From 38d0449a02f4d16dd513c08c558e57891ec252dd Mon Sep 17 00:00:00 2001
From: Artem Strygin <art-snake@yandex-team.ru>
Date: Thu, 5 Oct 2017 16:48:21 +0300
Subject: Fix Null-dereference READ in CPDF_Dictionary::GetIntegerFor.

Bug: chromium:771858
Change-Id: Ief40de384921f943a40e8154b67d83ae6e7ed915
Reviewed-on: https://pdfium-review.googlesource.com/15490
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Art Snake <art-snake@yandex-team.ru>
---
 core/fpdfapi/parser/cpdf_data_avail.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/core/fpdfapi/parser/cpdf_data_avail.cpp b/core/fpdfapi/parser/cpdf_data_avail.cpp
index f066117fe9..aac233e293 100644
--- a/core/fpdfapi/parser/cpdf_data_avail.cpp
+++ b/core/fpdfapi/parser/cpdf_data_avail.cpp
@@ -1168,11 +1168,12 @@ CPDF_DataAvail::DocAvailStatus CPDF_DataAvail::CheckLinearizedData() {
   if (m_bLinearedDataOK)
     return DataAvailable;
   ASSERT(m_pLinearized);
-  if (!m_pLinearized->GetMainXRefTableFirstEntryOffset())
+  if (!m_pLinearized->GetMainXRefTableFirstEntryOffset() || !m_pDocument ||
+      !m_pDocument->GetParser() || !m_pDocument->GetParser()->GetTrailer()) {
     return DataError;
+  }
 
   if (!m_bMainXRefLoadTried) {
-    ASSERT(m_pDocument->GetParser()->GetTrailer());
     const FX_SAFE_FILESIZE main_xref_offset =
         m_pDocument->GetParser()->GetTrailer()->GetIntegerFor("Prev");
     if (!main_xref_offset.IsValid())
-- 
cgit v1.2.3