From b73680c6b57d3848de6e1a2355b4650601031e12 Mon Sep 17 00:00:00 2001
From: Ryan Harrison <rharrison@chromium.org>
Date: Mon, 31 Jul 2017 14:19:03 -0400
Subject: Remove null derefence case caught by fuzzers

This change also removes some variable shadowing that was going on
here.

BUG=chromium:750013

Change-Id: I7314166af3ecd55ea5e1105afbe171443b1b22ae
Reviewed-on: https://pdfium-review.googlesource.com/9630
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
---
 xfa/fxfa/fm2js/cxfa_fmparser.cpp | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/xfa/fxfa/fm2js/cxfa_fmparser.cpp b/xfa/fxfa/fm2js/cxfa_fmparser.cpp
index 150fa5aeda..4cd9a747a9 100644
--- a/xfa/fxfa/fm2js/cxfa_fmparser.cpp
+++ b/xfa/fxfa/fm2js/cxfa_fmparser.cpp
@@ -657,9 +657,11 @@ std::unique_ptr<CXFA_FMSimpleExpression> CXFA_FMParser::ParsePostExpression(
         std::vector<std::unique_ptr<CXFA_FMSimpleExpression>> expressions;
         if (m_token->m_type != TOKrparen) {
           while (m_token->m_type != TOKrparen) {
-            if (std::unique_ptr<CXFA_FMSimpleExpression> expr =
-                    ParseSimpleExpression())
-              expressions.push_back(std::move(expr));
+            std::unique_ptr<CXFA_FMSimpleExpression> simple_expr =
+                ParseSimpleExpression();
+            if (!simple_expr)
+              return nullptr;
+            expressions.push_back(std::move(simple_expr));
             if (m_token->m_type == TOKcomma) {
               if (!NextToken())
                 return nullptr;
-- 
cgit v1.2.3