Confirm that a global palette has data before attempting to use it

Previous implementation assumed that if the local colour palette was
not specified and the global palette had its size specified, then use
the global. If the global palette is disable, it will not have data,
but it may have a size. Technically the size is giberish in this case,
but the value is allowed to be non-zero, so isn't a sufficient check.

BUG=chromium:768089

Change-Id: Iaec15fcd65f3983056df7d56d29118a516334cd9
Reviewed-on: https://pdfium-review.googlesource.com/14819
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>

1 files changed, 3 insertions, 0 deletions

diff --git a/core/fxcodec/codec/fx_codec_progress.cpp b/core/fxcodec/codec/fx_codec_progress.cpp
index f10523cc39..0f2f56122b 100644
--- a/core/fxcodec/codec/fx_codec_progress.cpp
+++ b/core/fxcodec/codec/fx_codec_progress.cpp
@@ -625,6 +625,8 @@ bool CCodec_ProgressiveDecoder::GifInputRecordPositionBuf(
   if (pal_num != 0 && pal_ptr) {
     pPalette = (uint8_t*)pal_ptr;
   } else {
+    if (!m_pGifPalette)
+      return false;
     pal_num = m_GifPltNumber;
     pPalette = m_pGifPalette;
   }
@@ -1207,6 +1209,7 @@ bool CCodec_ProgressiveDecoder::DetectImageType(FXCODEC_IMAGE_TYPE imageType,
       while (readResult == GifDecodeStatus::Unfinished) {
         FXCODEC_STATUS error_status = FXCODEC_STATUS_ERR_FORMAT;
         if (!GifReadMoreData(pGifModule, error_status)) {
+          m_pGifContext = nullptr;
           m_status = error_status;
           return false;
         }