diff options
author | Lei Zhang <thestig@chromium.org> | 2015-10-03 23:29:26 -0700 |
---|---|---|
committer | Lei Zhang <thestig@chromium.org> | 2015-10-03 23:29:26 -0700 |
commit | 0ecd473f0844b4c0b4a95360216af68de3a3570b (patch) | |
tree | 19159fbe6ff858eaf5ed9522d2f1da6e6c431e8e | |
parent | 8c217c537fc845763018a5d81a8c55b1045f6ccd (diff) | |
download | pdfium-0ecd473f0844b4c0b4a95360216af68de3a3570b.tar.xz |
Merge to XFA: Fix NULL pointer dereference in CPDF_InterForm.
BUG=537772
TBR=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1387703002 .
(cherry picked from commit 4f277fc8d41303cbf007335dfbbff60b81fffde0)
Review URL: https://codereview.chromium.org/1380603006 .
-rw-r--r-- | core/include/fpdfdoc/fpdf_doc.h | 4 | ||||
-rw-r--r-- | core/src/fpdfdoc/doc_form.cpp | 34 |
2 files changed, 20 insertions, 18 deletions
diff --git a/core/include/fpdfdoc/fpdf_doc.h b/core/include/fpdfdoc/fpdf_doc.h index b2ac747427..038bf90a17 100644 --- a/core/include/fpdfdoc/fpdf_doc.h +++ b/core/include/fpdfdoc/fpdf_doc.h @@ -738,7 +738,7 @@ class CPDF_InterForm : public CFX_PrivateData { int CompareFieldName(const CFX_ByteString& name1, const CFX_ByteString& name2); - CPDF_Document* m_pDocument; + CPDF_Document* const m_pDocument; FX_BOOL m_bGenerateAP; @@ -746,7 +746,7 @@ class CPDF_InterForm : public CFX_PrivateData { std::map<const CPDF_Dictionary*, CPDF_FormControl*> m_ControlMap; - CFieldTree* m_pFieldTree; + nonstd::unique_ptr<CFieldTree> m_pFieldTree; CFX_ByteString m_bsEncoding; diff --git a/core/src/fpdfdoc/doc_form.cpp b/core/src/fpdfdoc/doc_form.cpp index 970b4b9f40..17f1808444 100644 --- a/core/src/fpdfdoc/doc_form.cpp +++ b/core/src/fpdfdoc/doc_form.cpp @@ -233,21 +233,25 @@ CFieldTree::_Node* CFieldTree::FindNode(const CFX_WideString& full_name) { return pNode; } CPDF_InterForm::CPDF_InterForm(CPDF_Document* pDocument, FX_BOOL bGenerateAP) - : CFX_PrivateData() { - m_pDocument = pDocument; - m_bGenerateAP = bGenerateAP; - m_pFormNotify = NULL; - m_bUpdated = FALSE; - m_pFieldTree = new CFieldTree; + : CFX_PrivateData(), + m_pDocument(pDocument), + m_bGenerateAP(bGenerateAP), + m_pFormDict(nullptr), + m_pFieldTree(new CFieldTree), + m_pFormNotify(nullptr), + m_bUpdated(FALSE) { CPDF_Dictionary* pRoot = m_pDocument->GetRoot(); + if (!pRoot) + return; + m_pFormDict = pRoot->GetDict("AcroForm"); - if (m_pFormDict == NULL) { + if (!m_pFormDict) return; - } + CPDF_Array* pFields = m_pFormDict->GetArray("Fields"); - if (pFields == NULL) { + if (!pFields) return; - } + int count = pFields->GetCount(); for (int i = 0; i < count; i++) { LoadField(pFields->GetDict(i)); @@ -257,12 +261,10 @@ CPDF_InterForm::CPDF_InterForm(CPDF_Document* pDocument, FX_BOOL bGenerateAP) CPDF_InterForm::~CPDF_InterForm() { for (auto it : m_ControlMap) delete it.second; - if (m_pFieldTree) { - int nCount = m_pFieldTree->m_Root.CountFields(); - for (int i = 0; i < nCount; ++i) { - delete m_pFieldTree->m_Root.GetField(i); - } - delete m_pFieldTree; + + int nCount = m_pFieldTree->m_Root.CountFields(); + for (int i = 0; i < nCount; ++i) { + delete m_pFieldTree->m_Root.GetField(i); } } |