Verify we have a CJBig2_Image before attempting use.

In CJBig2_SDDProc::decode_Arith we will set a SDNEWSYMS value to nullptr if the
height or width are 0. With the PDF from the bug, all of the decoders are set
to nullptr. Then, we call into CJBig2_TRDProc::decode_Arith and pull out
one of the nullptr decoders and attempt to use it, crashing.

This CL adds a check that we have a non-null decoder before attempting to use
the decoder.

BUG=pdfium:511

Review-Url: https://codereview.chromium.org/2048683002

1 files changed, 5 insertions, 2 deletions

diff --git a/core/fxcodec/jbig2/JBig2_TrdProc.cpp b/core/fxcodec/jbig2/JBig2_TrdProc.cpp
index 5b0ef19505..177db9dec9 100644
--- a/core/fxcodec/jbig2/JBig2_TrdProc.cpp
+++ b/core/fxcodec/jbig2/JBig2_TrdProc.cpp
@@ -324,11 +324,14 @@ CJBig2_Image* CJBig2_TRDProc::decode_Arith(CJBig2_ArithDecoder* pArithDecoder,
         pIARDX->decode(pArithDecoder, &RDXI);
         pIARDY->decode(pArithDecoder, &RDYI);
         CJBig2_Image* IBOI = SBSYMS[IDI];
+        if (!IBOI)
+          return nullptr;
+
         uint32_t WOI = IBOI->m_nWidth;
         uint32_t HOI = IBOI->m_nHeight;
-        if ((int)(WOI + RDWI) < 0 || (int)(HOI + RDHI) < 0) {
+        if ((int)(WOI + RDWI) < 0 || (int)(HOI + RDHI) < 0)
           return nullptr;
-        }
+
         std::unique_ptr<CJBig2_GRRDProc> pGRRD(new CJBig2_GRRDProc());
         pGRRD->GRW = WOI + RDWI;
         pGRRD->GRH = HOI + RDHI;