diff options
| author | thestig <thestig@chromium.org> | 2016-09-20 05:58:19 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2016-09-20 05:58:20 -0700 |
| commit | 717d1330bafb846e4cd25bfb4952bfdedce0db91 (patch) | |
| tree | 95f78be7d0be2caddf701e1ef3b931637f76fd27 | |
| parent | 044b1d6f4929dd8905a259c1e134f2e582726d3b (diff) | |
| download | pdfium-717d1330bafb846e4cd25bfb4952bfdedce0db91.tar.xz | |
Fix nullptr dereference in FPDF_GenerateAP().
BUG=645954
Review-Url: https://codereview.chromium.org/2355733002
| -rw-r--r-- | core/fpdfdoc/cpvt_generateap.cpp | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/core/fpdfdoc/cpvt_generateap.cpp b/core/fpdfdoc/cpvt_generateap.cpp index 1e531799e8..d7c8bec3a1 100644 --- a/core/fpdfdoc/cpvt_generateap.cpp +++ b/core/fpdfdoc/cpvt_generateap.cpp @@ -6,6 +6,8 @@ #include "core/fpdfdoc/cpvt_generateap.h" +#include <algorithm> + #include "core/fpdfapi/fpdf_font/include/cpdf_font.h" #include "core/fpdfapi/fpdf_parser/include/cpdf_dictionary.h" #include "core/fpdfapi/fpdf_parser/include/cpdf_document.h" @@ -669,18 +671,23 @@ bool FPDF_GenerateAP(CPDF_Document* pDoc, CPDF_Dictionary* pAnnotDict) { if (!pAnnotDict || pAnnotDict->GetStringFor("Subtype") != "Widget") return false; - CFX_ByteString field_type = FPDF_GetFieldAttr(pAnnotDict, "FT")->GetString(); - uint32_t flags = FPDF_GetFieldAttr(pAnnotDict, "Ff") - ? FPDF_GetFieldAttr(pAnnotDict, "Ff")->GetInteger() - : 0; - if (field_type == "Tx") { + CPDF_Object* pFieldTypeObj = FPDF_GetFieldAttr(pAnnotDict, "FT"); + if (!pFieldTypeObj) + return false; + + CFX_ByteString field_type = pFieldTypeObj->GetString(); + if (field_type == "Tx") return CPVT_GenerateAP::GenerateTextFieldAP(pDoc, pAnnotDict); - } + + CPDF_Object* pFieldFlagsObj = FPDF_GetFieldAttr(pAnnotDict, "Ff"); + uint32_t flags = pFieldFlagsObj ? pFieldFlagsObj->GetInteger() : 0; + if (field_type == "Ch") { return (flags & (1 << 17)) ? CPVT_GenerateAP::GenerateComboBoxAP(pDoc, pAnnotDict) : CPVT_GenerateAP::GenerateListBoxAP(pDoc, pAnnotDict); } + if (field_type == "Btn") { if (!(flags & (1 << 16))) { if (!pAnnotDict->KeyExist("AS")) { @@ -692,6 +699,7 @@ bool FPDF_GenerateAP(CPDF_Document* pDoc, CPDF_Dictionary* pAnnotDict) { } } } + return false; } |