Avoid out of bounds access inside CFXJSE_ResolveProcessor::GetFilter(). Check for |nNameCount| == 0 before accessing the |nNameCount| - 1 index. BUG=pdfium:1216 Change-Id: I1ac5d8ba6e1c66119a60a3be39cd0b261ed53638 Reviewed-on: https://pdfium-review.googlesource.com/c/47910 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>

commit: a786a332ef242300a8a7e095eeb66e65a06c757a [log] [tgz]
author: Lei Zhang <thestig@chromium.org> Tue Jan 08 22:38:52 2019 +0000
committer: Chromium commit bot <commit-bot@chromium.org> Tue Jan 08 22:38:52 2019 +0000
tree: b19e2b2df642fb7928c76b33866918545b4bef9f
parent: 45531b950b6a04a7bcae12431ccfebec9aec77d6 [diff]
diff --git a/fxjs/xfa/cfxjse_resolveprocessor.cpp b/fxjs/xfa/cfxjse_resolveprocessor.cpp
index 64a3fbd..5a8e69a 100644
--- a/fxjs/xfa/cfxjse_resolveprocessor.cpp
+++ b/fxjs/xfa/cfxjse_resolveprocessor.cpp

@@ -512,14 +512,14 @@
     while (nStart < iLength) {
       wCur = pSrc[nStart++];
       if (wCur == '.') {
-        if (wPrev == '\\') {
-          pNameBuf[nNameCount - 1] = wPrev = '.';
-          continue;
-        }
         if (nNameCount == 0) {
           rnd.m_dwStyles |= XFA_RESOLVENODE_AnyChild;
           continue;
         }
+        if (wPrev == '\\') {
+          pNameBuf[nNameCount - 1] = wPrev = '.';
+          continue;
+        }
 
         wchar_t wLookahead = nStart < iLength ? pSrc[nStart] : 0;
         if (wLookahead != '[' && wLookahead != '(' && nType < 0)
commit	a786a332ef242300a8a7e095eeb66e65a06c757a	[log] [tgz]
author	Lei Zhang <thestig@chromium.org>	Tue Jan 08 22:38:52 2019 +0000
committer	Chromium commit bot <commit-bot@chromium.org>	Tue Jan 08 22:38:52 2019 +0000
tree	b19e2b2df642fb7928c76b33866918545b4bef9f
parent	45531b950b6a04a7bcae12431ccfebec9aec77d6 [diff]