Google Git
Sign in
pdfium / pdfium.git / 5e575006797aa94c42113be9f9196161690ffd5f^! / .
commit5e575006797aa94c42113be9f9196161690ffd5f[log] [tgz]
authorLei Zhang <thestig@chromium.org>Tue Feb 25 13:50:35 2020 +0000
committerChromium commit bot <commit-bot@chromium.org>Tue Feb 25 13:50:35 2020 +0000
treee44013c5b8f21cdea0f662e8a7bcc5bb1b09732c
parent28b5823807a6baecf855d073946f369e095da081 [diff]
Avoid nullptr deference in CPDFSDK_PageView::GetAnnotByXFAWidget().

When a CPDFSDK_Annot is not a CPDFXFA_Widget, ToXFAWidget() returns
nullptr. Handle this case. This is the secendary problem for the bug in
question. Other CLs, as noted on the bug, already fixed the main memory
error.

Bug: chromium:949913
Change-Id: I6307b5449b0229ac2550bb2a0930ff24b398c98e
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/66910
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>

diff --git a/fpdfsdk/cpdfsdk_pageview.cpp b/fpdfsdk/cpdfsdk_pageview.cpp
index b32fbea..45b3ffa 100644
--- a/fpdfsdk/cpdfsdk_pageview.cpp
+++ b/fpdfsdk/cpdfsdk_pageview.cpp

@@ -183,12 +183,13 @@
 }
 
 #ifdef PDF_ENABLE_XFA
-CPDFSDK_Annot* CPDFSDK_PageView::GetAnnotByXFAWidget(CXFA_FFWidget* hWidget) {
-  if (!hWidget)
+CPDFSDK_Annot* CPDFSDK_PageView::GetAnnotByXFAWidget(CXFA_FFWidget* pWidget) {
+  if (!pWidget)
     return nullptr;
 
   for (CPDFSDK_Annot* pAnnot : m_SDKAnnotArray) {
-    if (ToXFAWidget(pAnnot)->GetXFAFFWidget() == hWidget)
+    CPDFXFA_Widget* pCurrentWidget = ToXFAWidget(pAnnot);
+    if (pCurrentWidget && pCurrentWidget->GetXFAFFWidget() == pWidget)
       return pAnnot;
   }
   return nullptr;

diff --git a/fpdfsdk/cpdfsdk_pageview.h b/fpdfsdk/cpdfsdk_pageview.h
index 9b040db..89adc7d 100644
--- a/fpdfsdk/cpdfsdk_pageview.h
+++ b/fpdfsdk/cpdfsdk_pageview.h

@@ -44,7 +44,7 @@
 #ifdef PDF_ENABLE_XFA
   bool DeleteAnnot(CPDFSDK_Annot* pAnnot);
   CPDFSDK_Annot* AddAnnot(CXFA_FFWidget* pPDFAnnot);
-  CPDFSDK_Annot* GetAnnotByXFAWidget(CXFA_FFWidget* hWidget);
+  CPDFSDK_Annot* GetAnnotByXFAWidget(CXFA_FFWidget* pWidget);
   IPDF_Page* GetXFAPage();
 #endif  // PDF_ENABLE_XFA