GNOME Bugzilla – Bug 743932
Poppler JPXStream.cc JPXStream::readTilePartData received SIGSEGV Memory Corruption Vulnerability
Last modified: 2015-02-05 11:46:34 UTC
Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb4bc1b40 (LWP 17603)] [----------------------------------registers-----------------------------------] EAX: 0x41 ('A') EBX: 0xb43a9ff4 --> 0x1b0ba4 ECX: 0x0 EDX: 0xb4e35bf0 --> 0xb43a72c8 --> 0xb4258390 (<_ZN9JPXStreamD2Ev>: sub esp,0x1c) ESI: 0xb4e16388 --> 0xb43a7b88 --> 0xb42a4ff0 (<_ZN23GfxDeviceGrayColorSpaceD2Ev>: push ebx) EDI: 0xb4e35bf0 --> 0xb43a72c8 --> 0xb4258390 (<_ZN9JPXStreamD2Ev>: sub esp,0x1c) EBP: 0x67cd3c20 ESP: 0xb4bc0660 --> 0xb4e00048 --> 0xb4e25448 --> 0x0 EIP: 0xb425b1b9 (<_ZN9JPXStream16readTilePartDataEjjb+137>: mov edi,DWORD PTR [ebp+0x48]) EFLAGS: 0x10a03 (CARRY parity adjust zero sign trap INTERRUPT direction OVERFLOW) [-------------------------------------code-------------------------------------] 0xb425b1a8 <_ZN9JPXStream16readTilePartDataEjjb+120>: mov eax,DWORD PTR [esp+0xa8] 0xb425b1af <_ZN9JPXStream16readTilePartDataEjjb+127>: mov esi,DWORD PTR [edx+0x28] 0xb425b1b2 <_ZN9JPXStream16readTilePartDataEjjb+130>: mov edx,DWORD PTR [esp+0xa0] => 0xb425b1b9 <_ZN9JPXStream16readTilePartDataEjjb+137>: mov edi,DWORD PTR [ebp+0x48] 0xb425b1bc <_ZN9JPXStream16readTilePartDataEjjb+140>: mov DWORD PTR [esp+0x48],ebp 0xb425b1c0 <_ZN9JPXStream16readTilePartDataEjjb+144>: mov DWORD PTR [esp+0x4],eax 0xb425b1c4 <_ZN9JPXStream16readTilePartDataEjjb+148>: mov DWORD PTR [esp],edx 0xb425b1c7 <_ZN9JPXStream16readTilePartDataEjjb+151>: call 0xb425b0d0 <_ZN9JPXStream11startBitBufEj> [------------------------------------stack-------------------------------------] 0000| 0xb4bc0660 --> 0xb4e00048 --> 0xb4e25448 --> 0x0 0004| 0xb4bc0664 --> 0x1 0008| 0xb4bc0668 --> 0x400 0012| 0xb4bc066c --> 0x48 ('H') 0016| 0xb4bc0670 --> 0x10 0020| 0xb4bc0674 --> 0x418 0024| 0xb4bc0678 --> 0x2 0028| 0xb4bc067c --> 0x0 [------------------------------------------------------------------------------] Legend: code, data, rodata, value Stopped reason: SIGSEGV 0xb425b1b9 in JPXStream::readTilePartData(unsigned int, unsigned int, bool) () from /usr/lib/i386-linux-gnu/libpoppler.so.19 gdb-peda$ =========(gdb exploitable log)============= Linux 3.2 Ubuntu 12.04.1 LTS Evince 3.4.0 Program received signal SIGSEGV, Segmentation fault.
+ Trace 234617
Thread 3045059392 (LWP 2951)
eax 0x41 65 ecx 0x0 0 edx 0xb3dcae98 -1277383016 ebx 0xb43ffff4 -1270874124 esp 0xb57fd660 0xb57fd660 ebp 0xfdacfda5 0xfdacfda5 esi 0x40844800 1082411008 edi 0xb3dcae98 -1277383016 eip 0xb42b11b9 0xb42b11b9 <JPXStream::readTilePartData(unsigned int, unsigned int, bool)+137> eflags 0x10286 [ PF SF IF RF ] cs 0x73 115 ss 0x7b 123 ds 0x7b 123 es 0x7b 123 fs 0x0 0 gs 0x33 51 => 0xb42b11b9 <_ZN9JPXStream16readTilePartDataEjjb+137>: mov edi,DWORD PTR [ebp+0x48] Dump of assembler code for function _ZN9JPXStream16readTilePartDataEjjb: 0xb42b1130 <+0>: push ebp 0xb42b1131 <+1>: push edi 0xb42b1132 <+2>: push esi 0xb42b1133 <+3>: push ebx 0xb42b1134 <+4>: sub esp,0x8c 0xb42b113a <+10>: mov ebp,DWORD PTR [esp+0xa0] 0xb42b1141 <+17>: imul esi,DWORD PTR [esp+0xa4],0x34 0xb42b1149 <+25>: call 0xb42a1b47 0xb42b114e <+30>: add ebx,0x14eea6 0xb42b1154 <+36>: movzx edx,BYTE PTR [esp+0xac] 0xb42b115c <+44>: mov ebp,DWORD PTR [ebp+0xb4] 0xb42b1162 <+50>: mov BYTE PTR [esp+0x6f],dl 0xb42b1166 <+54>: add esi,ebp 0xb42b1168 <+56>: mov DWORD PTR [esp+0x34],esi 0xb42b116c <+60>: cmp BYTE PTR [esp+0x6f],0x0 0xb42b1171 <+65>: jne 0xb42b1182 <_ZN9JPXStream16readTilePartDataEjjb+82> 0xb42b1173 <+67>: mov eax,DWORD PTR [esp+0xa8] 0xb42b117a <+74>: test eax,eax 0xb42b117c <+76>: je 0xb42b18bd <_ZN9JPXStream16readTilePartDataEjjb+1933> 0xb42b1182 <+82>: mov edx,DWORD PTR [esp+0x34] 0xb42b1186 <+86>: mov esi,DWORD PTR [esp+0x34] 0xb42b118a <+90>: mov ebp,DWORD PTR [esp+0x34] 0xb42b118e <+94>: imul edx,DWORD PTR [edx+0x20],0x58 0xb42b1192 <+98>: mov esi,DWORD PTR [esi+0x30] 0xb42b1195 <+101>: imul ebp,DWORD PTR [ebp+0x24],0x4c 0xb42b1199 <+105>: add edx,esi 0xb42b119b <+107>: mov eax,DWORD PTR [edx+0x54] 0xb42b119e <+110>: mov DWORD PTR [esp+0x44],edx 0xb42b11a2 <+114>: mov edx,DWORD PTR [esp+0x34] 0xb42b11a6 <+118>: add ebp,eax 0xb42b11a8 <+120>: mov eax,DWORD PTR [esp+0xa8] 0xb42b11af <+127>: mov esi,DWORD PTR [edx+0x28] 0xb42b11b2 <+130>: mov edx,DWORD PTR [esp+0xa0] => 0xb42b11b9 <+137>: mov edi,DWORD PTR [ebp+0x48] 0xb42b11bc <+140>: mov DWORD PTR [esp+0x48],ebp 0xb42b11c0 <+144>: mov DWORD PTR [esp+0x4],eax 0xb42b11c4 <+148>: mov DWORD PTR [esp],edx 0xb42b11c7 <+151>: call 0xb42b10d0 <_ZN9JPXStream11startBitBufEj> 0xb42b11cc <+156>: mov ebp,DWORD PTR [esp+0xa0] 0xb42b11d3 <+163>: lea ecx,[esp+0x7c] 0xb42b11d7 <+167>: mov DWORD PTR [esp+0x8],ecx 0xb42b11db <+171>: mov DWORD PTR [esp+0x4],0x1 0xb42b11e3 <+179>: mov DWORD PTR [esp],ebp 0xb42b11e6 <+182>: call 0xb42b0fd0 <_ZN9JPXStream8readBitsEiPj> 0xb42b11eb <+187>: test al,al 0xb42b11ed <+189>: je 0xb42b15e3 <_ZN9JPXStream16readTilePartDataEjjb+1203> 0xb42b11f3 <+195>: lea eax,[esi+esi*4] 0xb42b11f6 <+198>: lea eax,[edi+eax*4] 0xb42b11f9 <+201>: mov DWORD PTR [esp+0x40],eax 0xb42b11fd <+205>: mov eax,DWORD PTR [esp+0x7c] 0xb42b1201 <+209>: test eax,eax 0xb42b1203 <+211>: je 0xb42b14d8 <_ZN9JPXStream16readTilePartDataEjjb+936> 0xb42b1209 <+217>: mov esi,DWORD PTR [esp+0x34] 0xb42b120d <+221>: mov DWORD PTR [esp+0x64],0x0 0xb42b1215 <+229>: mov DWORD PTR [esp+0x60],0x0 0xb42b121d <+237>: mov edx,DWORD PTR [esi+0x24] 0xb42b1220 <+240>: cmp edx,0x1 0xb42b1223 <+243>: sbb eax,eax 0xb42b1225 <+245>: and eax,0xfffffffe 0xb42b1228 <+248>: add eax,0x3 0xb42b122b <+251>: cmp DWORD PTR [esp+0x60],eax 0xb42b122f <+255>: jae 0xb42b13c8 <_ZN9JPXStream16readTilePartDataEjjb+664> 0xb42b1235 <+261>: mov ebp,DWORD PTR [esp+0x40] 0xb42b1239 <+265>: mov edi,DWORD PTR [esp+0x64] 0xb42b123d <+269>: add edi,DWORD PTR [ebp+0x10] 0xb42b1240 <+272>: mov eax,DWORD PTR [edi+0x14] 0xb42b1243 <+275>: test eax,eax 0xb42b1245 <+277>: je 0xb42b13b2 <_ZN9JPXStream16readTilePartDataEjjb+642> 0xb42b124b <+283>: mov edx,DWORD PTR [edi+0x10] 0xb42b124e <+286>: mov DWORD PTR [esp+0x3c],0x0 0xb42b1256 <+294>: test edx,edx 0xb42b1258 <+296>: je 0xb42b1399 <_ZN9JPXStream16readTilePartDataEjjb+617> 0xb42b125e <+302>: mov DWORD PTR [esp+0x30],0x0 0xb42b1266 <+310>: mov esi,DWORD PTR [esp+0x3c] 0xb42b126a <+314>: imul esi,edx 0xb42b126d <+317>: add esi,DWORD PTR [esp+0x30] 0xb42b1271 <+321>: imul esi,esi,0x38 0xb42b1274 <+324>: add esi,DWORD PTR [edi+0x24] 0xb42b1277 <+327>: mov eax,DWORD PTR [esi+0x8] 0xb42b127a <+330>: cmp DWORD PTR [esi],eax 0xb42b127c <+332>: jae 0xb42b1383 <_ZN9JPXStream16readTilePartDataEjjb+595> 0xb42b1282 <+338>: mov ecx,DWORD PTR [esi+0xc] 0xb42b1285 <+341>: cmp DWORD PTR [esi+0x4],ecx 0xb42b1288 <+344>: jae 0xb42b1383 <_ZN9JPXStream16readTilePartDataEjjb+595> 0xb42b128e <+350>: cmp BYTE PTR [esi+0x10],0x0 0xb42b1292 <+354>: jne 0xb42b1611 <_ZN9JPXStream16readTilePartDataEjjb+1249> 0xb42b1298 <+360>: mov ecx,DWORD PTR [edi+0x18] 0xb42b129b <+363>: test ecx,ecx 0xb42b129d <+365>: mov DWORD PTR [esp+0x38],ecx 0xb42b12a1 <+369>: js 0xb42b17c0 <_ZN9JPXStream16readTilePartDataEjjb+1680> 0xb42b12a7 <+375>: mov ebp,DWORD PTR [esp+0x34] 0xb42b12ab <+379>: mov eax,DWORD PTR [edi+0x1c] 0xb42b12ae <+382>: mov DWORD PTR [esp+0x54],0x0 0xb42b12b6 <+390>: mov DWORD PTR [esp+0x2c],0x0 0xb42b12be <+398>: mov ecx,DWORD PTR [ebp+0x2c] 0xb42b12c1 <+401>: mov DWORD PTR [esp+0x4c],esi 0xb42b12c5 <+405>: mov ebp,ecx 0xb42b12c7 <+407>: movzx ecx,BYTE PTR [esp+0x38] 0xb42b12cc <+412>: mov esi,0x1 0xb42b12d1 <+417>: shl esi,cl 0xb42b12d3 <+419>: lea edx,[esi+edx*1-0x1] 0xb42b12d7 <+423>: mov DWORD PTR [esp+0x58],esi 0xb42b12db <+427>: mov esi,DWORD PTR [edi+0x14] 0xb42b12de <+430>: shr edx,cl 0xb42b12e0 <+432>: mov DWORD PTR [esp+0x50],edx 0xb42b12e4 <+436>: mov edx,DWORD PTR [esp+0x30] 0xb42b12e8 <+440>: mov DWORD PTR [esp+0x68],esi 0xb42b12ec <+444>: mov esi,DWORD PTR [esp+0x54] 0xb42b12f0 <+448>: shr edx,cl 0xb42b12f2 <+450>: add esi,edx 0xb42b12f4 <+452>: mov edx,DWORD PTR [esp+0x3c] 0xb42b12f8 <+456>: shr edx,cl 0xb42b12fa <+458>: imul edx,DWORD PTR [esp+0x50] 0xb42b12ff <+463>: add esi,edx 0xb42b1301 <+465>: shl esi,0x3 0xb42b1304 <+468>: mov ecx,esi 0xb42b1306 <+470>: add ecx,eax 0xb42b1308 <+472>: movzx edx,BYTE PTR [ecx] 0xb42b130b <+475>: mov DWORD PTR [esp+0x24],esi 0xb42b130f <+479>: mov esi,DWORD PTR [ecx+0x4] 0xb42b1312 <+482>: test dl,dl 0xb42b1314 <+484>: jne 0xb42b17de <_ZN9JPXStream16readTilePartDataEjjb+1710> 0xb42b131a <+490>: test esi,esi 0xb42b131c <+492>: mov DWORD PTR [esp+0x5c],esi 0xb42b1320 <+496>: jne 0xb42b17da <_ZN9JPXStream16readTilePartDataEjjb+1706> 0xb42b1326 <+502>: mov esi,DWORD PTR [esp+0x2c] 0xb42b132a <+506>: mov DWORD PTR [ecx+0x4],esi 0xb42b132d <+509>: mov esi,DWORD PTR [esp+0x24] 0xb42b1331 <+513>: lea esi,[esi+eiz*1+0x0] 0xb42b1338 <+520>: test dl,dl 0xb42b133a <+522>: je 0xb42b1758 <_ZN9JPXStream16readTilePartDataEjjb+1576> 0xb42b1340 <+528>: mov esi,DWORD PTR [esp+0x2c] 0xb42b1344 <+532>: cmp esi,ebp 0xb42b1346 <+534>: mov DWORD PTR [ecx+0x4],esi 0xb42b1349 <+537>: ja 0xb42b18c7 <_ZN9JPXStream16readTilePartDataEjjb+1943> 0xb42b134f <+543>: mov ecx,DWORD PTR [esp+0x58] 0xb42b1353 <+547>: mov esi,DWORD PTR [esp+0x68] 0xb42b1357 <+551>: lea edx,[ecx+esi*1-0x1] 0xb42b135b <+555>: movzx ecx,BYTE PTR [esp+0x38] 0xb42b1360 <+560>: sub DWORD PTR [esp+0x38],0x1 0xb42b1365 <+565>: shr edx,cl 0xb42b1367 <+567>: imul edx,DWORD PTR [esp+0x50] 0xb42b136c <+572>: add DWORD PTR [esp+0x54],edx 0xb42b1370 <+576>: cmp DWORD PTR [esp+0x38],0xffffffff 0xb42b1375 <+581>: je 0xb42b18c7 <_ZN9JPXStream16readTilePartDataEjjb+1943> 0xb42b137b <+587>: mov edx,DWORD PTR [edi+0x10] 0xb42b137e <+590>: jmp 0xb42b12c7 <_ZN9JPXStream16readTilePartDataEjjb+407> 0xb42b1383 <+595>: mov DWORD PTR [esi+0x20],0x0 0xb42b138a <+602>: add DWORD PTR [esp+0x30],0x1 0xb42b138f <+607>: cmp edx,DWORD PTR [esp+0x30] 0xb42b1393 <+611>: ja 0xb42b1266 <_ZN9JPXStream16readTilePartDataEjjb+310> 0xb42b1399 <+617>: add DWORD PTR [esp+0x3c],0x1 0xb42b139e <+622>: mov esi,DWORD PTR [esp+0x3c] 0xb42b13a2 <+626>: cmp DWORD PTR [edi+0x14],esi 0xb42b13a5 <+629>: ja 0xb42b1256 <_ZN9JPXStream16readTilePartDataEjjb+294> 0xb42b13ab <+635>: mov ebp,DWORD PTR [esp+0x34] 0xb42b13af <+639>: mov edx,DWORD PTR [ebp+0x24] 0xb42b13b2 <+642>: add DWORD PTR [esp+0x60],0x1 0xb42b13b7 <+647>: add DWORD PTR [esp+0x64],0x28 0xb42b13bc <+652>: jmp 0xb42b1220 <_ZN9JPXStream16readTilePartDataEjjb+240> 0xb42b13c1 <+657>: lea esi,[esi+eiz*1+0x0] 0xb42b13c8 <+664>: mov edx,DWORD PTR [esp+0xa0] 0xb42b13cf <+671>: mov DWORD PTR [esp],edx 0xb42b13d2 <+674>: call 0xb42b10f0 <_ZN9JPXStream12finishBitBufEv> 0xb42b13d7 <+679>: mov esi,DWORD PTR [esp+0x34] 0xb42b13db <+683>: mov DWORD PTR [esp+0x38],0x0 0xb42b13e3 <+691>: mov DWORD PTR [esp+0x30],0x0 0xb42b13eb <+699>: mov ecx,DWORD PTR [esi+0x24] 0xb42b13ee <+702>: mov DWORD PTR [esp+0xa8],eax 0xb42b13f5 <+709>: cmp ecx,0x1 0xb42b13f8 <+712>: sbb eax,eax 0xb42b13fa <+714>: and eax,0xfffffffe 0xb42b13fd <+717>: add eax,0x3 0xb42b1400 <+720>: cmp DWORD PTR [esp+0x30],eax 0xb42b1404 <+724>: jae 0xb42b190b <_ZN9JPXStream16readTilePartDataEjjb+2011> 0xb42b140a <+730>: mov edx,DWORD PTR [esp+0x40] 0xb42b140e <+734>: mov ebp,DWORD PTR [esp+0x38] 0xb42b1412 <+738>: add ebp,DWORD PTR [edx+0x10] 0xb42b1415 <+741>: mov eax,DWORD PTR [ebp+0x14] 0xb42b1418 <+744>: test eax,eax 0xb42b141a <+746>: je 0xb42b14bc <_ZN9JPXStream16readTilePartDataEjjb+908> 0xb42b1420 <+752>: mov eax,DWORD PTR [ebp+0x10] 0xb42b1423 <+755>: xor edx,edx 0xb42b1425 <+757>: xor edi,edi 0xb42b1427 <+759>: test eax,eax 0xb42b1429 <+761>: jne 0xb42b1437 <_ZN9JPXStream16readTilePartDataEjjb+775> 0xb42b142b <+763>: jmp 0xb42b14b0 <_ZN9JPXStream16readTilePartDataEjjb+896> 0xb42b1430 <+768>: add edi,0x1 0xb42b1433 <+771>: cmp eax,edi 0xb42b1435 <+773>: jbe 0xb42b14b0 <_ZN9JPXStream16readTilePartDataEjjb+896> 0xb42b1437 <+775>: mov esi,eax 0xb42b1439 <+777>: imul esi,edx 0xb42b143c <+780>: add esi,edi 0xb42b143e <+782>: imul esi,esi,0x38 0xb42b1441 <+785>: add esi,DWORD PTR [ebp+0x24] 0xb42b1444 <+788>: cmp DWORD PTR [esi+0x20],0x0 0xb42b1448 <+792>: je 0xb42b1430 <_ZN9JPXStream16readTilePartDataEjjb+768> 0xb42b144a <+794>: mov eax,DWORD PTR [esp+0x30] 0xb42b144e <+798>: mov DWORD PTR [esp+0x14],ecx 0xb42b1452 <+802>: mov ecx,DWORD PTR [esp+0x40] 0xb42b1456 <+806>: mov DWORD PTR [esp+0x28],edx 0xb42b145a <+810>: mov DWORD PTR [esp+0x1c],esi 0xb42b145e <+814>: mov DWORD PTR [esp+0x18],eax 0xb42b1462 <+818>: mov eax,DWORD PTR [esp+0x48] 0xb42b1466 <+822>: mov DWORD PTR [esp+0xc],ecx 0xb42b146a <+826>: mov ecx,DWORD PTR [esp+0x44] 0xb42b146e <+830>: mov DWORD PTR [esp+0x10],ebp 0xb42b1472 <+834>: mov DWORD PTR [esp+0x8],eax 0xb42b1476 <+838>: mov eax,DWORD PTR [esp+0xa0] 0xb42b147d <+845>: mov DWORD PTR [esp+0x4],ecx 0xb42b1481 <+849>: mov DWORD PTR [esp],eax 0xb42b1484 <+852>: call 0xb42ae7a0 <_ZN9JPXStream17readCodeBlockDataEP11JPXTileCompP11JPXResLevelP11JPXPrecinctP10JPXSubbandjjP12JPXCodeBlock> 0xb42b1489 <+857>: mov edx,DWORD PTR [esp+0x28] 0xb42b148d <+861>: test al,al 0xb42b148f <+863>: je 0xb42b14cb <_ZN9JPXStream16readTilePartDataEjjb+923> 0xb42b1491 <+865>: mov eax,DWORD PTR [ebp+0x10] 0xb42b1494 <+868>: add edi,0x1 0xb42b1497 <+871>: mov ecx,DWORD PTR [esi+0x28] 0xb42b149a <+874>: mov BYTE PTR [esi+0x10],0x1 0xb42b149e <+878>: mov esi,DWORD PTR [esp+0x34] 0xb42b14a2 <+882>: sub DWORD PTR [esp+0xa8],ecx 0xb42b14a9 <+889>: cmp eax,edi 0xb42b14ab <+891>: mov ecx,DWORD PTR [esi+0x24] 0xb42b14ae <+894>: ja 0xb42b1437 <_ZN9JPXStream16readTilePartDataEjjb+775> 0xb42b14b0 <+896>: add edx,0x1 0xb42b14b3 <+899>: cmp DWORD PTR [ebp+0x14],edx 0xb42b14b6 <+902>: ja 0xb42b1425 <_ZN9JPXStream16readTilePartDataEjjb+757> 0xb42b14bc <+908>: add DWORD PTR [esp+0x30],0x1 0xb42b14c1 <+913>: add DWORD PTR [esp+0x38],0x28 0xb42b14c6 <+918>: jmp 0xb42b13f5 <_ZN9JPXStream16readTilePartDataEjjb+709> 0xb42b14cb <+923>: xor eax,eax 0xb42b14cd <+925>: add esp,0x8c 0xb42b14d3 <+931>: pop ebx 0xb42b14d4 <+932>: pop esi 0xb42b14d5 <+933>: pop edi 0xb42b14d6 <+934>: pop ebp 0xb42b14d7 <+935>: ret 0xb42b14d8 <+936>: mov ebp,DWORD PTR [esp+0x34] 0xb42b14dc <+940>: mov DWORD PTR [esp+0x3c],0x0 0xb42b14e4 <+948>: mov DWORD PTR [esp+0x38],0x0 0xb42b14ec <+956>: mov ebp,DWORD PTR [ebp+0x24] 0xb42b14ef <+959>: mov DWORD PTR [esp+0x4c],ebp 0xb42b14f3 <+963>: nop 0xb42b14f4 <+964>: lea esi,[esi+eiz*1+0x0] 0xb42b14f8 <+968>: cmp DWORD PTR [esp+0x4c],0x1 0xb42b14fd <+973>: sbb eax,eax 0xb42b14ff <+975>: and eax,0xfffffffe 0xb42b1502 <+978>: add eax,0x3 0xb42b1505 <+981>: cmp DWORD PTR [esp+0x38],eax 0xb42b1509 <+985>: jae 0xb42b13c8 <_ZN9JPXStream16readTilePartDataEjjb+664> 0xb42b150f <+991>: mov edx,DWORD PTR [esp+0x40] 0xb42b1513 <+995>: mov ebp,DWORD PTR [esp+0x3c] 0xb42b1517 <+999>: add ebp,DWORD PTR [edx+0x10] 0xb42b151a <+1002>: mov ecx,DWORD PTR [ebp+0x14] 0xb42b151d <+1005>: test ecx,ecx 0xb42b151f <+1007>: mov DWORD PTR [esp+0x2c],ecx 0xb42b1523 <+1011>: je 0xb42b1565 <_ZN9JPXStream16readTilePartDataEjjb+1077> 0xb42b1525 <+1013>: mov ecx,DWORD PTR [ebp+0x10] 0xb42b1528 <+1016>: xor edi,edi 0xb42b152a <+1018>: imul esi,ecx,0x38 0xb42b152d <+1021>: mov DWORD PTR [esp+0x30],esi 0xb42b1531 <+1025>: xor esi,esi 0xb42b1533 <+1027>: nop 0xb42b1534 <+1028>: lea esi,[esi+eiz*1+0x0] 0xb42b1538 <+1032>: test ecx,ecx 0xb42b153a <+1034>: je 0xb42b1558 <_ZN9JPXStream16readTilePartDataEjjb+1064> 0xb42b153c <+1036>: mov edx,DWORD PTR [ebp+0x24] 0xb42b153f <+1039>: xor eax,eax 0xb42b1541 <+1041>: add edx,edi 0xb42b1543 <+1043>: add edx,0x20 0xb42b1546 <+1046>: xchg ax,ax 0xb42b1548 <+1048>: add eax,0x1 0xb42b154b <+1051>: mov DWORD PTR [edx],0x0 0xb42b1551 <+1057>: add edx,0x38 0xb42b1554 <+1060>: cmp eax,ecx 0xb42b1556 <+1062>: jne 0xb42b1548 <_ZN9JPXStream16readTilePartDataEjjb+1048> 0xb42b1558 <+1064>: add esi,0x1 0xb42b155b <+1067>: add edi,DWORD PTR [esp+0x30] 0xb42b155f <+1071>: cmp esi,DWORD PTR [esp+0x2c] 0xb42b1563 <+1075>: jne 0xb42b1538 <_ZN9JPXStream16readTilePartDataEjjb+1032> 0xb42b1565 <+1077>: add DWORD PTR [esp+0x38],0x1 0xb42b156a <+1082>: add DWORD PTR [esp+0x3c],0x28 0xb42b156f <+1087>: jmp 0xb42b14f8 <_ZN9JPXStream16readTilePartDataEjjb+968> 0xb42b1571 <+1089>: xor ebp,ebp 0xb42b1573 <+1091>: mov DWORD PTR [esi+0x1c],ebp 0xb42b1576 <+1094>: mov edx,DWORD PTR [esp+0xa0] 0xb42b157d <+1101>: lea ebp,[esp+0x7c] 0xb42b1581 <+1105>: mov DWORD PTR [esp+0x8],ebp 0xb42b1585 <+1109>: mov DWORD PTR [esp+0x4],0x1 0xb42b158d <+1117>: mov DWORD PTR [esp],edx 0xb42b1590 <+1120>: call 0xb42b0fd0 <_ZN9JPXStream8readBitsEiPj> 0xb42b1595 <+1125>: test al,al 0xb42b1597 <+1127>: je 0xb42b15e3 <_ZN9JPXStream16readTilePartDataEjjb+1203> 0xb42b1599 <+1129>: mov ebp,DWORD PTR [esp+0x7c] 0xb42b159d <+1133>: test ebp,ebp 0xb42b159f <+1135>: jne 0xb42b1847 <_ZN9JPXStream16readTilePartDataEjjb+1815> 0xb42b15a5 <+1141>: mov DWORD PTR [esi+0x24],0x1 0xb42b15ac <+1148>: jmp 0xb42b15c0 <_ZN9JPXStream16readTilePartDataEjjb+1168> 0xb42b15ae <+1150>: xchg ax,ax 0xb42b15b0 <+1152>: mov edx,DWORD PTR [esp+0x7c] 0xb42b15b4 <+1156>: test edx,edx 0xb42b15b6 <+1158>: je 0xb42b1813 <_ZN9JPXStream16readTilePartDataEjjb+1763> 0xb42b15bc <+1164>: add DWORD PTR [esi+0x14],0x1 0xb42b15c0 <+1168>: mov ebp,DWORD PTR [esp+0xa0] 0xb42b15c7 <+1175>: lea ecx,[esp+0x7c] 0xb42b15cb <+1179>: mov DWORD PTR [esp+0x8],ecx 0xb42b15cf <+1183>: mov DWORD PTR [esp+0x4],0x1 0xb42b15d7 <+1191>: mov DWORD PTR [esp],ebp 0xb42b15da <+1194>: call 0xb42b0fd0 <_ZN9JPXStream8readBitsEiPj> 0xb42b15df <+1199>: test al,al 0xb42b15e1 <+1201>: jne 0xb42b15b0 <_ZN9JPXStream16readTilePartDataEjjb+1152> 0xb42b15e3 <+1203>: mov esi,DWORD PTR [esp+0xa0] 0xb42b15ea <+1210>: mov eax,DWORD PTR [esi] 0xb42b15ec <+1212>: mov DWORD PTR [esp],esi 0xb42b15ef <+1215>: call DWORD PTR [eax+0x30] 0xb42b15f2 <+1218>: lea edx,[ebx-0x680b9] 0xb42b15f8 <+1224>: mov DWORD PTR [esp+0x4],edx 0xb42b15fc <+1228>: mov DWORD PTR [esp],eax 0xb42b15ff <+1231>: call 0xb42d4020 <_Z5erroriPcz> 0xb42b1604 <+1236>: add esp,0x8c 0xb42b160a <+1242>: xor eax,eax 0xb42b160c <+1244>: pop ebx 0xb42b160d <+1245>: pop esi 0xb42b160e <+1246>: pop edi 0xb42b160f <+1247>: pop ebp 0xb42b1610 <+1248>: ret 0xb42b1611 <+1249>: mov ebp,DWORD PTR [esp+0xa0] 0xb42b1618 <+1256>: lea eax,[esi+0x20] 0xb42b161b <+1259>: mov DWORD PTR [esp+0x8],eax 0xb42b161f <+1263>: mov DWORD PTR [esp+0x4],0x1 0xb42b1627 <+1271>: mov DWORD PTR [esp],ebp 0xb42b162a <+1274>: call 0xb42b0fd0 <_ZN9JPXStream8readBitsEiPj> 0xb42b162f <+1279>: test al,al 0xb42b1631 <+1281>: je 0xb42b15e3 <_ZN9JPXStream16readTilePartDataEjjb+1203> 0xb42b1633 <+1283>: mov eax,DWORD PTR [esi+0x20] 0xb42b1636 <+1286>: test eax,eax 0xb42b1638 <+1288>: je 0xb42b17d2 <_ZN9JPXStream16readTilePartDataEjjb+1698> 0xb42b163e <+1294>: cmp BYTE PTR [esi+0x10],0x0 0xb42b1642 <+1298>: jne 0xb42b1576 <_ZN9JPXStream16readTilePartDataEjjb+1094> 0xb42b1648 <+1304>: mov ecx,DWORD PTR [edi+0x18] 0xb42b164b <+1307>: test ecx,ecx 0xb42b164d <+1309>: mov DWORD PTR [esp+0x2c],ecx 0xb42b1651 <+1313>: js 0xb42b1571 <_ZN9JPXStream16readTilePartDataEjjb+1089> 0xb42b1657 <+1319>: mov eax,DWORD PTR [edi+0x20] 0xb42b165a <+1322>: xor ebp,ebp 0xb42b165c <+1324>: mov DWORD PTR [esp+0x50],0x0 0xb42b1664 <+1332>: mov DWORD PTR [esp+0x68],esi 0xb42b1668 <+1336>: movzx ecx,BYTE PTR [esp+0x2c] 0xb42b166d <+1341>: mov esi,0x1 0xb42b1672 <+1346>: mov edx,DWORD PTR [edi+0x10] 0xb42b1675 <+1349>: shl esi,cl 0xb42b1677 <+1351>: lea edx,[esi+edx*1-0x1] 0xb42b167b <+1355>: mov DWORD PTR [esp+0x54],esi 0xb42b167f <+1359>: mov esi,DWORD PTR [edi+0x14] 0xb42b1682 <+1362>: shr edx,cl 0xb42b1684 <+1364>: mov DWORD PTR [esp+0x38],edx 0xb42b1688 <+1368>: mov edx,DWORD PTR [esp+0x30] 0xb42b168c <+1372>: mov DWORD PTR [esp+0x5c],esi 0xb42b1690 <+1376>: mov esi,DWORD PTR [esp+0x50] 0xb42b1694 <+1380>: shr edx,cl 0xb42b1696 <+1382>: add esi,edx 0xb42b1698 <+1384>: mov edx,DWORD PTR [esp+0x3c] 0xb42b169c <+1388>: shr edx,cl 0xb42b169e <+1390>: imul edx,DWORD PTR [esp+0x38] 0xb42b16a3 <+1395>: add edx,esi 0xb42b16a5 <+1397>: mov esi,edx 0xb42b16a7 <+1399>: shl esi,0x3 0xb42b16aa <+1402>: mov DWORD PTR [esp+0x58],edx 0xb42b16ae <+1406>: lea edx,[eax+esi*1] 0xb42b16b1 <+1409>: movzx ecx,BYTE PTR [edx] 0xb42b16b4 <+1412>: test cl,cl 0xb42b16b6 <+1414>: mov BYTE PTR [esp+0x24],cl 0xb42b16ba <+1418>: jne 0xb42b17fe <_ZN9JPXStream16readTilePartDataEjjb+1742> 0xb42b16c0 <+1424>: mov ecx,DWORD PTR [edx+0x4] 0xb42b16c3 <+1427>: test ecx,ecx 0xb42b16c5 <+1429>: mov DWORD PTR [esp+0x4c],ecx 0xb42b16c9 <+1433>: jne 0xb42b1805 <_ZN9JPXStream16readTilePartDataEjjb+1749> 0xb42b16cf <+1439>: movzx ecx,BYTE PTR [esp+0x24] 0xb42b16d4 <+1444>: mov DWORD PTR [edx+0x4],ebp 0xb42b16d7 <+1447>: test cl,cl 0xb42b16d9 <+1449>: jne 0xb42b171e <_ZN9JPXStream16readTilePartDataEjjb+1518> 0xb42b16db <+1451>: mov edx,DWORD PTR [esp+0xa0] 0xb42b16e2 <+1458>: lea eax,[esp+0x7c] 0xb42b16e6 <+1462>: mov DWORD PTR [esp+0x8],eax 0xb42b16ea <+1466>: mov DWORD PTR [esp+0x4],0x1 0xb42b16f2 <+1474>: mov DWORD PTR [esp],edx 0xb42b16f5 <+1477>: call 0xb42b0fd0 <_ZN9JPXStream8readBitsEiPj> 0xb42b16fa <+1482>: test al,al 0xb42b16fc <+1484>: je 0xb42b15e3 <_ZN9JPXStream16readTilePartDataEjjb+1203> 0xb42b1702 <+1490>: cmp DWORD PTR [esp+0x7c],0x1 0xb42b1707 <+1495>: je 0xb42b17eb <_ZN9JPXStream16readTilePartDataEjjb+1723> 0xb42b170d <+1501>: mov eax,DWORD PTR [edi+0x20] 0xb42b1710 <+1504>: add ebp,0x1 0xb42b1713 <+1507>: movzx ecx,BYTE PTR [eax+esi*1] 0xb42b1717 <+1511>: lea edx,[eax+esi*1] 0xb42b171a <+1514>: test cl,cl 0xb42b171c <+1516>: je 0xb42b16db <_ZN9JPXStream16readTilePartDataEjjb+1451> 0xb42b171e <+1518>: mov ecx,DWORD PTR [esp+0x54] 0xb42b1722 <+1522>: mov esi,DWORD PTR [esp+0x5c] 0xb42b1726 <+1526>: mov DWORD PTR [edx+0x4],ebp 0xb42b1729 <+1529>: lea edx,[ecx+esi*1-0x1] 0xb42b172d <+1533>: movzx ecx,BYTE PTR [esp+0x2c] 0xb42b1732 <+1538>: sub DWORD PTR [esp+0x2c],0x1 0xb42b1737 <+1543>: shr edx,cl 0xb42b1739 <+1545>: imul edx,DWORD PTR [esp+0x38] 0xb42b173e <+1550>: add DWORD PTR [esp+0x50],edx 0xb42b1742 <+1554>: cmp DWORD PTR [esp+0x2c],0xffffffff 0xb42b1747 <+1559>: jne 0xb42b1668 <_ZN9JPXStream16readTilePartDataEjjb+1336> 0xb42b174d <+1565>: mov esi,DWORD PTR [esp+0x68] 0xb42b1751 <+1569>: jmp 0xb42b1573 <_ZN9JPXStream16readTilePartDataEjjb+1091> 0xb42b1756 <+1574>: xchg ax,ax 0xb42b1758 <+1576>: cmp DWORD PTR [esp+0x2c],ebp 0xb42b175c <+1580>: ja 0xb42b17b5 <_ZN9JPXStream16readTilePartDataEjjb+1669> 0xb42b175e <+1582>: mov edx,DWORD PTR [esp+0xa0] 0xb42b1765 <+1589>: lea ebp,[esp+0x7c] 0xb42b1769 <+1593>: mov DWORD PTR [esp+0x8],ebp 0xb42b176d <+1597>: mov DWORD PTR [esp+0x4],0x1 0xb42b1775 <+1605>: mov DWORD PTR [esp],edx 0xb42b1778 <+1608>: call 0xb42b0fd0 <_ZN9JPXStream8readBitsEiPj> 0xb42b177d <+1613>: test al,al 0xb42b177f <+1615>: je 0xb42b15e3 <_ZN9JPXStream16readTilePartDataEjjb+1203> 0xb42b1785 <+1621>: cmp DWORD PTR [esp+0x7c],0x1 0xb42b178a <+1626>: je 0xb42b17a7 <_ZN9JPXStream16readTilePartDataEjjb+1655> 0xb42b178c <+1628>: mov eax,DWORD PTR [edi+0x1c] 0xb42b178f <+1631>: add DWORD PTR [esp+0x2c],0x1 0xb42b1794 <+1636>: movzx edx,BYTE PTR [eax+esi*1] 0xb42b1798 <+1640>: mov ecx,DWORD PTR [esp+0x34] 0xb42b179c <+1644>: mov ebp,DWORD PTR [ecx+0x2c] 0xb42b179f <+1647>: lea ecx,[eax+esi*1] 0xb42b17a2 <+1650>: jmp 0xb42b1338 <_ZN9JPXStream16readTilePartDataEjjb+520> 0xb42b17a7 <+1655>: mov eax,DWORD PTR [edi+0x1c] 0xb42b17aa <+1658>: mov edx,0x1 0xb42b17af <+1663>: mov BYTE PTR [eax+esi*1],0x1 0xb42b17b3 <+1667>: jmp 0xb42b1798 <_ZN9JPXStream16readTilePartDataEjjb+1640> 0xb42b17b5 <+1669>: mov ebp,DWORD PTR [esp+0x2c] 0xb42b17b9 <+1673>: mov esi,DWORD PTR [esp+0x4c] 0xb42b17bd <+1677>: mov DWORD PTR [ecx+0x4],ebp 0xb42b17c0 <+1680>: mov eax,DWORD PTR [esp+0x38] 0xb42b17c4 <+1684>: shr eax,0x1f 0xb42b17c7 <+1687>: test eax,eax 0xb42b17c9 <+1689>: mov DWORD PTR [esi+0x20],eax 0xb42b17cc <+1692>: jne 0xb42b163e <_ZN9JPXStream16readTilePartDataEjjb+1294> 0xb42b17d2 <+1698>: mov edx,DWORD PTR [edi+0x10] 0xb42b17d5 <+1701>: jmp 0xb42b138a <_ZN9JPXStream16readTilePartDataEjjb+602> 0xb42b17da <+1706>: mov esi,DWORD PTR [esp+0x5c] 0xb42b17de <+1710>: mov DWORD PTR [esp+0x2c],esi 0xb42b17e2 <+1714>: mov esi,DWORD PTR [esp+0x24] 0xb42b17e6 <+1718>: jmp 0xb42b1338 <_ZN9JPXStream16readTilePartDataEjjb+520> 0xb42b17eb <+1723>: mov eax,DWORD PTR [edi+0x20] 0xb42b17ee <+1726>: mov ecx,DWORD PTR [esp+0x58] 0xb42b17f2 <+1730>: lea edx,[eax+esi*1] 0xb42b17f5 <+1733>: mov BYTE PTR [eax+ecx*8],0x1 0xb42b17f9 <+1737>: jmp 0xb42b171e <_ZN9JPXStream16readTilePartDataEjjb+1518> 0xb42b17fe <+1742>: mov ebp,DWORD PTR [edx+0x4] 0xb42b1801 <+1745>: mov DWORD PTR [esp+0x4c],ebp 0xb42b1805 <+1749>: mov ebp,DWORD PTR [esp+0x4c] 0xb42b1809 <+1753>: movzx ecx,BYTE PTR [esp+0x24] 0xb42b180e <+1758>: jmp 0xb42b16d7 <_ZN9JPXStream16readTilePartDataEjjb+1447> 0xb42b1813 <+1763>: mov edx,DWORD PTR [esi+0x24] 0xb42b1816 <+1766>: mov eax,DWORD PTR [esi+0x14] 0xb42b1819 <+1769>: shr edx,1 0xb42b181b <+1771>: je 0xb42b1824 <_ZN9JPXStream16readTilePartDataEjjb+1780> 0xb42b181d <+1773>: add eax,0x1 0xb42b1820 <+1776>: shr edx,1 0xb42b1822 <+1778>: jne 0xb42b181d <_ZN9JPXStream16readTilePartDataEjjb+1773> 0xb42b1824 <+1780>: mov edx,DWORD PTR [esp+0xa0] 0xb42b182b <+1787>: add esi,0x28 0xb42b182e <+1790>: mov DWORD PTR [esp+0x8],esi 0xb42b1832 <+1794>: mov DWORD PTR [esp+0x4],eax 0xb42b1836 <+1798>: mov DWORD PTR [esp],edx 0xb42b1839 <+1801>: call 0xb42b0fd0 <_ZN9JPXStream8readBitsEiPj> 0xb42b183e <+1806>: test al,al 0xb42b1840 <+1808>: jne 0xb42b17d2 <_ZN9JPXStream16readTilePartDataEjjb+1698> 0xb42b1842 <+1810>: jmp 0xb42b15e3 <_ZN9JPXStream16readTilePartDataEjjb+1203> 0xb42b1847 <+1815>: mov ebp,DWORD PTR [esp+0xa0] 0xb42b184e <+1822>: lea ecx,[esp+0x7c] 0xb42b1852 <+1826>: mov DWORD PTR [esp+0x8],ecx 0xb42b1856 <+1830>: mov DWORD PTR [esp+0x4],0x1 0xb42b185e <+1838>: mov DWORD PTR [esp],ebp 0xb42b1861 <+1841>: call 0xb42b0fd0 <_ZN9JPXStream8readBitsEiPj> 0xb42b1866 <+1846>: test al,al 0xb42b1868 <+1848>: je 0xb42b15e3 <_ZN9JPXStream16readTilePartDataEjjb+1203> 0xb42b186e <+1854>: mov ecx,DWORD PTR [esp+0x7c] 0xb42b1872 <+1858>: test ecx,ecx 0xb42b1874 <+1860>: jne 0xb42b1882 <_ZN9JPXStream16readTilePartDataEjjb+1874> 0xb42b1876 <+1862>: mov DWORD PTR [esi+0x24],0x2 0xb42b187d <+1869>: jmp 0xb42b15c0 <_ZN9JPXStream16readTilePartDataEjjb+1168> 0xb42b1882 <+1874>: mov edx,DWORD PTR [esp+0xa0] 0xb42b1889 <+1881>: lea eax,[esp+0x7c] 0xb42b188d <+1885>: mov DWORD PTR [esp+0x8],eax 0xb42b1891 <+1889>: mov DWORD PTR [esp+0x4],0x2 0xb42b1899 <+1897>: mov DWORD PTR [esp],edx 0xb42b189c <+1900>: call 0xb42b0fd0 <_ZN9JPXStream8readBitsEiPj> 0xb42b18a1 <+1905>: test al,al 0xb42b18a3 <+1907>: je 0xb42b15e3 <_ZN9JPXStream16readTilePartDataEjjb+1203> 0xb42b18a9 <+1913>: mov eax,DWORD PTR [esp+0x7c] 0xb42b18ad <+1917>: cmp eax,0x2 0xb42b18b0 <+1920>: ja 0xb42b18d0 <_ZN9JPXStream16readTilePartDataEjjb+1952> 0xb42b18b2 <+1922>: add eax,0x3 0xb42b18b5 <+1925>: mov DWORD PTR [esi+0x24],eax 0xb42b18b8 <+1928>: jmp 0xb42b15c0 <_ZN9JPXStream16readTilePartDataEjjb+1168> 0xb42b18bd <+1933>: mov eax,0x1 0xb42b18c2 <+1938>: jmp 0xb42b14cd <_ZN9JPXStream16readTilePartDataEjjb+925> 0xb42b18c7 <+1943>: mov esi,DWORD PTR [esp+0x4c] 0xb42b18cb <+1947>: jmp 0xb42b17c0 <_ZN9JPXStream16readTilePartDataEjjb+1680> 0xb42b18d0 <+1952>: mov ebp,DWORD PTR [esp+0xa0] 0xb42b18d7 <+1959>: lea ecx,[esp+0x7c] 0xb42b18db <+1963>: mov DWORD PTR [esp+0x8],ecx 0xb42b18df <+1967>: mov DWORD PTR [esp+0x4],0x5 0xb42b18e7 <+1975>: mov DWORD PTR [esp],ebp 0xb42b18ea <+1978>: call 0xb42b0fd0 <_ZN9JPXStream8readBitsEiPj> 0xb42b18ef <+1983>: test al,al 0xb42b18f1 <+1985>: je 0xb42b15e3 <_ZN9JPXStream16readTilePartDataEjjb+1203> 0xb42b18f7 <+1991>: mov eax,DWORD PTR [esp+0x7c] 0xb42b18fb <+1995>: cmp eax,0x1e 0xb42b18fe <+1998>: ja 0xb42b1927 <_ZN9JPXStream16readTilePartDataEjjb+2039> 0xb42b1900 <+2000>: add eax,0x6 0xb42b1903 <+2003>: mov DWORD PTR [esi+0x24],eax 0xb42b1906 <+2006>: jmp 0xb42b15c0 <_ZN9JPXStream16readTilePartDataEjjb+1168> 0xb42b190b <+2011>: mov ebp,DWORD PTR [esp+0x34] 0xb42b190f <+2015>: cmp DWORD PTR [ebp+0x0],0x4 0xb42b1913 <+2019>: ja 0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60> 0xb42b1919 <+2025>: mov eax,DWORD PTR [ebp+0x0] 0xb42b191c <+2028>: mov eax,DWORD PTR [ebx+eax*4-0x68054] 0xb42b1923 <+2035>: add eax,ebx 0xb42b1925 <+2037>: jmp eax 0xb42b1927 <+2039>: mov edx,DWORD PTR [esp+0xa0] 0xb42b192e <+2046>: lea eax,[esp+0x7c] 0xb42b1932 <+2050>: mov DWORD PTR [esp+0x8],eax 0xb42b1936 <+2054>: mov DWORD PTR [esp+0x4],0x7 0xb42b193e <+2062>: mov DWORD PTR [esp],edx 0xb42b1941 <+2065>: call 0xb42b0fd0 <_ZN9JPXStream8readBitsEiPj> 0xb42b1946 <+2070>: test al,al 0xb42b1948 <+2072>: je 0xb42b15e3 <_ZN9JPXStream16readTilePartDataEjjb+1203> 0xb42b194e <+2078>: mov eax,DWORD PTR [esp+0x7c] 0xb42b1952 <+2082>: add eax,0x25 0xb42b1955 <+2085>: mov DWORD PTR [esi+0x24],eax 0xb42b1958 <+2088>: jmp 0xb42b15c0 <_ZN9JPXStream16readTilePartDataEjjb+1168> 0xb42b195d <+2093>: mov edx,DWORD PTR [esp+0x34] 0xb42b1961 <+2097>: mov eax,DWORD PTR [edx+0x2c] 0xb42b1964 <+2100>: add eax,0x1 0xb42b1967 <+2103>: cmp eax,DWORD PTR [edx+0x4] 0xb42b196a <+2106>: mov DWORD PTR [edx+0x2c],eax 0xb42b196d <+2109>: jne 0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60> 0xb42b1973 <+2115>: mov eax,DWORD PTR [edx+0x1c] 0xb42b1976 <+2118>: add ecx,0x1 0xb42b1979 <+2121>: mov DWORD PTR [edx+0x2c],0x0 0xb42b1980 <+2128>: mov DWORD PTR [edx+0x24],ecx 0xb42b1983 <+2131>: add eax,0x1 0xb42b1986 <+2134>: cmp ecx,eax 0xb42b1988 <+2136>: jne 0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60> 0xb42b198e <+2142>: mov eax,DWORD PTR [edx+0x20] 0xb42b1991 <+2145>: mov esi,DWORD PTR [esp+0xa0] 0xb42b1998 <+2152>: mov DWORD PTR [edx+0x24],0x0 0xb42b199f <+2159>: add eax,0x1 0xb42b19a2 <+2162>: cmp eax,DWORD PTR [esi+0xa8] 0xb42b19a8 <+2168>: mov DWORD PTR [edx+0x20],eax 0xb42b19ab <+2171>: jne 0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60> 0xb42b19b1 <+2177>: mov DWORD PTR [edx+0x20],0x0 0xb42b19b8 <+2184>: jmp 0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60> 0xb42b19bd <+2189>: mov esi,DWORD PTR [esp+0x34] 0xb42b19c1 <+2193>: mov eax,DWORD PTR [esi+0x2c] 0xb42b19c4 <+2196>: add eax,0x1 0xb42b19c7 <+2199>: cmp eax,DWORD PTR [esi+0x4] 0xb42b19ca <+2202>: mov DWORD PTR [esi+0x2c],eax 0xb42b19cd <+2205>: jne 0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60> 0xb42b19d3 <+2211>: mov eax,DWORD PTR [esi+0x20] 0xb42b19d6 <+2214>: mov ebp,DWORD PTR [esp+0xa0] 0xb42b19dd <+2221>: mov DWORD PTR [esi+0x2c],0x0 0xb42b19e4 <+2228>: add eax,0x1 0xb42b19e7 <+2231>: cmp eax,DWORD PTR [ebp+0xa8] 0xb42b19ed <+2237>: mov DWORD PTR [esi+0x20],eax 0xb42b19f0 <+2240>: jne 0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60> 0xb42b19f6 <+2246>: mov eax,DWORD PTR [esi+0x1c] 0xb42b19f9 <+2249>: add ecx,0x1 0xb42b19fc <+2252>: mov DWORD PTR [esi+0x20],0x0 0xb42b1a03 <+2259>: mov DWORD PTR [esi+0x24],ecx 0xb42b1a06 <+2262>: add eax,0x1 0xb42b1a09 <+2265>: cmp ecx,eax 0xb42b1a0b <+2267>: jne 0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60> 0xb42b1a11 <+2273>: mov DWORD PTR [esi+0x24],0x0 0xb42b1a18 <+2280>: jmp 0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60> 0xb42b1a1d <+2285>: mov ebp,DWORD PTR [esp+0x34] 0xb42b1a21 <+2289>: mov edx,DWORD PTR [esp+0xa0] 0xb42b1a28 <+2296>: mov eax,DWORD PTR [ebp+0x20] 0xb42b1a2b <+2299>: add eax,0x1 0xb42b1a2e <+2302>: cmp eax,DWORD PTR [edx+0xa8] 0xb42b1a34 <+2308>: mov DWORD PTR [ebp+0x20],eax 0xb42b1a37 <+2311>: jne 0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60> 0xb42b1a3d <+2317>: mov eax,DWORD PTR [ebp+0x2c] 0xb42b1a40 <+2320>: mov DWORD PTR [ebp+0x20],0x0 0xb42b1a47 <+2327>: add eax,0x1 0xb42b1a4a <+2330>: cmp eax,DWORD PTR [ebp+0x4] 0xb42b1a4d <+2333>: mov DWORD PTR [ebp+0x2c],eax 0xb42b1a50 <+2336>: jne 0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60> 0xb42b1a56 <+2342>: mov eax,DWORD PTR [ebp+0x1c] 0xb42b1a59 <+2345>: add ecx,0x1 0xb42b1a5c <+2348>: mov DWORD PTR [ebp+0x2c],0x0 0xb42b1a63 <+2355>: mov DWORD PTR [ebp+0x24],ecx 0xb42b1a66 <+2358>: add eax,0x1 0xb42b1a69 <+2361>: cmp ecx,eax 0xb42b1a6b <+2363>: jne 0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60> 0xb42b1a71 <+2369>: mov DWORD PTR [ebp+0x24],0x0 0xb42b1a78 <+2376>: jmp 0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60> 0xb42b1a7d <+2381>: mov edx,DWORD PTR [esp+0x34] 0xb42b1a81 <+2385>: mov esi,DWORD PTR [esp+0xa0] 0xb42b1a88 <+2392>: mov eax,DWORD PTR [edx+0x20] 0xb42b1a8b <+2395>: add eax,0x1 0xb42b1a8e <+2398>: cmp eax,DWORD PTR [esi+0xa8] 0xb42b1a94 <+2404>: mov DWORD PTR [edx+0x20],eax 0xb42b1a97 <+2407>: jne 0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60> 0xb42b1a9d <+2413>: mov eax,DWORD PTR [edx+0x1c] 0xb42b1aa0 <+2416>: add ecx,0x1 0xb42b1aa3 <+2419>: mov DWORD PTR [edx+0x20],0x0 0xb42b1aaa <+2426>: mov DWORD PTR [edx+0x24],ecx 0xb42b1aad <+2429>: add eax,0x1 0xb42b1ab0 <+2432>: cmp ecx,eax 0xb42b1ab2 <+2434>: jne 0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60> 0xb42b1ab8 <+2440>: mov eax,DWORD PTR [edx+0x2c] 0xb42b1abb <+2443>: mov DWORD PTR [edx+0x24],0x0 0xb42b1ac2 <+2450>: add eax,0x1 0xb42b1ac5 <+2453>: cmp eax,DWORD PTR [edx+0x4] 0xb42b1ac8 <+2456>: mov DWORD PTR [edx+0x2c],eax 0xb42b1acb <+2459>: jne 0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60> 0xb42b1ad1 <+2465>: mov DWORD PTR [edx+0x2c],0x0 0xb42b1ad8 <+2472>: jmp 0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60> 0xb42b1add <+2477>: mov ebp,DWORD PTR [esp+0x34] 0xb42b1ae1 <+2481>: mov eax,DWORD PTR [ebp+0x2c] 0xb42b1ae4 <+2484>: add eax,0x1 0xb42b1ae7 <+2487>: cmp eax,DWORD PTR [ebp+0x4] 0xb42b1aea <+2490>: mov DWORD PTR [ebp+0x2c],eax 0xb42b1aed <+2493>: jne 0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60> 0xb42b1af3 <+2499>: mov eax,DWORD PTR [ebp+0x1c] 0xb42b1af6 <+2502>: add ecx,0x1 0xb42b1af9 <+2505>: mov DWORD PTR [ebp+0x2c],0x0 0xb42b1b00 <+2512>: mov DWORD PTR [ebp+0x24],ecx 0xb42b1b03 <+2515>: add eax,0x1 0xb42b1b06 <+2518>: cmp ecx,eax 0xb42b1b08 <+2520>: jne 0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60> 0xb42b1b0e <+2526>: mov eax,DWORD PTR [ebp+0x20] 0xb42b1b11 <+2529>: mov edx,DWORD PTR [esp+0xa0] 0xb42b1b18 <+2536>: mov DWORD PTR [ebp+0x24],0x0 0xb42b1b1f <+2543>: add eax,0x1 0xb42b1b22 <+2546>: cmp eax,DWORD PTR [edx+0xa8] 0xb42b1b28 <+2552>: mov DWORD PTR [ebp+0x20],eax 0xb42b1b2b <+2555>: jne 0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60> 0xb42b1b31 <+2561>: mov DWORD PTR [ebp+0x20],0x0 0xb42b1b38 <+2568>: jmp 0xb42b116c <_ZN9JPXStream16readTilePartDataEjjb+60> End of assembler dump.
Created attachment 296174 [details] Crasher
Thanks for reporting the bug to poppler's bugzilla and adding the reference here. Closing this one as NOTGNOME.