Check object type for objects used in the dictory of 'Index'

core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp

Index: core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
diff --git a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
index 1b62b06749c5d92224e9d484b703b8d985c957eb..3a782625b6571a82dc3b0204d1fc333d3f0436ff 100644
--- a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
+++ b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
@@ -1034,9 +1034,12 @@ FX_BOOL CPDF_Parser::LoadCrossRefV5(FX_FILESIZE pos, FX_FILESIZE& prev, FX_BOOL
         nSegs = 1;
     } else {
         for (FX_DWORD i = 0; i < pArray->GetCount(); i ++) {
-            IndexArray.Add(pArray->GetInteger(i));
+            CPDF_Object* pObj = pArray->GetElement(i);
+            if (pObj && (pObj->GetType() == PDFOBJ_NUMBER)) {

[Tom Sepez, 2014/09/08 17:56:18]

nit: no need for inner parenthesis here.

[jun_fang, 2014/09/09 18:51:25]

For fuzz tests, elements in the index array can be names or any chars other than
numbers. The element shall be a number according to PDF standard. I will add a
check to break the loop when a non number is detected.

+                IndexArray.Add(pObj->GetInteger());
+            }

[Tom Sepez, 2014/09/08 17:56:18]

This looks like one of those arrays which needs to have an even number of
elements, because it track pairs, where the even elements mean one thing and the
odd elements mean another.

Ideally, this would be an array of std::pair<int,int> so as to make the meaning
obvious and avoid the possibility of an odd number of elts.  But let's not
change this now.  Instead we need to ensure we don't mess up the ordering here
by sticking in a single element.

Maybe the easiest way to do this it to iterate i += 2 in the for loop, and
process element i and i + i in the body, not inserting either unless both are
good.

         }
-        nSegs = pArray->GetCount() / 2;
+        nSegs = IndexArray.GetSize() / 2;
     }

[Tom Sepez, 2014/09/08 17:56:18]

nit: I worry about a change down the road where IndexArray might have previous
elements in it before we hit the loop above.  Maybe we want to count the number
of pair insertions above.

     pArray = pStream->GetDict()->GetArray(FX_BSTRC("W"));
     if (pArray == NULL) {