Fix assertion !pValue.IsEmpty() in cfxjse_value.cpp.
Second issue noted in referenced bug.
Bug: pdfium:1238
Change-Id: I234f75e2de3669d2452f9b04c285b8f9d717acac
Reviewed-on: https://pdfium-review.googlesource.com/c/50893
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
diff --git a/fxjs/xfa/cfxjse_engine.cpp b/fxjs/xfa/cfxjse_engine.cpp
index 534c609..5a9fd5a 100644
--- a/fxjs/xfa/cfxjse_engine.cpp
+++ b/fxjs/xfa/cfxjse_engine.cpp
@@ -664,7 +664,8 @@
CJX_Object* jsObject = rndFind.m_Objects.front()->JSObject();
(*rndFind.m_ScriptAttribute.callback)(
jsObject, pValue.get(), false, rndFind.m_ScriptAttribute.attribute);
- rndFind.m_Objects.front() = ToObject(pValue.get());
+ if (!pValue->IsEmpty())
+ rndFind.m_Objects.front() = ToObject(pValue.get());
}
if (!m_upObjectArray.empty())
m_upObjectArray.pop_back();
diff --git a/testing/resources/javascript/xfa_specific/bug_1238_2.pdf b/testing/resources/javascript/xfa_specific/bug_1238_2.pdf
new file mode 100644
index 0000000..0822846
--- /dev/null
+++ b/testing/resources/javascript/xfa_specific/bug_1238_2.pdf
@@ -0,0 +1,24 @@
+%PDF
+2 0 obj<<
+>>
+endobj
+4 0 obj<<
+>>
+stream
+<xdp:xdp xmlns:xdp="http://ns.adobe.com/xdp/">
+ <template any="clams">
+ <proto use="xfa.context.!">
+endstream
+endobj
+5 0 obj <<
+ /XFA 4 0 R
+>>
+endobj
+6 0 obj <<
+ /AcroForm 5 0 R
+ /Pages 2 0 R
+/>>
+endobj
+trailer <<
+ /Root 6 0 R
+>>
\ No newline at end of file
diff --git a/testing/resources/javascript/xfa_specific/bug_1238_2_expected.txt b/testing/resources/javascript/xfa_specific/bug_1238_2_expected.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/testing/resources/javascript/xfa_specific/bug_1238_2_expected.txt
