commit 98dc8c09f4777f5b8888fda63dd1cca539ee8ab2
author Lei Zhang <thestig@chromium.org> Mon Mar 04 19:40:30 2019 +0000
committer Chromium commit bot <commit-bot@chromium.org> Mon Mar 04 19:40:30 2019 +0000
tree 2b760f5f8d148202919bacce7cfb6728a990afc4
parent 3d9a097a59808882d93de81047a5fb65f0aac1bb

Make FPDFPage_GetAnnot() return nullptr for bad entries.

BUG=pdfium:1255

Change-Id: Ibe1ef349832d20dc1a43bc7ddf7865fa5a6c395a
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/51310
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>

fpdfsdk/fpdf_annot.cpp

diff --git a/fpdfsdk/fpdf_annot.cpp b/fpdfsdk/fpdf_annot.cpp
index 7f3fac3..62b294d 100644
--- a/fpdfsdk/fpdf_annot.cpp
+++ b/fpdfsdk/fpdf_annot.cpp
@@ -269,6 +269,9 @@
     return nullptr;
 
   CPDF_Dictionary* pDict = ToDictionary(pAnnots->GetDirectObjectAt(index));
+  if (!pDict)
+    return nullptr;
+
   auto pNewAnnot = pdfium::MakeUnique<CPDF_AnnotContext>(pDict, pPage);
 
   // Caller takes ownership.

fpdfsdk/fpdf_annot_embeddertest.cpp

diff --git a/fpdfsdk/fpdf_annot_embeddertest.cpp b/fpdfsdk/fpdf_annot_embeddertest.cpp
index 7807684..b43940b 100644
--- a/fpdfsdk/fpdf_annot_embeddertest.cpp
+++ b/fpdfsdk/fpdf_annot_embeddertest.cpp
@@ -72,11 +72,7 @@
   ASSERT_TRUE(page);
 
   EXPECT_EQ(1, FPDFPage_GetAnnotCount(page));
-  {
-    ScopedFPDFAnnotation annot(FPDFPage_GetAnnot(page, 0));
-    ASSERT_TRUE(annot);
-    EXPECT_EQ(-1, FPDFPage_GetAnnotIndex(page, annot.get()));
-  }
+  EXPECT_FALSE(FPDFPage_GetAnnot(page, 0));
 
   UnloadPage(page);
 }