Fix null crash in CheckTrailer.

We are making checks in the incorrect order.  Also adds two test
cases, one for the this crash, and another for the original issue
that motivated the patch.

Original Patch by Bo at https://codereview.chromium.org/866003003/

BUG=450871
R=bo_xu@foxitsoftware.com

Review URL: https://codereview.chromium.org/872563002

5 files changed, 134 insertions, 1 deletions

diff --git a/testing/embedder_test.h b/testing/embedder_test.h
index 48ea415e19..3eb3be606f 100644
--- a/testing/embedder_test.h
+++ b/testing/embedder_test.h
@@ -65,7 +65,7 @@ class EmbedderTest : public ::testing::Test {
   // is prohibited after this call is made.
   virtual void UnloadPage(FPDF_PAGE page, FPDF_FORMHANDLE form);
 
- private:
+ protected:
   FPDF_DOCUMENT document_;
   FPDF_AVAIL avail_;
   FX_DOWNLOADHINTS hints_;
diff --git a/testing/resources/trailer_as_hexstring.in b/testing/resources/trailer_as_hexstring.in
new file mode 100644
index 0000000000..ec2368fab4
--- /dev/null
+++ b/testing/resources/trailer_as_hexstring.in
@@ -0,0 +1,29 @@
+{{header}}
+{{object 1 0}} <<
+  /Type /Catalog
+  /Pages 2 0 R
+  /Names <<
+    /Dests 10 0 R
+  >>
+  /Dests 14 0 R
+>>
+endobj
+{{object 2 0}} <<
+  /Type /Pages
+  /Count 1
+  /Kids [
+    3 0 R
+  ]
+>>
+endobj
+{{object 3 0}} <<
+  /Type /Page
+  /Parent 2 0 R
+  /MediaBox [0 0 612 792]
+>>
+endobj
+{{xref}}
+% trailer erroneously contains a hex string, not a dictionary.
+trailer <0000deadbabe0000>
+{{startxref}}
+%%EOF
diff --git a/testing/resources/trailer_as_hexstring.pdf b/testing/resources/trailer_as_hexstring.pdf
new file mode 100644
index 0000000000..5b75a53afa
--- /dev/null
+++ b/testing/resources/trailer_as_hexstring.pdf
@@ -0,0 +1,35 @@
+%PDF-1.7
+% ò¤ô
+1 0 obj <<
+  /Type /Catalog
+  /Pages 2 0 R
+  /Names <<
+    /Dests 10 0 R
+  >>
+  /Dests 14 0 R
+>>
+endobj
+2 0 obj <<
+  /Type /Pages
+  /Count 1
+  /Kids [
+    3 0 R
+  ]
+>>
+endobj
+3 0 obj <<
+  /Type /Page
+  /Parent 2 0 R
+  /MediaBox [0 0 612 792]
+>>
+endobj
+xref
+0 4
+0000000000 65536 f
+0000000015 00000 n
+0000000119 00000 n
+0000000190 00000 n
+trailer <0000deadbabe0000>
+startxref
+267
+%%EOF
diff --git a/testing/resources/trailer_unterminated.in b/testing/resources/trailer_unterminated.in
new file mode 100644
index 0000000000..c0c74b749c
--- /dev/null
+++ b/testing/resources/trailer_unterminated.in
@@ -0,0 +1,31 @@
+{{header}}
+{{object 1 0}} <<
+  /Type /Catalog
+  /Pages 2 0 R
+  /Names <<
+    /Dests 10 0 R
+  >>
+  /Dests 14 0 R
+>>
+endobj
+{{object 2 0}} <<
+  /Type /Pages
+  /Count 1
+  /Kids [
+    3 0 R
+  ]
+>>
+endobj
+{{object 3 0}} <<
+  /Type /Page
+  /Parent 2 0 R
+  /MediaBox [0 0 612 792]
+>>
+endobj
+{{xref}}
+% closing angle-brackets not present for trailer dictionary.
+trailer <<
+  /Size 6
+  /Root 1 0 R
+{{startxref}}
+%%EOF
diff --git a/testing/resources/trailer_unterminated.pdf b/testing/resources/trailer_unterminated.pdf
new file mode 100644
index 0000000000..b01ec4b67d
--- /dev/null
+++ b/testing/resources/trailer_unterminated.pdf
@@ -0,0 +1,38 @@
+%PDF-1.7
+% ò¤ô
+1 0 obj <<
+  /Type /Catalog
+  /Pages 2 0 R
+  /Names <<
+    /Dests 10 0 R
+  >>
+  /Dests 14 0 R
+>>
+endobj
+2 0 obj <<
+  /Type /Pages
+  /Count 1
+  /Kids [
+    3 0 R
+  ]
+>>
+endobj
+3 0 obj <<
+  /Type /Page
+  /Parent 2 0 R
+  /MediaBox [0 0 612 792]
+>>
+endobj
+xref
+0 4
+0000000000 65536 f
+0000000015 00000 n
+0000000119 00000 n
+0000000190 00000 n
+% closing angle-brackets not present for trailer dictionary.
+trailer <<
+  /Size 6
+  /Root 1 0 R
+startxref
+267
+%%EOF