Fix null deref in cxfa_itemlayoutprocessor.cpp
No reason to believe the template always has a child of
any particular class.
Bug: chromium:913569
Change-Id: Ib4702b32d55e8e0f6b9afba9cfe34fe32156d681
Reviewed-on: https://pdfium-review.googlesource.com/c/47030
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
diff --git a/xfa/fxfa/parser/cxfa_itemlayoutprocessor.cpp b/xfa/fxfa/parser/cxfa_itemlayoutprocessor.cpp
index b0b6800..a579c13 100644
--- a/xfa/fxfa/parser/cxfa_itemlayoutprocessor.cpp
+++ b/xfa/fxfa/parser/cxfa_itemlayoutprocessor.cpp
@@ -2296,8 +2296,12 @@
if (!pTemplate)
pTemplate = pFormNode;
- int32_t iMax =
- pTemplate->GetFirstChildByClass<CXFA_Occur>(XFA_Element::Occur)->GetMax();
+ auto* pOccur =
+ pTemplate->GetFirstChildByClass<CXFA_Occur>(XFA_Element::Occur);
+ if (!pOccur)
+ return false;
+
+ int32_t iMax = pOccur->GetMax();
if (iMax < 0)
return true;
