[Offline Pages] Fix null deref in MHTMLParser.

This was found by ClusterFuzz, see test case in bug.

Bug: 828810
Change-Id: I68e3050023d2475917334c54b5d85b7d20565775
Reviewed-on: https://chromium-review.googlesource.com/995962Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Justin DeWitt <dewittj@chromium.org>
Cr-Commit-Position: refs/heads/master@{#548530}

third_party/WebKit/Source/platform/mhtml/MHTMLParser.cpp

@@ -221,9 +221,11 @@ MHTMLParser::MHTMLParser(scoped_refptr<const SharedBuffer> data)
 HeapVector<Member<ArchiveResource>> MHTMLParser::ParseArchive() {
   MIMEHeader* header = MIMEHeader::ParseHeader(&line_reader_);
   HeapVector<Member<ArchiveResource>> resources;
-  if (!ParseArchiveWithHeader(header, resources))
-    resources.clear();
+  if (ParseArchiveWithHeader(header, resources)) {
     creation_date_ = header->Date();
+  } else {
+    resources.clear();
+  }
   return resources;
 }
 

third_party/WebKit/Source/platform/mhtml/MHTMLParserTest.cpp

@@ -390,7 +390,7 @@ TEST_F(MHTMLParserTest, DateParsing_InvalidDate) {
 }
 
 TEST_F(MHTMLParserTest, DateParsing_ValidDate) {
-  // Missing encoding is treated as binary.
+  // Valid date is used.
   const char mhtml_data[] =
       "From: <Saved by Blink>\r\n"
       "Subject: Test Subject\r\n"
@@ -415,4 +415,14 @@ TEST_F(MHTMLParserTest, DateParsing_ValidDate) {
   EXPECT_EQ(expected_time, creation_time);
 }
 
+TEST_F(MHTMLParserTest, MissingBoundary) {
+  // No "boundary" parameter in the content type header means that parsing will
+  // be a failure and the header will be |nullptr|.
+  const char mhtml_data[] = "Content-Type: multipart/false\r\n";
+
+  HeapVector<Member<ArchiveResource>> resources =
+      ParseArchive(mhtml_data, sizeof(mhtml_data));
+  EXPECT_EQ(0U, resources.size());
+}
+
 }  // namespace blink