Google Git
Sign in
pdfium/pdfium/4f38edb^!/.
commit
4f38edb402226948b637b99de8a6a123bdef20c7
[log]
author
Jun Fang <jun_fang@foxitsoftware.com>
Mon Aug 18 11:27:20 2014 -0700
committer
Jun Fang <jun_fang@foxitsoftware.com>
Mon Aug 18 11:27:20 2014 -0700
tree
9b7d86196603424f12dd7bbe79841ee4766eed38
parent
635e82ec20b3d5ffcb24f9a1b1be9f1f24d8a3f4 [diff]
Add a null pointer check before getting the family name of the given color space in CPDF_ColorSpace::Load

The test file defines a wrong color space object (7 0 obj). In the content of 7 0 obj,
the reserved obj (0 0 R) is used. The process of loading color space returns NULL when
the reserved obj (0 0 R) is found. For the error color space, it only needs to return
NULL when an error is detected.

BUG=403032
R=tsepez@chromium.org

Review URL: https://codereview.chromium.org/477413002

diff --git a/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp b/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp
index da48093..1b4e7b8 100644
--- a/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp
+++ b/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp

@@ -1088,7 +1088,11 @@
     if (pArray->GetCount() == 0) {
         return NULL;
     }
-    CFX_ByteString familyname = pArray->GetElementValue(0)->GetString();
+    CPDF_Object *pFamilyObj = pArray->GetElementValue(0);
+    if (!pFamilyObj) {
+        return NULL;
+    }
+    CFX_ByteString familyname = pFamilyObj->GetString();
     if (pArray->GetCount() == 1) {
         return _CSFromName(familyname);
     }