Fix a crash inside FPDF_ImportNPagesToOne().
Pages may not always have contents.
BUG=chromium:925981
Change-Id: I992a850013840ac98ac882eaf85e1ab3edbf0d8a
Reviewed-on: https://pdfium-review.googlesource.com/c/49250
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
diff --git a/fpdfsdk/fpdf_ppo.cpp b/fpdfsdk/fpdf_ppo.cpp
index cbbd021..25ac609 100644
--- a/fpdfsdk/fpdf_ppo.cpp
+++ b/fpdfsdk/fpdf_ppo.cpp
@@ -698,6 +698,9 @@
pNewXObjectDict->SetRectFor("BBox", GetCropBox(pSrcPageDict));
// TODO(xlou): add matrix field to pNewXObjectDict.
+ if (!pSrcContentObj)
+ return pNewXObject->GetObjNum();
+
if (const CPDF_Array* pSrcContentArray = ToArray(pSrcContentObj)) {
ByteString bsSrcContentStream;
for (size_t i = 0; i < pSrcContentArray->size(); ++i) {
diff --git a/fpdfsdk/fpdf_ppo_embeddertest.cpp b/fpdfsdk/fpdf_ppo_embeddertest.cpp
index bb503ec..4986d8b 100644
--- a/fpdfsdk/fpdf_ppo_embeddertest.cpp
+++ b/fpdfsdk/fpdf_ppo_embeddertest.cpp
@@ -120,6 +120,13 @@
}
}
+TEST_F(FPDFPPOEmbedderTest, BUG_925981) {
+ ASSERT_TRUE(OpenDocument("bug_925981.pdf"));
+ ScopedFPDFDocument output_doc_2up(
+ FPDF_ImportNPagesToOne(document(), 612, 792, 2, 1));
+ EXPECT_EQ(1, FPDF_GetPageCount(output_doc_2up.get()));
+}
+
TEST_F(FPDFPPOEmbedderTest, BadRepeatViewerPref) {
ASSERT_TRUE(OpenDocument("repeat_viewer_ref.pdf"));
diff --git a/testing/resources/bug_925981.in b/testing/resources/bug_925981.in
new file mode 100644
index 0000000..3d6e37a
--- /dev/null
+++ b/testing/resources/bug_925981.in
@@ -0,0 +1,60 @@
+{{header}}
+{{object 1 0}} <<
+ /Type /Catalog
+ /Pages 2 0 R
+>>
+endobj
+{{object 2 0}} <<
+ /Type /Pages
+ /MediaBox [ 0 0 200 200 ]
+ /Count 2
+ /Kids [ 3 0 R 7 0 R ]
+>>
+endobj
+{{object 3 0}} <<
+ /Type /Page
+ /Parent 2 0 R
+ /Resources <<
+ /Font <<
+ /F1 4 0 R
+ /F2 5 0 R
+ >>
+ >>
+ /Contents 6 0 R
+>>
+endobj
+{{object 4 0}} <<
+ /Type /Font
+ /Subtype /Type1
+ /BaseFont /Times-Roman
+>>
+endobj
+{{object 5 0}} <<
+ /Type /Font
+ /Subtype /Type1
+ /BaseFont /Helvetica
+>>
+endobj
+{{object 6 0}} <<
+{{streamlen}}
+>>
+stream
+BT
+20 50 Td
+/F1 12 Tf
+(Hello, world!) Tj
+0 50 Td
+/F2 16 Tf
+(Goodbye, world!) Tj
+ET
+endstream
+endobj
+{{object 7 0}} <<
+ /Type /Page
+ /Parent 2 0 R
+>>
+endobj
+{{xref}}
+{{trailer}}
+{{startxref}}
+%%EOF
diff --git a/testing/resources/bug_925981.pdf b/testing/resources/bug_925981.pdf
new file mode 100644
index 0000000..8d856e1
--- /dev/null
+++ b/testing/resources/bug_925981.pdf
@@ -0,0 +1,74 @@
+%PDF-1.7
+% ò¤ô
+1 0 obj <<
+ /Type /Catalog
+ /Pages 2 0 R
+>>
+endobj
+2 0 obj <<
+ /Type /Pages
+ /MediaBox [ 0 0 200 200 ]
+ /Count 2
+ /Kids [ 3 0 R 7 0 R ]
+>>
+endobj
+3 0 obj <<
+ /Type /Page
+ /Parent 2 0 R
+ /Resources <<
+ /Font <<
+ /F1 4 0 R
+ /F2 5 0 R
+ >>
+ >>
+ /Contents 6 0 R
+>>
+endobj
+4 0 obj <<
+ /Type /Font
+ /Subtype /Type1
+ /BaseFont /Times-Roman
+>>
+endobj
+5 0 obj <<
+ /Type /Font
+ /Subtype /Type1
+ /BaseFont /Helvetica
+>>
+endobj
+6 0 obj <<
+/Length 83
+>>
+stream
+BT
+20 50 Td
+/F1 12 Tf
+(Hello, world!) Tj
+0 50 Td
+/F2 16 Tf
+(Goodbye, world!) Tj
+ET
+endstream
+endobj
+7 0 obj <<
+ /Type /Page
+ /Parent 2 0 R
+>>
+endobj
+xref
+0 8
+0000000000 65535 f
+0000000015 00000 n
+0000000068 00000 n
+0000000167 00000 n
+0000000309 00000 n
+0000000387 00000 n
+0000000463 00000 n
+0000000595 00000 n
+trailer <<
+ /Root 1 0 R
+ /Size 8
+>>
+startxref
+646
+%%EOF
