWORD PTR [esp+0x8],esi
   0xb42b1832 <+1794>:	mov    DWORD PTR [esp+0x4],eax
   0xb42b1836 <+1798>:	mov    DWORD PTR [esp],edx
   0xb42b1839 <+1801>:	call   0xb42b0fd0 <_ZN9JPXStream8readBitsEiPj>
   0xb42b183e <+1806>:	test   al,al
   0xb42b1840 <+1808>:	jne    0xb42b17d2 <_ZN9JPXStream16readTilePartDataEjjb+1698>
   0xb42b1842 <+1810>:	jmp    0xb42b15e3 <_ZN9JPXStream16readTilePartDataEjjb+1203>
   0xb42b1847 <+1815>:	mov    ebp,DWORD PTR [esp+0xa0]
   0xb42b184e <+1822>:	lea    ecx,[esp+0x7c]
   0xb42b1852 <+1826>:	mov    DWORD PTR [esp+0x8],ecx
   0xb42b1856 <+1830>:	mov    DWORD PTR [esp+0x4],0x1
   0xb42b185e <+1838>:	mov    DWORD PTR [esp],ebp
   0xb42b1861 <+1841>:	call   0xb42b0fd0 <_ZN9JPXStream8readBitsEiPj>
   0xb42b1866 <+1846>:	test   al,al
   0xb42b1868 <+1848>:	je     0xb42b15e3 <_ZN9JPXStream16readTilePartDataEjjb+1203>
   0xb42b186e <+1854>:	mov    ecx,DWORD PTR [esp+0x7c]
   0xb42b1872 <+1858>:	test   ecx,ecx
   0xb42b1874 <+1860>:	jne    0xb42b1882 <_ZN9JPXStream16readTilePartDataEjjb+1874>
   0xb42b1876 <+1862>:	mov    DWORD PTR [esi+0x24],0x2
   0xb42b187d <+1869>:	jmp    0xb42b15c0 <_ZN9JPXStream16readTilePartDataEjjb+1168>
   0xb42b1882 <+1874>:	mov    edx,DWORD PTR [esp+0xa0]
   0xb42b1889 <+1881>:	lea    eax,[esp+0x7c]
   0xb42b188d <+1885>:	mov    DWORD PTR [esp+0x8],eax
   0xb42b1891 <+1889>:	mov    DWORD PTR [esp+0x4],0x2
   0xb42b1899 <+1897>:	mov    DWORD PTR [esp],edx
   0xb42b189c <+1900>:	call   0xb42b0fd0 <_ZN9JPXStream8readBitsEiPj>
   0xb42b18a1 <+1905>:	test   al,al
   0xb42b18a3 <+1907>:	je     0xb42b15e3 <_ZN9JPXStream16readTilePartDataEjjb+1203>
   0xb42b18a9 <+1913>:	mov    eax,DWORD PTR [esp+0x7c]
   0xb42b18ad <+1917>:	cmp    eax,0x2
   0xb42b18b0 <+1920>:	ja     0xb42b18d0 <_ZN9JPXStream16readTilePartDataEjjb+1952>
   0xb42b18b2 <+1922>:	add    eax,0x3
   0xb42b18b5 <+1925>:	mov    DWORD PTR [esi+0x24],eax
   0xb42b18b8 <+1928>:	jmp    0xb42b15c0 <_ZN9JPXStream16readTilePartDataEjjb+1168>
   0xb42b18bd <+1933>:	mov    eax,0x1
   0xb42b18c2 <+1938>:	jmp    0xb42b14cd <_ZN9JPXStream16readTilePartDataEjjb+925>
   0xb42b18c7 <+1943>:	mov    esi,DWORD PTR [esp+0x4c]
   0xb42b18cb <+1947>:	jmp    0xb42b17c0 <_ZN9JPXStream16readTilePartDataEjjb+1680>
   0xb42b18d0 <+1952>:	mov    ebp,DWORD PTR [esp+0xa0]
   0xb42b18d7 <+1959>:	lea    ecx,[esp+0x7c]
   0xb42b18db <+1963>:	mov    DWORD PTR [esp+0x8],ecx
   0xb42b18df <+1967>:	mov    DWORD PTR [esp+0x4],0x5
   0xb42b18e7 <+1975>:	mov    DWORD PTR [esp],ebp
   0xb42b18ea <+1978>:	call   0xb42b0fd0 <_ZN9JPXStream8readBitsEiPj>
   0xb42b18ef <+1983>:	test   al,al
   0xb42b18f1 <+1985>:	je     0xb42b15e3 <_ZN9JPXStream16readTilePartDataEjjb+1203>
   0xb42b18f7 <+1991>:	mov    eax,DWORD PTR [esp+0x7c]
   0xb42b18fb <+1995>:	cmp    eax,0x1e
   0xb42b18fe <+1998>:	ja     0xb42b1927 <_ZN9JPXStream16readTilePartDataEjjb+2039>
   0xb42b1900 <+2000>:	add    eax,0x6
   0xb42b1903 <+2003>:	mov    DWORD PTR [esi+0x24],eax
   0xb42b1906 <+2006>:	jmp    0xb42b15c0 <_ZN9JPXStream16readTilePartDataEjjb+1168>
   0xb42b190b <+2011>:	mov    ebp,DWORD PTR [esp+0x34]
   0xb42b190f <+2015>:	cmp    DWORD PTR [ebp+0x0],0x4
   0xb42b1913 <+2019>:	ja     0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60>
   0xb42b1919 <+2025>:	mov    eax,DWORD PTR [ebp+0x0]
   0xb42b191c <+2028>:	mov    eax,DWORD PTR [ebx+eax*4-0x68054]
   0xb42b1923 <+2035>:	add    eax,ebx
   0xb42b1925 <+2037>:	jmp    eax
   0xb42b1927 <+2039>:	mov    edx,DWORD PTR [esp+0xa0]
   0xb42b192e <+2046>:	lea    eax,[esp+0x7c]
   0xb42b1932 <+2050>:	mov    DWORD PTR [esp+0x8],eax
   0xb42b1936 <+2054>:	mov    DWORD PTR [esp+0x4],0x7
   0xb42b193e <+2062>:	mov    DWORD PTR [esp],edx
   0xb42b1941 <+2065>:	call   0xb42b0fd0 <_ZN9JPXStream8readBitsEiPj>
   0xb42b1946 <+2070>:	test   al,al
   0xb42b1948 <+2072>:	je     0xb42b15e3 <_ZN9JPXStream16readTilePartDataEjjb+1203>
   0xb42b194e <+2078>:	mov    eax,DWORD PTR [esp+0x7c]
   0xb42b1952 <+2082>:	add    eax,0x25
   0xb42b1955 <+2085>:	mov    DWORD PTR [esi+0x24],eax
   0xb42b1958 <+2088>:	jmp    0xb42b15c0 <_ZN9JPXStream16readTilePartDataEjjb+1168>
   0xb42b195d <+2093>:	mov    edx,DWORD PTR [esp+0x34]
   0xb42b1961 <+2097>:	mov    eax,DWORD PTR [edx+0x2c]
   0xb42b1964 <+2100>:	add    eax,0x1
   0xb42b1967 <+2103>:	cmp    eax,DWORD PTR [edx+0x4]
   0xb42b196a <+2106>:	mov    DWORD PTR [edx+0x2c],eax
   0xb42b196d <+2109>:	jne    0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60>
   0xb42b1973 <+2115>:	mov    eax,DWORD PTR [edx+0x1c]
   0xb42b1976 <+2118>:	add    ecx,0x1
   0xb42b1979 <+2121>:	mov    DWORD PTR [edx+0x2c],0x0
   0xb42b1980 <+2128>:	mov    DWORD PTR [edx+0x24],ecx
   0xb42b1983 <+2131>:	add    eax,0x1
   0xb42b1986 <+2134>:	cmp    ecx,eax
   0xb42b1988 <+2136>:	jne    0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60>
   0xb42b198e <+2142>:	mov    eax,DWORD PTR [edx+0x20]
   0xb42b1991 <+2145>:	mov    esi,DWORD PTR [esp+0xa0]
   0xb42b1998 <+2152>:	mov    DWORD PTR [edx+0x24],0x0
   0xb42b199f <+2159>:	add    eax,0x1
   0xb42b19a2 <+2162>:	cmp    eax,DWORD PTR [esi+0xa8]
   0xb42b19a8 <+2168>:	mov    DWORD PTR [edx+0x20],eax
   0xb42b19ab <+2171>:	jne    0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60>
   0xb42b19b1 <+2177>:	mov    DWORD PTR [edx+0x20],0x0
   0xb42b19b8 <+2184>:	jmp    0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60>
   0xb42b19bd <+2189>:	mov    esi,DWORD PTR [esp+0x34]
   0xb42b19c1 <+2193>:	mov    eax,DWORD PTR [esi+0x2c]
   0xb42b19c4 <+2196>:	add    eax,0x1
   0xb42b19c7 <+2199>:	cmp    eax,DWORD PTR [esi+0x4]
   0xb42b19ca <+2202>:	mov    DWORD PTR [esi+0x2c],eax
   0xb42b19cd <+2205>:	jne    0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60>
   0xb42b19d3 <+2211>:	mov    eax,DWORD PTR [esi+0x20]
   0xb42b19d6 <+2214>:	mov    ebp,DWORD PTR [esp+0xa0]
   0xb42b19dd <+2221>:	mov    DWORD PTR [esi+0x2c],0x0
   0xb42b19e4 <+2228>:	add    eax,0x1
   0xb42b19e7 <+2231>:	cmp    eax,DWORD PTR [ebp+0xa8]
   0xb42b19ed <+2237>:	mov    DWORD PTR [esi+0x20],eax
   0xb42b19f0 <+2240>:	jne    0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60>
   0xb42b19f6 <+2246>:	mov    eax,DWORD PTR [esi+0x1c]
   0xb42b19f9 <+2249>:	add    ecx,0x1
   0xb42b19fc <+2252>:	mov    DWORD PTR [esi+0x20],0x0
   0xb42b1a03 <+2259>:	mov    DWORD PTR [esi+0x24],ecx
   0xb42b1a06 <+2262>:	add    eax,0x1
   0xb42b1a09 <+2265>:	cmp    ecx,eax
   0xb42b1a0b <+2267>:	jne    0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60>
   0xb42b1a11 <+2273>:	mov    DWORD PTR [esi+0x24],0x0
   0xb42b1a18 <+2280>:	jmp    0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60>
   0xb42b1a1d <+2285>:	mov    ebp,DWORD PTR [esp+0x34]
   0xb42b1a21 <+2289>:	mov    edx,DWORD PTR [esp+0xa0]
   0xb42b1a28 <+2296>:	mov    eax,DWORD PTR [ebp+0x20]
   0xb42b1a2b <+2299>:	add    eax,0x1
   0xb42b1a2e <+2302>:	cmp    eax,DWORD PTR [edx+0xa8]
   0xb42b1a34 <+2308>:	mov    DWORD PTR [ebp+0x20],eax
   0xb42b1a37 <+2311>:	jne    0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60>
   0xb42b1a3d <+2317>:	mov    eax,DWORD PTR [ebp+0x2c]
   0xb42b1a40 <+2320>:	mov    DWORD PTR [ebp+0x20],0x0
   0xb42b1a47 <+2327>:	add    eax,0x1
   0xb42b1a4a <+2330>:	cmp    eax,DWORD PTR [ebp+0x4]
   0xb42b1a4d <+2333>:	mov    DWORD PTR [ebp+0x2c],eax
   0xb42b1a50 <+2336>:	jne    0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60>
   0xb42b1a56 <+2342>:	mov    eax,DWORD PTR [ebp+0x1c]
   0xb42b1a59 <+2345>:	add    ecx,0x1
   0xb42b1a5c <+2348>:	mov    DWORD PTR [ebp+0x2c],0x0
   0xb42b1a63 <+2355>:	mov    DWORD PTR [ebp+0x24],ecx
   0xb42b1a66 <+2358>:	add    eax,0x1
   0xb42b1a69 <+2361>:	cmp    ecx,eax
   0xb42b1a6b <+2363>:	jne    0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60>
   0xb42b1a71 <+2369>:	mov    DWORD PTR [ebp+0x24],0x0
   0xb42b1a78 <+2376>:	jmp    0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60>
   0xb42b1a7d <+2381>:	mov    edx,DWORD PTR [esp+0x34]
   0xb42b1a81 <+2385>:	mov    esi,DWORD PTR [esp+0xa0]
   0xb42b1a88 <+2392>:	mov    eax,DWORD PTR [edx+0x20]
   0xb42b1a8b <+2395>:	add    eax,0x1
   0xb42b1a8e <+2398>:	cmp    eax,DWORD PTR [esi+0xa8]
   0xb42b1a94 <+2404>:	mov    DWORD PTR [edx+0x20],eax
   0xb42b1a97 <+2407>:	jne    0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60>
   0xb42b1a9d <+2413>:	mov    eax,DWORD PTR [edx+0x1c]
   0xb42b1aa0 <+2416>:	add    ecx,0x1
   0xb42b1aa3 <+2419>:	mov    DWORD PTR [edx+0x20],0x0
   0xb42b1aaa <+2426>:	mov    DWORD PTR [edx+0x24],ecx
   0xb42b1aad <+2429>:	add    eax,0x1
   0xb42b1ab0 <+2432>:	cmp    ecx,eax
   0xb42b1ab2 <+2434>:	jne    0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60>
   0xb42b1ab8 <+2440>:	mov    eax,DWORD PTR [edx+0x2c]
   0xb42b1abb <+2443>:	mov    DWORD PTR [edx+0x24],0x0
   0xb42b1ac2 <+2450>:	add    eax,0x1
   0xb42b1ac5 <+2453>:	cmp    eax,DWORD PTR [edx+0x4]
   0xb42b1ac8 <+2456>:	mov    DWORD PTR [edx+0x2c],eax
   0xb42b1acb <+2459>:	jne    0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60>
   0xb42b1ad1 <+2465>:	mov    DWORD PTR [edx+0x2c],0x0
   0xb42b1ad8 <+2472>:	jmp    0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60>
   0xb42b1add <+2477>:	mov    ebp,DWORD PTR [esp+0x34]
   0xb42b1ae1 <+2481>:	mov    eax,DWORD PTR [ebp+0x2c]
   0xb42b1ae4 <+2484>:	add    eax,0x1
   0xb42b1ae7 <+2487>:	cmp    eax,DWORD PTR [ebp+0x4]
   0xb42b1aea <+2490>:	mov    DWORD PTR [ebp+0x2c],eax
   0xb42b1aed <+2493>:	jne    0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60>
   0xb42b1af3 <+2499>:	mov    eax,DWORD PTR [ebp+0x1c]
   0xb42b1af6 <+2502>:	add    ecx,0x1
   0xb42b1af9 <+2505>:	mov    DWORD PTR [ebp+0x2c],0x0
   0xb42b1b00 <+2512>:	mov    DWORD PTR [ebp+0x24],ecx
   0xb42b1b03 <+2515>:	add    eax,0x1
   0xb42b1b06 <+2518>:	cmp    ecx,eax
   0xb42b1b08 <+2520>:	jne    0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60>
   0xb42b1b0e <+2526>:	mov    eax,DWORD PTR [ebp+0x20]
   0xb42b1b11 <+2529>:	mov    edx,DWORD PTR [esp+0xa0]
   0xb42b1b18 <+2536>:	mov    DWORD PTR [ebp+0x24],0x0
   0xb42b1b1f <+2543>:	add    eax,0x1
   0xb42b1b22 <+2546>:	cmp    eax,DWORD PTR [edx+0xa8]
   0xb42b1b28 <+2552>:	mov    DWORD PTR [ebp+0x20],eax
   0xb42b1b2b <+2555>:	jne    0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60>
   0xb42b1b31 <+2561>:	mov    DWORD PTR [ebp+0x20],0x0
   0xb42b1b38 <+2568>:	jmp    0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60>
End of assembler dump.
Comment 1 Veysel 2015-02-05 07:25:13 UTC
Created attachment 296174 [details]
Crasher
Comment 2 Germán Poo-Caamaño 2015-02-05 11:46:34 UTC
Thanks for reporting the bug to poppler's bugzilla and adding the reference here.

Closing this one as NOTGNOME.