Describe the bug

In src/epsimage.cpp:182, the XMP trailer search loop checks data[xmpPos] instead of data[trailerPos]. The variable xmpPos is a constant at this point (the position of the XMP header). The loop variable trailerPos is the one that should be checked.

Because data[xmpPos] always points to the < character at the start of an XMP header, the condition data[xmpPos] != '\x00' && data[xmpPos] != '<' is always false. The continue statement on line 183 is never executed.

// src/epsimage.cpp:181-183
for (size_t trailerPos = xmpPos + header.size(); trailerPos < size; trailerPos++) {
    if (data[xmpPos] != '\x00' && data[xmpPos] != '<')   // should be data[trailerPos]
      continue;

As a result, every byte position is checked against all XMP trailer patterns. The intended early-exit optimization does not take effect.

To Reproduce

1. Use any EPS file that contains an XMP header but has a large gap before the XMP trailer.
2. Run exiv2 -pa file.eps.
3. Observed on main branch, current HEAD.

The parser produces correct output. The issue is that it does more work than necessary because the early-exit check is not functioning.

Expected behavior

The condition should check data[trailerPos] so that positions which cannot match a trailer are skipped.

Desktop (please complete the following information):

• OS and version: macOS (Darwin 25.3.0, arm64)
• Exiv2 version and source: main branch, built from source
• Compiler and version: Clang 22.1.1 (homebrew llvm)
• Compilation mode and/or compiler flags: Debug

Additional context

The fix is to change data[xmpPos] to data[trailerPos] on line 182:

if (data[trailerPos] != '\x00' && data[trailerPos] != '<')
    continue;

I can submit a PR if helpful.