From 54f86140d436ce2f457dc588f5b2c183d4e94452 Mon Sep 17 00:00:00 2001
From: Dan Sinclair <dsinclair@chromium.org>
Date: Wed, 10 Jan 2018 17:03:35 +0000
Subject: Verify GetOrCreate results are checked

This CL updates users of the GetOrCreate* methods to verify that the
value returned is not null before accessing.

Change-Id: I4a9fd29a26d5e4ec792ca3671c9868828e53d46e
Reviewed-on: https://pdfium-review.googlesource.com/22652
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
---
 fxjs/xfa/cjx_node.cpp                  |  3 +++
 xfa/fxfa/cxfa_widgetacc.cpp            | 14 +++++++++-----
 xfa/fxfa/parser/cxfa_fill.cpp          |  3 +++
 xfa/fxfa/parser/cxfa_font.cpp          |  9 ++++++---
 xfa/fxfa/parser/cxfa_layoutpagemgr.cpp |  1 +
 xfa/fxfa/parser/cxfa_stroke.cpp        |  3 +++
 6 files changed, 25 insertions(+), 8 deletions(-)

diff --git a/fxjs/xfa/cjx_node.cpp b/fxjs/xfa/cjx_node.cpp
index e8fa44eb17..cf2642c8ad 100644
--- a/fxjs/xfa/cjx_node.cpp
+++ b/fxjs/xfa/cjx_node.cpp
@@ -165,6 +165,9 @@ CJS_Return CJX_Node::getElement(
 
   CXFA_Node* pNode = GetOrCreateProperty<CXFA_Node>(
       iValue, CXFA_Node::NameToElement(expression));
+  if (!pNode)
+    return CJS_Return(runtime->NewNull());
+
   CFXJSE_Value* value =
       GetDocument()->GetScriptContext()->GetJSValueFromMap(pNode);
   if (!value)
diff --git a/xfa/fxfa/cxfa_widgetacc.cpp b/xfa/fxfa/cxfa_widgetacc.cpp
index f1067249f7..0c55bd6ce6 100644
--- a/xfa/fxfa/cxfa_widgetacc.cpp
+++ b/xfa/fxfa/cxfa_widgetacc.cpp
@@ -258,7 +258,7 @@ std::pair<XFA_Element, CXFA_Node*> CreateUIChild(CXFA_Node* pNode) {
   CXFA_Node* pUIChild = nullptr;
   CXFA_Ui* pUI =
       pNode->JSObject()->GetOrCreateProperty<CXFA_Ui>(0, XFA_Element::Ui);
-  CXFA_Node* pChild = pUI->GetFirstChild();
+  CXFA_Node* pChild = pUI ? pUI->GetFirstChild() : nullptr;
   for (; pChild; pChild = pChild->GetNextSibling()) {
     XFA_Element eChildType = pChild->GetElementType();
     if (eChildType == XFA_Element::Extras ||
@@ -303,11 +303,14 @@ std::pair<XFA_Element, CXFA_Node*> CreateUIChild(CXFA_Node* pNode) {
   if (!pUIChild) {
     if (eUIType == XFA_Element::Unknown) {
       eUIType = XFA_Element::TextEdit;
-      defValue->JSObject()->GetOrCreateProperty<CXFA_Text>(0,
-                                                           XFA_Element::Text);
+      if (defValue) {
+        defValue->JSObject()->GetOrCreateProperty<CXFA_Text>(0,
+                                                             XFA_Element::Text);
+      }
     }
     return {eWidgetType,
-            pUI->JSObject()->GetOrCreateProperty<CXFA_Node>(0, eUIType)};
+            pUI ? pUI->JSObject()->GetOrCreateProperty<CXFA_Node>(0, eUIType)
+                : nullptr};
   }
 
   if (eUIType != XFA_Element::Unknown)
@@ -350,7 +353,8 @@ std::pair<XFA_Element, CXFA_Node*> CreateUIChild(CXFA_Node* pNode) {
       eValueType = XFA_Element::Text;
       break;
   }
-  defValue->JSObject()->GetOrCreateProperty<CXFA_Node>(0, eValueType);
+  if (defValue)
+    defValue->JSObject()->GetOrCreateProperty<CXFA_Node>(0, eValueType);
 
   return {eWidgetType, pUIChild};
 }
diff --git a/xfa/fxfa/parser/cxfa_fill.cpp b/xfa/fxfa/parser/cxfa_fill.cpp
index e6b289817e..c62006754f 100644
--- a/xfa/fxfa/parser/cxfa_fill.cpp
+++ b/xfa/fxfa/parser/cxfa_fill.cpp
@@ -62,6 +62,9 @@ bool CXFA_Fill::IsVisible() {
 void CXFA_Fill::SetColor(FX_ARGB color) {
   CXFA_Color* pNode =
       JSObject()->GetOrCreateProperty<CXFA_Color>(0, XFA_Element::Color);
+  if (!pNode)
+    return;
+
   int a;
   int r;
   int g;
diff --git a/xfa/fxfa/parser/cxfa_font.cpp b/xfa/fxfa/parser/cxfa_font.cpp
index c78e926b27..694cb26147 100644
--- a/xfa/fxfa/parser/cxfa_font.cpp
+++ b/xfa/fxfa/parser/cxfa_font.cpp
@@ -124,9 +124,12 @@ bool CXFA_Font::IsItalic() {
 }
 
 void CXFA_Font::SetColor(FX_ARGB color) {
-  JSObject()
-      ->GetOrCreateProperty<CXFA_Fill>(0, XFA_Element::Fill)
-      ->SetColor(color);
+  CXFA_Fill* node =
+      JSObject()->GetOrCreateProperty<CXFA_Fill>(0, XFA_Element::Fill);
+  if (!node)
+    return;
+
+  node->SetColor(color);
 }
 
 FX_ARGB CXFA_Font::GetColor() {
diff --git a/xfa/fxfa/parser/cxfa_layoutpagemgr.cpp b/xfa/fxfa/parser/cxfa_layoutpagemgr.cpp
index 35a1bc8283..c5b7d52caa 100644
--- a/xfa/fxfa/parser/cxfa_layoutpagemgr.cpp
+++ b/xfa/fxfa/parser/cxfa_layoutpagemgr.cpp
@@ -290,6 +290,7 @@ bool CXFA_LayoutPageMgr::InitLayoutPage(CXFA_Node* pFormNode) {
       pTemplateNode->JSObject()->GetOrCreateProperty<CXFA_PageSet>(
           0, XFA_Element::PageSet);
   ASSERT(m_pTemplatePageSetRoot);
+
   if (m_pPageSetLayoutItemRoot) {
     m_pPageSetLayoutItemRoot->m_pParent = nullptr;
     m_pPageSetLayoutItemRoot->m_pFirstChild = nullptr;
diff --git a/xfa/fxfa/parser/cxfa_stroke.cpp b/xfa/fxfa/parser/cxfa_stroke.cpp
index 8085d3e489..c9c7d73f49 100644
--- a/xfa/fxfa/parser/cxfa_stroke.cpp
+++ b/xfa/fxfa/parser/cxfa_stroke.cpp
@@ -73,6 +73,9 @@ FX_ARGB CXFA_Stroke::GetColor() {
 void CXFA_Stroke::SetColor(FX_ARGB argb) {
   CXFA_Color* pNode =
       JSObject()->GetOrCreateProperty<CXFA_Color>(0, XFA_Element::Color);
+  if (!pNode)
+    return;
+
   int a;
   int r;
   int g;
-- 
cgit v1.2.3