From 527afcaa0744472d7ad2ef84ce79ab34a036ad85 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Simon=20B=C3=BCnzli?= <zeniko@gmail.com>
Date: Wed, 4 Sep 2013 14:04:39 +0200
Subject: Bug 694567: prevent double-free in pdf_open_raw_filter

If opening a filter in pdf_open_crypt throws, the stream is closed in
the used fz_open_* method and thus mustn't be closed again.
---
 source/pdf/pdf-stream.c | 14 +++-----------
 1 file changed, 3 insertions(+), 11 deletions(-)

(limited to 'source/pdf/pdf-stream.c')

diff --git a/source/pdf/pdf-stream.c b/source/pdf/pdf-stream.c
index a46cdcc7..88a7559f 100644
--- a/source/pdf/pdf-stream.c
+++ b/source/pdf/pdf-stream.c
@@ -244,17 +244,9 @@ pdf_open_raw_filter(fz_stream *chain, pdf_document *doc, pdf_obj *stmobj, int nu
 	len = pdf_to_int(pdf_dict_gets(stmobj, "Length"));
 	chain = fz_open_null(chain, len, offset);
 
-	fz_try(ctx)
-	{
-		hascrypt = pdf_stream_has_crypt(ctx, stmobj);
-		if (doc->crypt && !hascrypt)
-			chain = pdf_open_crypt(chain, doc->crypt, orig_num, orig_gen);
-	}
-	fz_catch(ctx)
-	{
-		fz_close(chain);
-		fz_rethrow(ctx);
-	}
+	hascrypt = pdf_stream_has_crypt(ctx, stmobj);
+	if (doc->crypt && !hascrypt)
+		chain = pdf_open_crypt(chain, doc->crypt, orig_num, orig_gen);
 
 	return chain;
 }
-- 
cgit v1.2.3