excessive processing time in JBIG2Stream::readGenericBitmap()
On the attached very small file clusterfuzz-testcase-minimized-gdal_filesystem_fuzzer-4842068703838208, JBIG2Stream::readGenericBitmap () takes more than several minutes to complete trying to read a w=593730423 * h=27 bitmap. No error/warning is raised. I suspect this is a feature of the arithmetic decoder to accept truncated streams and to return a conventional value in that situation. Any idea of what could be done to avoid such kind of denial of service ? Perhaps add some limitation on the maximum size of a bitmap ?
#0 JArithmeticDecoder::decodeBit (this=0x5555555c03d0, context=112, stats=0x5555555d2c00) at /home/even/poppler/poppler/JArithmeticDecoder.cc:237
#1 0x00007ffff7d3494d in JBIG2Stream::readGenericBitmap (this=0x5555555d3040, mmr=false, w=593730423, h=27, templ=2, tpgdOn=false, useSkip=false, skip=0x0, atx=0x7fffffffcba0, aty=0x7fffffffcbb0, mmrDataLength=0) at /home/even/poppler/poppler/JBIG2Stream.cc:3407
#2 0x00007ffff7d2da66 in JBIG2Stream::readSymbolDictSeg (this=0x5555555d3040, segNum=1, length=100, refSegs=0x0, nRefSegs=0) at /home/even/poppler/poppler/JBIG2Stream.cc:1771
#3 0x00007ffff7d2c088 in JBIG2Stream::readSegments (this=0x5555555d3040) at /home/even/poppler/poppler/JBIG2Stream.cc:1340
#4 0x00007ffff7d2b911 in JBIG2Stream::reset (this=0x5555555d3040) at /home/even/poppler/poppler/JBIG2Stream.cc:1177
#5 0x00007ffff7d9c50f in ImageStream::reset (this=0x5555555bbea0) at /home/even/poppler/poppler/Stream.cc:616
#6 0x00007ffff7e1d5a5 in SplashOutputDev::drawImage (this=0x5555555b9b20, state=0x5555555d2790, ref=0x7fffffffd6b0, str=0x5555555d3040, width=132, height=14, colorMap=0x7fffffffd140, interpolate=false, maskColors=0x0, inlineImg=false) at /home/even/poppler/poppler/SplashOutputDev.cc:3259
#7 0x00007ffff7cd6a9c in Gfx::doImage (this=0x5555555bc240, ref=0x7fffffffd6b0, str=0x5555555d3040, inlineImg=false) at /home/even/poppler/poppler/Gfx.cc:4563
#8 0x00007ffff7cd4153 in Gfx::opXObject (this=0x5555555bc240, args=0x7fffffffd7e0, numArgs=1) at /home/even/poppler/poppler/Gfx.cc:4105
#9 0x00007ffff7cc098e in Gfx::execOp (this=0x5555555bc240, cmd=0x7fffffffd7a0, args=0x7fffffffd7e0, numArgs=1) at /home/even/poppler/poppler/Gfx.cc:804
#10 0x00007ffff7cc023c in Gfx::go (this=0x5555555bc240, topLevel=true) at /home/even/poppler/poppler/Gfx.cc:681
#11 0x00007ffff7cbffaf in Gfx::display (this=0x5555555bc240, obj=0x7fffffffdb30, topLevel=true) at /home/even/poppler/poppler/Gfx.cc:642
#12 0x00007ffff7d5cf62 in Page::displaySlice (this=0x5555555b8fd0, out=0x5555555b9b20, hDPI=150, vDPI=150, rotate=0, useMediaBox=true, crop=false, sliceX=0, sliceY=0, sliceW=1241, sliceH=1754, printing=false, abortCheckCbk=0x0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0x55555555a520 <<lambda(Annot*, void*)>::_FUN(Annot *, void *)>, annotDisplayDecideCbkData=0x0, copyXRef=false) at /home/even/poppler/poppler/Page.cc:576
#13 0x00007ffff7d648a7 in PDFDoc::displayPageSlice (this=0x5555555b8bf0, out=0x5555555b9b20, page=1, hDPI=150, vDPI=150, rotate=0, useMediaBox=true, crop=false, printing=false, sliceX=0, sliceY=0, sliceW=1241, sliceH=1754, abortCheckCbk=0x0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0x55555555a520 <<lambda(Annot*, void*)>::_FUN(Annot *, void *)>, annotDisplayDecideCbkData=0x0, copyXRef=false) at /home/even/poppler/poppler/PDFDoc.cc:662
#14 0x000055555555a6ae in savePageSlice (doc=0x5555555b8bf0, splashOut=0x5555555b9b20, pg=1, x=0, y=0, w=1241, h=1754, pg_w=1240.1575000000003, pg_h=1753.9370833333335, ppmFile=0x0) at /home/even/poppler/utils/pdftoppm.cc:289