Merge to XFA: Fix a NULL pointer crash in the CJBig2_Image copy constructor.

Also change the copy ctor to take a const ref.

BUG=560520
TBR=tsepez@chromium.org

Review URL: https://codereview.chromium.org/1472113002 .

(cherry picked from commit d03bc01003ae2603dafdc07b901ffef0a509a2b9)

Review URL: https://codereview.chromium.org/1478473002 .

1 files changed, 2 insertions, 2 deletions

diff --git a/core/src/fxcodec/jbig2/JBig2_SddProc.cpp b/core/src/fxcodec/jbig2/JBig2_SddProc.cpp
index 52aef2b37f..edfc074003 100644
--- a/core/src/fxcodec/jbig2/JBig2_SddProc.cpp
+++ b/core/src/fxcodec/jbig2/JBig2_SddProc.cpp
@@ -266,7 +266,7 @@ CJBig2_SymbolDict* CJBig2_SDDProc::decode_Arith(
   for (I = 0; I < SDNUMINSYMS + SDNUMNEWSYMS; I++) {
     if (EXFLAGS[I] && J < SDNUMEXSYMS) {
       if (I < SDNUMINSYMS) {
-        pDict->AddImage(new CJBig2_Image(*SDINSYMS[I]));
+        pDict->AddImage(SDINSYMS[I] ? new CJBig2_Image(*SDINSYMS[I]) : nullptr);
       } else {
         pDict->AddImage(SDNEWSYMS[I - SDNUMINSYMS]);
       }
@@ -604,7 +604,7 @@ CJBig2_SymbolDict* CJBig2_SDDProc::decode_Huffman(
   for (I = 0; I < SDNUMINSYMS + SDNUMNEWSYMS; I++) {
     if (EXFLAGS[I] && J < SDNUMEXSYMS) {
       if (I < SDNUMINSYMS) {
-        pDict->AddImage(new CJBig2_Image(*SDINSYMS[I]));
+        pDict->AddImage(SDINSYMS[I] ? new CJBig2_Image(*SDINSYMS[I]) : nullptr);
       } else {
         pDict->AddImage(SDNEWSYMS[I - SDNUMINSYMS]);
       }