diff options
author | Jun Fang <jun_fang@foxitsoftware.com> | 2014-08-18 11:27:20 -0700 |
---|---|---|
committer | Jun Fang <jun_fang@foxitsoftware.com> | 2014-08-18 11:27:20 -0700 |
commit | 4f38edb402226948b637b99de8a6a123bdef20c7 (patch) | |
tree | 9b7d86196603424f12dd7bbe79841ee4766eed38 /core | |
parent | 635e82ec20b3d5ffcb24f9a1b1be9f1f24d8a3f4 (diff) | |
download | pdfium-4f38edb402226948b637b99de8a6a123bdef20c7.tar.xz |
Add a null pointer check before getting the family name of the given color space in CPDF_ColorSpace::Load
The test file defines a wrong color space object (7 0 obj). In the content of 7 0 obj,
the reserved obj (0 0 R) is used. The process of loading color space returns NULL when
the reserved obj (0 0 R) is found. For the error color space, it only needs to return
NULL when an error is detected.
BUG=403032
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/477413002
Diffstat (limited to 'core')
-rw-r--r-- | core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp b/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp index da48093135..1b4e7b83a9 100644 --- a/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp +++ b/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp @@ -1088,7 +1088,11 @@ CPDF_ColorSpace* CPDF_ColorSpace::Load(CPDF_Document* pDoc, CPDF_Object* pObj) if (pArray->GetCount() == 0) { return NULL; } - CFX_ByteString familyname = pArray->GetElementValue(0)->GetString(); + CPDF_Object *pFamilyObj = pArray->GetElementValue(0); + if (!pFamilyObj) { + return NULL; + } + CFX_ByteString familyname = pFamilyObj->GetString(); if (pArray->GetCount() == 1) { return _CSFromName(familyname); } |