From 4f38edb402226948b637b99de8a6a123bdef20c7 Mon Sep 17 00:00:00 2001
From: Jun Fang <jun_fang@foxitsoftware.com>
Date: Mon, 18 Aug 2014 11:27:20 -0700
Subject: Add a null pointer check before getting the family name of the given
 color space in CPDF_ColorSpace::Load

The test file defines a wrong color space object (7 0 obj). In the content of 7 0 obj,
the reserved obj (0 0 R) is used. The process of loading color space returns NULL when
the reserved obj (0 0 R) is found. For the error color space, it only needs to return
NULL when an error is detected.

BUG=403032
R=tsepez@chromium.org

Review URL: https://codereview.chromium.org/477413002
---
 core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp b/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp
index da48093135..1b4e7b83a9 100644
--- a/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp
+++ b/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp
@@ -1088,7 +1088,11 @@ CPDF_ColorSpace* CPDF_ColorSpace::Load(CPDF_Document* pDoc, CPDF_Object* pObj)
     if (pArray->GetCount() == 0) {
         return NULL;
     }
-    CFX_ByteString familyname = pArray->GetElementValue(0)->GetString();
+    CPDF_Object *pFamilyObj = pArray->GetElementValue(0);
+    if (!pFamilyObj) {
+        return NULL;
+    }
+    CFX_ByteString familyname = pFamilyObj->GetString();
     if (pArray->GetCount() == 1) {
         return _CSFromName(familyname);
     }
-- 
cgit v1.2.3