aogufeixue / pdfium

Automatically exported from code.google.com/p/pdfium
0 stars 0 forks source link

Segv above CXFA_Document::DoDataMerge() if no <template> element in XFA doc #89

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
This issue is against the XFA branch.

Program received signal SIGSEGV, Segmentation fault.
0x00000000010b2846 in CXFA_Node::GetNodeItem (this=0x0, 
eItem=XFA_NODEITEM_FirstChild)
    at ../../third_party/pdfium/xfa/src/fxfa/src/parser/xfa_object_imp.cpp:168
168             return m_pChild;
(gdb) where
#0  0x00000000010b2846 in CXFA_Node::GetNodeItem (this=0x0, 
eItem=XFA_NODEITEM_FirstChild)
    at ../../third_party/pdfium/xfa/src/fxfa/src/parser/xfa_object_imp.cpp:168
#1  0x00000000010b436f in CXFA_Node::GetFirstChildByClass (this=0x0, 
eElement=XFA_ELEMENT_Subform)
    at ../../third_party/pdfium/xfa/src/fxfa/src/parser/xfa_object_imp.cpp:4482
#2  0x000000000107ed91 in CXFA_Document::DoDataMerge (this=0x1a19560)
    at ../../third_party/pdfium/xfa/src/fxfa/src/parser/xfa_document_datamerger_imp.cpp:1179
#3  0x0000000001047c4a in CXFA_FFDocView::StartLayout (this=0x1a19440, 
iStartPage=0)
    at ../../third_party/pdfium/xfa/src/fxfa/src/app/xfa_ffdocview.cpp:93
#4  0x00000000010234c0 in CPDFXFA_Document::LoadXFADoc (this=0x1a071c0) at 
../../third_party/pdfium/fpdfsdk/src/fpdfxfa/fpdfxfa_doc.cpp:150
#5  0x00000000004130e5 in FPDF_LoadXFA (document=0x1a071c0) at 
../../third_party/pdfium/fpdfsdk/src/fpdfview.cpp:383
#6  0x000000000040bc43 in RenderPdf (name=0x7fffffffdf26 
"/home/tsepez/xfa.pdf", 
    pBuf=0x1a0a7e0 "%PDF-1.7\n1 0 obj <<\n  /Type /Catalog\n  /Pages 2 0 R\n  /AcroForm 4 0 R\n>>\nendobj\n2 0 obj <<\n  /Type /Pages\n  /Count 1\n>>\nendobj\n4 0 obj <<\n  /XFA [\n    (xdp:xdp) 23 0 R\n    (form) 29 0 R\n    (</xdp:xdp"..., len=525, format=OUTPUT_NONE)
    at ../../third_party/pdfium/samples/pdfium_test.cc:294
#7  0x000000000040c60d in main (argc=2, argv=0x7fffffffdaf8) at 
../../third_party/pdfium/samples/pdfium_test.cc:410

Problem is at /xfa_document_datamerger_imp.cpp:1179
1179            pTemplateChosen = 
pTemplateRoot->GetFirstChildByClass(XFA_ELEMENT_Subform);

where pTemplateRoot is NULL.  There needs to be a NULL check and error return 
to cover this case.

What steps will reproduce the problem?
run pdfium_test against the attached file.

Original issue reported on code.google.com by tsepez@chromium.org on 5 Dec 2014 at 6:44

Attachments:

GoogleCodeExporter commented 9 years ago

Original comment by tsepez@chromium.org on 5 Dec 2014 at 6:45

GoogleCodeExporter commented 9 years ago
Fixed in 
https://pdfium.googlesource.com/pdfium/+/06428d249c139f9082ea8e01e6e91b5990756bd
1

Original comment by bo...@foxitsoftware.com on 6 Dec 2014 at 1:20