From 38d0449a02f4d16dd513c08c558e57891ec252dd Mon Sep 17 00:00:00 2001 From: Artem Strygin Date: Thu, 5 Oct 2017 16:48:21 +0300 Subject: Fix Null-dereference READ in CPDF_Dictionary::GetIntegerFor. Bug: chromium:771858 Change-Id: Ief40de384921f943a40e8154b67d83ae6e7ed915 Reviewed-on: https://pdfium-review.googlesource.com/15490 Reviewed-by: dsinclair Commit-Queue: Art Snake --- core/fpdfapi/parser/cpdf_data_avail.cpp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/core/fpdfapi/parser/cpdf_data_avail.cpp b/core/fpdfapi/parser/cpdf_data_avail.cpp index f066117fe9..aac233e293 100644 --- a/core/fpdfapi/parser/cpdf_data_avail.cpp +++ b/core/fpdfapi/parser/cpdf_data_avail.cpp @@ -1168,11 +1168,12 @@ CPDF_DataAvail::DocAvailStatus CPDF_DataAvail::CheckLinearizedData() { if (m_bLinearedDataOK) return DataAvailable; ASSERT(m_pLinearized); - if (!m_pLinearized->GetMainXRefTableFirstEntryOffset()) + if (!m_pLinearized->GetMainXRefTableFirstEntryOffset() || !m_pDocument || + !m_pDocument->GetParser() || !m_pDocument->GetParser()->GetTrailer()) { return DataError; + } if (!m_bMainXRefLoadTried) { - ASSERT(m_pDocument->GetParser()->GetTrailer()); const FX_SAFE_FILESIZE main_xref_offset = m_pDocument->GetParser()->GetTrailer()->GetIntegerFor("Prev"); if (!main_xref_offset.IsValid()) -- cgit v1.2.3