Remove null derefence case caught by fuzzers
This change also removes some variable shadowing that was going on
here.
BUG=chromium:750013
Change-Id: I7314166af3ecd55ea5e1105afbe171443b1b22ae
Reviewed-on: https://pdfium-review.googlesource.com/9630
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
diff --git a/xfa/fxfa/fm2js/cxfa_fmparser.cpp b/xfa/fxfa/fm2js/cxfa_fmparser.cpp
index 150fa5a..4cd9a74 100644
--- a/xfa/fxfa/fm2js/cxfa_fmparser.cpp
+++ b/xfa/fxfa/fm2js/cxfa_fmparser.cpp
@@ -657,9 +657,11 @@
std::vector<std::unique_ptr<CXFA_FMSimpleExpression>> expressions;
if (m_token->m_type != TOKrparen) {
while (m_token->m_type != TOKrparen) {
- if (std::unique_ptr<CXFA_FMSimpleExpression> expr =
- ParseSimpleExpression())
- expressions.push_back(std::move(expr));
+ std::unique_ptr<CXFA_FMSimpleExpression> simple_expr =
+ ParseSimpleExpression();
+ if (!simple_expr)
+ return nullptr;
+ expressions.push_back(std::move(simple_expr));
if (m_token->m_type == TOKcomma) {
if (!NextToken())
return nullptr;
