From 77d8317f2e6bb9c75d96390fdf843b86694ba6d2 Mon Sep 17 00:00:00 2001
From: Dan Sinclair <dsinclair@chromium.org>
Date: Tue, 22 Aug 2017 09:04:58 -0400
Subject: Verify image returned from AddImage

The ::AddImage call can return a nullptr if there is no stream provided.
This CL adds the missing null check on the returned object when lookikng
at the image.

Bug: chromium:756418, chromium:753700
Change-Id: I48032c0f421c8889827540ae91f404ef0f503bfe
Reviewed-on: https://pdfium-review.googlesource.com/11532
Reviewed-by: Rebekah Potter <rbpotter@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
---
 core/fpdfapi/page/cpdf_streamcontentparser.cpp | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/core/fpdfapi/page/cpdf_streamcontentparser.cpp b/core/fpdfapi/page/cpdf_streamcontentparser.cpp
index 1d5ddaeed2..42ed3fc3b4 100644
--- a/core/fpdfapi/page/cpdf_streamcontentparser.cpp
+++ b/core/fpdfapi/page/cpdf_streamcontentparser.cpp
@@ -660,7 +660,7 @@ void CPDF_StreamContentParser::Handle_BeginImage() {
   CPDF_ImageObject* pObj = AddImage(std::move(pStream));
   // Record the bounding box of this image, so rendering code can draw it
   // properly.
-  if (pObj->GetImage()->IsMask())
+  if (pObj && pObj->GetImage()->IsMask())
     m_pObjectHolder->AddImageMaskBoundingBox(pObj->GetRect());
 }
 
@@ -733,7 +733,7 @@ void CPDF_StreamContentParser::Handle_ExecuteXObject() {
     CPDF_ImageObject* pObj = AddImage(m_pLastImage);
     // Record the bounding box of this image, so rendering code can draw it
     // properly.
-    if (pObj->GetImage()->IsMask())
+    if (pObj && pObj->GetImage()->IsMask())
       m_pObjectHolder->AddImageMaskBoundingBox(pObj->GetRect());
     return;
   }
@@ -755,9 +755,11 @@ void CPDF_StreamContentParser::Handle_ExecuteXObject() {
                                  : AddImage(pXObject->GetObjNum());
 
     m_LastImageName = name;
-    m_pLastImage = pObj->GetImage();
-    if (m_pLastImage->IsMask())
-      m_pObjectHolder->AddImageMaskBoundingBox(pObj->GetRect());
+    if (pObj) {
+      m_pLastImage = pObj->GetImage();
+      if (m_pLastImage->IsMask())
+        m_pObjectHolder->AddImageMaskBoundingBox(pObj->GetRect());
+    }
   } else if (type == "Form") {
     AddForm(pXObject);
   }
-- 
cgit v1.2.3