From bf18cb6220aa19a64d2705640aad29d3f86ed04a Mon Sep 17 00:00:00 2001
From: Jun Fang <jun_fang@foxitsoftware.com>
Date: Wed, 28 Oct 2015 18:36:28 +0800
Subject: A crasher due to lacking 'template' node in XFA file

A template node is mandatory in XFA file. Pdfium should
ignore processing it when no template node is found in
XFA file.

BUG=pdfium:216
R=tsepez@chromium.org

Review URL: https://codereview.chromium.org/1423903002 .
---
 xfa/src/fxfa/src/parser/xfa_parser_imp.cpp         | 39 ++++++++++++++--------
 .../src/parser/xfa_parser_imp_embeddertest.cpp     | 15 +++++++++
 2 files changed, 41 insertions(+), 13 deletions(-)
 create mode 100644 xfa/src/fxfa/src/parser/xfa_parser_imp_embeddertest.cpp

(limited to 'xfa')

diff --git a/xfa/src/fxfa/src/parser/xfa_parser_imp.cpp b/xfa/src/fxfa/src/parser/xfa_parser_imp.cpp
index 9e85c1f539..48547d7e9f 100644
--- a/xfa/src/fxfa/src/parser/xfa_parser_imp.cpp
+++ b/xfa/src/fxfa/src/parser/xfa_parser_imp.cpp
@@ -386,12 +386,12 @@ CXFA_Node* CXFA_SimpleParser::ParseAsXDPPacket_XDP(
           pXMLDocumentNode, XFA_GetPacketByIndex(XFA_PACKET_XDP)->pName,
           XFA_GetPacketByIndex(XFA_PACKET_XDP)->pURI,
           XFA_GetPacketByIndex(XFA_PACKET_XDP)->eFlags)) {
-    return NULL;
+    return nullptr;
   }
   CXFA_Node* pXFARootNode =
       m_pFactory->CreateNode(XFA_XDPPACKET_XDP, XFA_ELEMENT_Xfa);
   if (!pXFARootNode) {
-    return NULL;
+    return nullptr;
   }
   m_pRootNode = pXFARootNode;
   pXFARootNode->SetCData(XFA_ATTRIBUTE_Name, FX_WSTRC(L"xfa"));
@@ -408,8 +408,8 @@ CXFA_Node* CXFA_SimpleParser::ParseAsXDPPacket_XDP(
       }
     }
   }
-  IFDE_XMLNode* pXMLConfigDOMRoot = NULL;
-  CXFA_Node* pXFAConfigDOMRoot = NULL;
+  IFDE_XMLNode* pXMLConfigDOMRoot = nullptr;
+  CXFA_Node* pXFAConfigDOMRoot = nullptr;
   {
     for (IFDE_XMLNode* pChildItem =
              pXMLDocumentNode->GetNodeItem(IFDE_XMLNode::FirstChild);
@@ -423,7 +423,7 @@ CXFA_Node* CXFA_SimpleParser::ParseAsXDPPacket_XDP(
       }
       if (CXFA_Node* pChildNode =
               pXFARootNode->GetFirstChildByName(pPacketInfo->uHash)) {
-        return NULL;
+        return nullptr;
       }
       pXMLConfigDOMRoot = pChildItem;
       pXFAConfigDOMRoot =
@@ -431,8 +431,9 @@ CXFA_Node* CXFA_SimpleParser::ParseAsXDPPacket_XDP(
       pXFARootNode->InsertChild(pXFAConfigDOMRoot, NULL);
     }
   }
-  IFDE_XMLNode* pXMLDatasetsDOMRoot = NULL;
-  IFDE_XMLNode* pXMLFormDOMRoot = NULL;
+  IFDE_XMLNode* pXMLDatasetsDOMRoot = nullptr;
+  IFDE_XMLNode* pXMLFormDOMRoot = nullptr;
+  IFDE_XMLNode* pXMLTemplateDOMRoot = nullptr;
   {
     for (IFDE_XMLNode* pChildItem =
              pXMLDocumentNode->GetNodeItem(IFDE_XMLNode::FirstChild);
@@ -453,7 +454,7 @@ CXFA_Node* CXFA_SimpleParser::ParseAsXDPPacket_XDP(
         if (!XFA_FDEExtension_MatchNodeName(pElement, pPacketInfo->pName,
                                             pPacketInfo->pURI,
                                             pPacketInfo->eFlags)) {
-          pPacketInfo = NULL;
+          pPacketInfo = nullptr;
         }
       }
       XFA_XDPPACKET ePacket =
@@ -463,29 +464,41 @@ CXFA_Node* CXFA_SimpleParser::ParseAsXDPPacket_XDP(
       }
       if (ePacket == XFA_XDPPACKET_Datasets) {
         if (pXMLDatasetsDOMRoot) {
-          pXMLDatasetsDOMRoot = NULL;
-          return NULL;
+          return nullptr;
         }
         pXMLDatasetsDOMRoot = pElement;
       } else if (ePacket == XFA_XDPPACKET_Form) {
         if (pXMLFormDOMRoot) {
-          pXMLFormDOMRoot = NULL;
-          return NULL;
+          return nullptr;
         }
         pXMLFormDOMRoot = pElement;
+      } else if (ePacket == XFA_XDPPACKET_Template) {
+        if (pXMLTemplateDOMRoot) {
+          // Found a duplicate template packet.
+          return nullptr;
+        }
+        CXFA_Node* pPacketNode = ParseAsXDPPacket(pElement, ePacket);
+        if (pPacketNode) {
+          pXMLTemplateDOMRoot = pElement;
+          pXFARootNode->InsertChild(pPacketNode);
+        }
       } else {
         CXFA_Node* pPacketNode = ParseAsXDPPacket(pElement, ePacket);
         if (pPacketNode) {
           if (pPacketInfo &&
               (pPacketInfo->eFlags & XFA_XDPPACKET_FLAGS_SUPPORTONE) &&
               pXFARootNode->GetFirstChildByName(pPacketInfo->uHash)) {
-            return NULL;
+            return nullptr;
           }
           pXFARootNode->InsertChild(pPacketNode);
         }
       }
     }
   }
+  if (!pXMLTemplateDOMRoot) {
+    // No template is found.
+    return nullptr;
+  }
   if (pXMLDatasetsDOMRoot) {
     CXFA_Node* pPacketNode =
         ParseAsXDPPacket(pXMLDatasetsDOMRoot, XFA_XDPPACKET_Datasets);
diff --git a/xfa/src/fxfa/src/parser/xfa_parser_imp_embeddertest.cpp b/xfa/src/fxfa/src/parser/xfa_parser_imp_embeddertest.cpp
new file mode 100644
index 0000000000..5a3059c0f5
--- /dev/null
+++ b/xfa/src/fxfa/src/parser/xfa_parser_imp_embeddertest.cpp
@@ -0,0 +1,15 @@
+// Copyright 2015 PDFium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "../../../../../testing/embedder_test.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+class XFAParserImpEmbeddertest : public EmbedderTest {};
+
+TEST_F(XFAParserImpEmbeddertest, Bug_216) {
+    EXPECT_TRUE(OpenDocument("testing/resources/bug_216.pdf"));
+    FPDF_PAGE page = LoadPage(0);
+    EXPECT_NE(nullptr, page);
+    UnloadPage(page);
+}
\ No newline at end of file
-- 
cgit v1.2.3