From 63b2fc7e0248d2112935775f52027a018b9aa737 Mon Sep 17 00:00:00 2001
From: Tom Sepez <tsepez@chromium.org>
Date: Mon, 14 Aug 2017 16:24:29 -0700
Subject: Check for possible empty object returns from NewFxDynamicObj()

Avoid some potential crashiness.

TBR=jochen@chromium.org

Bug: 754610
Change-Id: Ie8143c1909df7ba5783b7d20b61e31f093d04b34
Reviewed-on: https://pdfium-review.googlesource.com/10970
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
---
 fpdfsdk/javascript/global.cpp | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

(limited to 'fpdfsdk')

diff --git a/fpdfsdk/javascript/global.cpp b/fpdfsdk/javascript/global.cpp
index d7f17fa41c..8dcddf4339 100644
--- a/fpdfsdk/javascript/global.cpp
+++ b/fpdfsdk/javascript/global.cpp
@@ -206,11 +206,13 @@ void JSGlobalAlternate::UpdateGlobalPersistentVariables() {
         break;
       case JS_GlobalDataType::OBJECT: {
         v8::Local<v8::Object> pObj = pRuntime->NewFxDynamicObj(-1);
-        PutObjectProperty(pObj, &pData->data);
-        SetGlobalVariables(pData->data.sKey, JS_GlobalDataType::OBJECT, 0,
-                           false, "", pObj, pData->bPersistent == 1);
-        pRuntime->PutObjectProperty(m_pJSObject->ToV8Object(),
-                                    pData->data.sKey.UTF8Decode(), pObj);
+        if (!pObj.IsEmpty()) {
+          PutObjectProperty(pObj, &pData->data);
+          SetGlobalVariables(pData->data.sKey, JS_GlobalDataType::OBJECT, 0,
+                             false, "", pObj, pData->bPersistent == 1);
+          pRuntime->PutObjectProperty(m_pJSObject->ToV8Object(),
+                                      pData->data.sKey.UTF8Decode(), pObj);
+        }
       } break;
       case JS_GlobalDataType::NULLOBJ:
         SetGlobalVariables(pData->data.sKey, JS_GlobalDataType::NULLOBJ, 0,
@@ -335,8 +337,11 @@ void JSGlobalAlternate::PutObjectProperty(v8::Local<v8::Object> pObj,
         break;
       case JS_GlobalDataType::OBJECT: {
         v8::Local<v8::Object> pNewObj = pRuntime->NewFxDynamicObj(-1);
-        PutObjectProperty(pNewObj, pObjData);
-        pRuntime->PutObjectProperty(pObj, pObjData->sKey.UTF8Decode(), pNewObj);
+        if (!pNewObj.IsEmpty()) {
+          PutObjectProperty(pNewObj, pObjData);
+          pRuntime->PutObjectProperty(pObj, pObjData->sKey.UTF8Decode(),
+                                      pNewObj);
+        }
       } break;
       case JS_GlobalDataType::NULLOBJ:
         pRuntime->PutObjectProperty(pObj, pObjData->sKey.UTF8Decode(),
-- 
cgit v1.2.3