Fix segv in CXFA_LayoutPageMgr::ProcessLastPageSet().
Also fix another loop where the same condition could occur. The bodies
of these loops are essentially no-ops because of null checks in all
the called methods until the pPageSet->GetParent() trips the segv.
Then remove superfluous null check from CreateMinPageSetRecord(), since
all callers are now checking.
Bug: pdfium:1316
Change-Id: I8c620372bae6e0c90daa984ba44fc305c96eb3b3
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/65590
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
diff --git a/xfa/fxfa/layout/cxfa_viewlayoutprocessor.cpp b/xfa/fxfa/layout/cxfa_viewlayoutprocessor.cpp
index 108bc00..bd02dc4 100644
--- a/xfa/fxfa/layout/cxfa_viewlayoutprocessor.cpp
+++ b/xfa/fxfa/layout/cxfa_viewlayoutprocessor.cpp
@@ -1350,7 +1350,7 @@
}
CXFA_Node* pPageSet = m_pCurPageArea->GetParent();
- while (true) {
+ while (pPageSet) {
if (FindPageAreaFromPageSet(pPageSet, nullptr, pTargetPageArea,
pTargetContentArea, bNewPage, bQuery)) {
return m_pCurPageArea;
@@ -1454,9 +1454,6 @@
void CXFA_ViewLayoutProcessor::CreateMinPageSetRecord(CXFA_Node* pPageSet,
bool bCreateAll) {
- if (!pPageSet)
- return;
-
auto it = m_pPageSetMap.find(pPageSet);
if (it == m_pPageSetMap.end())
return;
@@ -1507,7 +1504,7 @@
CreateMinPageRecord(m_pCurPageArea, false, true);
CreateNextMinRecord(m_pCurPageArea);
CXFA_Node* pPageSet = m_pCurPageArea->GetParent();
- while (true) {
+ while (pPageSet) {
CreateMinPageSetRecord(pPageSet, false);
if (pPageSet == m_pPageSetNode)
break;
