diff options
author | Artem Strygin <art-snake@yandex-team.ru> | 2017-10-05 16:48:21 +0300 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2017-10-05 14:09:45 +0000 |
commit | 38d0449a02f4d16dd513c08c558e57891ec252dd (patch) | |
tree | 79dc803aa538f10a54f0ef618609f0aa934266c4 /core/fpdfapi/parser | |
parent | 985e86f297e8319dbf3fd37247613f66e9f11216 (diff) | |
download | pdfium-38d0449a02f4d16dd513c08c558e57891ec252dd.tar.xz |
Fix Null-dereference READ in CPDF_Dictionary::GetIntegerFor.
Bug: chromium:771858
Change-Id: Ief40de384921f943a40e8154b67d83ae6e7ed915
Reviewed-on: https://pdfium-review.googlesource.com/15490
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Art Snake <art-snake@yandex-team.ru>
Diffstat (limited to 'core/fpdfapi/parser')
-rw-r--r-- | core/fpdfapi/parser/cpdf_data_avail.cpp | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/core/fpdfapi/parser/cpdf_data_avail.cpp b/core/fpdfapi/parser/cpdf_data_avail.cpp index f066117fe9..aac233e293 100644 --- a/core/fpdfapi/parser/cpdf_data_avail.cpp +++ b/core/fpdfapi/parser/cpdf_data_avail.cpp @@ -1168,11 +1168,12 @@ CPDF_DataAvail::DocAvailStatus CPDF_DataAvail::CheckLinearizedData() { if (m_bLinearedDataOK) return DataAvailable; ASSERT(m_pLinearized); - if (!m_pLinearized->GetMainXRefTableFirstEntryOffset()) + if (!m_pLinearized->GetMainXRefTableFirstEntryOffset() || !m_pDocument || + !m_pDocument->GetParser() || !m_pDocument->GetParser()->GetTrailer()) { return DataError; + } if (!m_bMainXRefLoadTried) { - ASSERT(m_pDocument->GetParser()->GetTrailer()); const FX_SAFE_FILESIZE main_xref_offset = m_pDocument->GetParser()->GetTrailer()->GetIntegerFor("Prev"); if (!main_xref_offset.IsValid()) |