From 2896cfaff519136d7d770ca048b448e6b3ad9324 Mon Sep 17 00:00:00 2001
From: Dan Sinclair <dsinclair@chromium.org>
Date: Mon, 5 Feb 2018 17:59:49 +0000
Subject: [XFA] dot_accessor may not provide a valid object.

If the object being accessed through the dot_accessor does not exist
it's possible to receive a nullptr in ResolveObject. Instead of
ASSERTing just return false and let the caller handle the failure.

Bug: chromium::778904
Change-Id: I918c1c5dcb23b86082793c5037d58e0ab043559e
Reviewed-on: https://pdfium-review.googlesource.com/25350
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
---
 fxjs/cfxjse_formcalc_context.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/fxjs/cfxjse_formcalc_context.cpp b/fxjs/cfxjse_formcalc_context.cpp
index 3306cd9042..9f0664cacc 100644
--- a/fxjs/cfxjse_formcalc_context.cpp
+++ b/fxjs/cfxjse_formcalc_context.cpp
@@ -5944,7 +5944,9 @@ bool CFXJSE_FormCalcContext::ResolveObjects(CFXJSE_Value* pThis,
       dFlags = XFA_RESOLVENODE_Siblings | XFA_RESOLVENODE_Parent;
     } else {
       pNode = CFXJSE_Engine::ToObject(pRefValue, nullptr);
-      ASSERT(pNode);
+      if (!pNode)
+        return false;
+
       if (bHasNoResolveName) {
         WideString wsName;
         if (CXFA_Node* pXFANode = pNode->AsNode()) {
-- 
cgit v1.2.3