summaryrefslogtreecommitdiff
path: root/core
diff options
context:
space:
mode:
authorJun Fang <jun_fang@foxitsoftware.com>2014-08-18 11:27:20 -0700
committerJun Fang <jun_fang@foxitsoftware.com>2014-08-18 11:27:20 -0700
commit4f38edb402226948b637b99de8a6a123bdef20c7 (patch)
tree9b7d86196603424f12dd7bbe79841ee4766eed38 /core
parent635e82ec20b3d5ffcb24f9a1b1be9f1f24d8a3f4 (diff)
downloadpdfium-4f38edb402226948b637b99de8a6a123bdef20c7.tar.xz
Add a null pointer check before getting the family name of the given color space in CPDF_ColorSpace::Load
The test file defines a wrong color space object (7 0 obj). In the content of 7 0 obj, the reserved obj (0 0 R) is used. The process of loading color space returns NULL when the reserved obj (0 0 R) is found. For the error color space, it only needs to return NULL when an error is detected. BUG=403032 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/477413002
Diffstat (limited to 'core')
-rw-r--r--core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp6
1 files changed, 5 insertions, 1 deletions
diff --git a/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp b/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp
index da48093135..1b4e7b83a9 100644
--- a/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp
+++ b/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp
@@ -1088,7 +1088,11 @@ CPDF_ColorSpace* CPDF_ColorSpace::Load(CPDF_Document* pDoc, CPDF_Object* pObj)
if (pArray->GetCount() == 0) {
return NULL;
}
- CFX_ByteString familyname = pArray->GetElementValue(0)->GetString();
+ CPDF_Object *pFamilyObj = pArray->GetElementValue(0);
+ if (!pFamilyObj) {
+ return NULL;
+ }
+ CFX_ByteString familyname = pFamilyObj->GetString();
if (pArray->GetCount() == 1) {
return _CSFromName(familyname);
}