#143 infinite loop handling corrupt document files

[Scott]

Versions 1.0.2 and 1.0.3

An infinite loop has been witnessed in function
wvGetRowTap(), within the statements:

do {
wvReleasePAPX_FKP (&para_fkp);
wvGetSimpleParaBounds (ver, &para_fkp, &para_fcFirst,
&para_fcLim,
i, btePapx,
posPapx,
para_intervals,
ps->mainfd);
wvTrace (("2: para from %x to %x\n", para_fcFirst,
para_fcLim));
wvAssembleSimplePAP (ver, &apap, para_fcLim,
&para_fkp, ps);
i = para_fcLim;
} while (apap.fTtp == 0);

It appears the file is corrupt and the code is
attempting to do its best to continue the parsing. In
function wvGetSimpleParaBounds(), there is a while loop
which attempts a correction but I think is not always
suceeding.
See loop "while (fkp->rgfc[fkp->crun] <= currentfc) {...}".

What I have observed is the following statement
evaluates to true once inside the while loop:
if ((fkp->rgfc[fkp->crun] == currentfc) &&
(currentfc == pos[nobte]))
break;

And 'currentfc' was observed to be equal to 'endfc', as
gotten from: wvGetPieceBoundsFC (&beginfc, &endfc,
&ps->clx, piececount); in main loop of function
wvDecodeSimple().

Normally variable 'apap' would eventually be updated in
function wvAssembleSimplePAP() such that 'apap.fTtp ==
0' would evaluate to false. But in observed situation,
that never happens.

Unfortunetly I can not at this time provide the
document as it contains private information; but will
work to supply you with one.

This infinite loop has been witnessed on a SUSE Linux
x64 (kernal 2.6.5) machine and Sun Solaris 5.9.