From 3651c9e1f7e242242d8119295eb1d10d5d94f833 Mon Sep 17 00:00:00 2001
From: Jonas Jenwald <jonas.jenwald@gmail.com>
Date: Sat, 14 Feb 2015 00:08:43 +0100
Subject: [PATCH] Skip fill bytes (0xFF) when decoding JPEG images (issue 5331)

---
 src/core/jpg.js | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/core/jpg.js b/src/core/jpg.js
index 91302e277..ffa6462c9 100644
--- a/src/core/jpg.js
+++ b/src/core/jpg.js
@@ -792,6 +792,13 @@ var JpegImage = (function jpegImage() {
               successiveApproximation >> 4, successiveApproximation & 15);
             offset += processed;
             break;
+
+          case 0xFFFF: // Fill bytes
+            if (data[offset] !== 0xFF) { // Avoid skipping a valid marker.
+              offset--;
+            }
+            break;
+
           default:
             if (data[offset - 3] === 0xFF &&
                 data[offset - 2] >= 0xC0 && data[offset - 2] <= 0xFE) {