Try to recover when encountering JPEG markers with too short marker lengths (issue 8169)

The issue with the JPEG image in question, is that the COM (Comment) marker has an incorrect length entry.

Fixes 8169.

src/core/jpg.js

@@ -26,6 +26,7 @@
   }
 }(this, function (exports, sharedUtil) {
 
+var warn = sharedUtil.warn;
 var error = sharedUtil.error;
 
 /**
@@ -604,8 +605,28 @@ var JpegImage = (function JpegImageClosure() {
       }
 
       function readDataBlock() {
+        function isValidMarkerAt(pos) {
+          if (pos < data.length - 1) {
+            return (data[pos] === 0xFF &&
+                    data[pos + 1] >= 0xC0 && data[pos + 1] <= 0xFE);
+          }
+          return true;
+        }
+
         var length = readUint16();
-        var array = data.subarray(offset, offset + length - 2);
+        var endOffset = offset + length - 2;
+
+        if (!isValidMarkerAt(endOffset)) {
+          warn('readDataBlock - incorrect length, next marker is: ' +
+               (data[endOffset] << 8 | data[endOffset + 1]).toString('16'));
+          var pos = offset;
+          while (!isValidMarkerAt(pos)) {
+            pos++;
+          }
+          endOffset = pos;
+        }
+
+        var array = data.subarray(offset, endOffset);
         offset += array.length;
         return array;
       }

test/pdfs/issue8169.pdf.link

@@ -0,0 +1 @@
+http://web.archive.org/save/_embed/http://210.243.166.143/prob1.pdf

test/test_manifest.json

@@ -733,6 +733,13 @@
        "link": false,
        "type": "eq"
     },
+    {  "id": "issue8169",
+       "file": "pdfs/issue8169.pdf",
+       "md5": "62fd6479f9e1c8c5ce8cba6b1781d0a5",
+       "rounds": 1,
+       "link": true,
+       "type": "eq"
+    },
     {  "id": "txt2pdf",
        "file": "pdfs/txt2pdf.pdf",
        "md5": "02cefa0f5e8d96313bb05163b2f88c8c",