summaryrefslogtreecommitdiff
path: root/core/fpdfapi/parser
diff options
context:
space:
mode:
authorArtem Strygin <art-snake@yandex-team.ru>2017-10-05 16:48:21 +0300
committerChromium commit bot <commit-bot@chromium.org>2017-10-05 14:09:45 +0000
commit38d0449a02f4d16dd513c08c558e57891ec252dd (patch)
tree79dc803aa538f10a54f0ef618609f0aa934266c4 /core/fpdfapi/parser
parent985e86f297e8319dbf3fd37247613f66e9f11216 (diff)
downloadpdfium-38d0449a02f4d16dd513c08c558e57891ec252dd.tar.xz
Fix Null-dereference READ in CPDF_Dictionary::GetIntegerFor.
Bug: chromium:771858 Change-Id: Ief40de384921f943a40e8154b67d83ae6e7ed915 Reviewed-on: https://pdfium-review.googlesource.com/15490 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Art Snake <art-snake@yandex-team.ru>
Diffstat (limited to 'core/fpdfapi/parser')
-rw-r--r--core/fpdfapi/parser/cpdf_data_avail.cpp5
1 files changed, 3 insertions, 2 deletions
diff --git a/core/fpdfapi/parser/cpdf_data_avail.cpp b/core/fpdfapi/parser/cpdf_data_avail.cpp
index f066117fe9..aac233e293 100644
--- a/core/fpdfapi/parser/cpdf_data_avail.cpp
+++ b/core/fpdfapi/parser/cpdf_data_avail.cpp
@@ -1168,11 +1168,12 @@ CPDF_DataAvail::DocAvailStatus CPDF_DataAvail::CheckLinearizedData() {
if (m_bLinearedDataOK)
return DataAvailable;
ASSERT(m_pLinearized);
- if (!m_pLinearized->GetMainXRefTableFirstEntryOffset())
+ if (!m_pLinearized->GetMainXRefTableFirstEntryOffset() || !m_pDocument ||
+ !m_pDocument->GetParser() || !m_pDocument->GetParser()->GetTrailer()) {
return DataError;
+ }
if (!m_bMainXRefLoadTried) {
- ASSERT(m_pDocument->GetParser()->GetTrailer());
const FX_SAFE_FILESIZE main_xref_offset =
m_pDocument->GetParser()->GetTrailer()->GetIntegerFor("Prev");
if (!main_xref_offset.IsValid())