From e0bbe4aac90e56950f28e322c3d6192c35af5ea0 Mon Sep 17 00:00:00 2001
From: Tom Sepez <tsepez@chromium.org>
Date: Fri, 23 Jan 2015 15:05:43 -0800
Subject: Fix null crash in CheckTrailer.

We are making checks in the incorrect order.  Also adds two test
cases, one for the this crash, and another for the original issue
that motivated the patch.

Original Patch by Bo at https://codereview.chromium.org/866003003/

BUG=450871
R=bo_xu@foxitsoftware.com

Review URL: https://codereview.chromium.org/872563002
---
 core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'core/src/fpdfapi/fpdf_parser')

diff --git a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
index f6253757b6..5dfcc82787 100644
--- a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
+++ b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
@@ -4026,14 +4026,14 @@ FX_BOOL CPDF_DataAvail::CheckTrailer(IFX_DownloadHints* pHints)
         CFX_SmartPointer<IFX_FileStream> file(FX_CreateMemoryStream(pBuf, (size_t)iSize, FALSE));
         m_syntaxParser.InitParser((IFX_FileStream*)file, 0);
         CPDF_Object *pTrailer = m_syntaxParser.GetObject(NULL, 0, 0, 0);
-        if (pTrailer->GetType() != PDFOBJ_DICTIONARY) {
-            return FALSE;
-        }
         if (!pTrailer) {
             m_Pos += m_syntaxParser.SavePos();
             pHints->AddSegment(m_Pos, iTrailerSize);
             return FALSE;
         }
+        if (pTrailer->GetType() != PDFOBJ_DICTIONARY) {
+            return FALSE;
+        }
         CPDF_Dictionary *pTrailerDict = pTrailer->GetDict();
         if (pTrailerDict) {
             CPDF_Object *pEncrypt = pTrailerDict->GetElement("Encrypt");
-- 
cgit v1.2.3