diff options
-rw-r--r-- | core/fpdfapi/parser/cfdf_document.cpp | 3 | ||||
-rw-r--r-- | core/fpdfapi/parser/cpdf_indirect_object_holder.cpp | 3 | ||||
-rw-r--r-- | core/fpdfapi/parser/cpdf_parser.cpp | 8 |
3 files changed, 10 insertions, 4 deletions
diff --git a/core/fpdfapi/parser/cfdf_document.cpp b/core/fpdfapi/parser/cfdf_document.cpp index d39ec31d3c..bcaa9daec3 100644 --- a/core/fpdfapi/parser/cfdf_document.cpp +++ b/core/fpdfapi/parser/cfdf_document.cpp @@ -58,6 +58,9 @@ void CFDF_Document::ParseStream(IFX_SeekableReadStream* pFile, bool bOwnFile) { CFX_ByteString word = parser.GetNextWord(&bNumber); if (bNumber) { uint32_t objnum = FXSYS_atoui(word.c_str()); + if (!objnum) + break; + word = parser.GetNextWord(&bNumber); if (!bNumber) break; diff --git a/core/fpdfapi/parser/cpdf_indirect_object_holder.cpp b/core/fpdfapi/parser/cpdf_indirect_object_holder.cpp index 6e549de5a7..9427543396 100644 --- a/core/fpdfapi/parser/cpdf_indirect_object_holder.cpp +++ b/core/fpdfapi/parser/cpdf_indirect_object_holder.cpp @@ -56,7 +56,8 @@ uint32_t CPDF_IndirectObjectHolder::AddIndirectObject(CPDF_Object* pObj) { bool CPDF_IndirectObjectHolder::ReplaceIndirectObjectIfHigherGeneration( uint32_t objnum, CPDF_Object* pObj) { - if (!objnum || !pObj) + ASSERT(objnum); + if (!pObj) return false; CPDF_Object* pOldObj = GetIndirectObject(objnum); diff --git a/core/fpdfapi/parser/cpdf_parser.cpp b/core/fpdfapi/parser/cpdf_parser.cpp index cff0f77b32..96e59fb62f 100644 --- a/core/fpdfapi/parser/cpdf_parser.cpp +++ b/core/fpdfapi/parser/cpdf_parser.cpp @@ -960,14 +960,16 @@ bool CPDF_Parser::LoadCrossRefV5(FX_FILESIZE* pos, bool bMainXRef) { if (!pObject) return false; - CPDF_Object* pUnownedObject = pObject.get(); + uint32_t objnum = pObject->m_ObjNum; + if (!objnum) + return false; + CPDF_Object* pUnownedObject = pObject.get(); if (m_pDocument) { CPDF_Dictionary* pRootDict = m_pDocument->GetRoot(); - if (pRootDict && pRootDict->GetObjNum() == pObject->m_ObjNum) + if (pRootDict && pRootDict->GetObjNum() == objnum) return false; // Takes ownership of object (std::move someday). - uint32_t objnum = pObject->m_ObjNum; if (!m_pDocument->ReplaceIndirectObjectIfHigherGeneration( objnum, pObject.release())) { return false; |