summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLei Zhang <thestig@chromium.org>2015-10-03 10:06:25 -0700
committerLei Zhang <thestig@chromium.org>2015-10-03 10:06:25 -0700
commit4f277fc8d41303cbf007335dfbbff60b81fffde0 (patch)
tree9d2f325bffdc4b7cd774f0d87d8d3cfc7d76448d
parent9b6735445f20ae17b883b5739bf79a7c1f99e139 (diff)
downloadpdfium-4f277fc8d41303cbf007335dfbbff60b81fffde0.tar.xz
Fix NULL pointer dereference in CPDF_InterForm.
BUG=537772 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1387703002 .
-rw-r--r--core/include/fpdfdoc/fpdf_doc.h4
-rw-r--r--core/src/fpdfdoc/doc_form.cpp34
2 files changed, 20 insertions, 18 deletions
diff --git a/core/include/fpdfdoc/fpdf_doc.h b/core/include/fpdfdoc/fpdf_doc.h
index 0588a3a914..b0c129b05e 100644
--- a/core/include/fpdfdoc/fpdf_doc.h
+++ b/core/include/fpdfdoc/fpdf_doc.h
@@ -738,7 +738,7 @@ class CPDF_InterForm : public CFX_PrivateData {
int CompareFieldName(const CFX_ByteString& name1,
const CFX_ByteString& name2);
- CPDF_Document* m_pDocument;
+ CPDF_Document* const m_pDocument;
FX_BOOL m_bGenerateAP;
@@ -746,7 +746,7 @@ class CPDF_InterForm : public CFX_PrivateData {
std::map<const CPDF_Dictionary*, CPDF_FormControl*> m_ControlMap;
- CFieldTree* m_pFieldTree;
+ nonstd::unique_ptr<CFieldTree> m_pFieldTree;
CFX_ByteString m_bsEncoding;
diff --git a/core/src/fpdfdoc/doc_form.cpp b/core/src/fpdfdoc/doc_form.cpp
index 970b4b9f40..17f1808444 100644
--- a/core/src/fpdfdoc/doc_form.cpp
+++ b/core/src/fpdfdoc/doc_form.cpp
@@ -233,21 +233,25 @@ CFieldTree::_Node* CFieldTree::FindNode(const CFX_WideString& full_name) {
return pNode;
}
CPDF_InterForm::CPDF_InterForm(CPDF_Document* pDocument, FX_BOOL bGenerateAP)
- : CFX_PrivateData() {
- m_pDocument = pDocument;
- m_bGenerateAP = bGenerateAP;
- m_pFormNotify = NULL;
- m_bUpdated = FALSE;
- m_pFieldTree = new CFieldTree;
+ : CFX_PrivateData(),
+ m_pDocument(pDocument),
+ m_bGenerateAP(bGenerateAP),
+ m_pFormDict(nullptr),
+ m_pFieldTree(new CFieldTree),
+ m_pFormNotify(nullptr),
+ m_bUpdated(FALSE) {
CPDF_Dictionary* pRoot = m_pDocument->GetRoot();
+ if (!pRoot)
+ return;
+
m_pFormDict = pRoot->GetDict("AcroForm");
- if (m_pFormDict == NULL) {
+ if (!m_pFormDict)
return;
- }
+
CPDF_Array* pFields = m_pFormDict->GetArray("Fields");
- if (pFields == NULL) {
+ if (!pFields)
return;
- }
+
int count = pFields->GetCount();
for (int i = 0; i < count; i++) {
LoadField(pFields->GetDict(i));
@@ -257,12 +261,10 @@ CPDF_InterForm::CPDF_InterForm(CPDF_Document* pDocument, FX_BOOL bGenerateAP)
CPDF_InterForm::~CPDF_InterForm() {
for (auto it : m_ControlMap)
delete it.second;
- if (m_pFieldTree) {
- int nCount = m_pFieldTree->m_Root.CountFields();
- for (int i = 0; i < nCount; ++i) {
- delete m_pFieldTree->m_Root.GetField(i);
- }
- delete m_pFieldTree;
+
+ int nCount = m_pFieldTree->m_Root.CountFields();
+ for (int i = 0; i < nCount; ++i) {
+ delete m_pFieldTree->m_Root.GetField(i);
}
}