Don't leave dangling pointer to out-of-scope local in CPDF_StreamContentParser::Parse.

This is just a bit of defensive programming; I'm not sure the situation can
occur in the current code, but the following code is likely to set off a red
flag to anyone who reads it:
    CPDF_StreamParser syntax(pData, dwSize);
    m_pSyntax = &syntax;
since the extent of the local |syntax| is far less than the pointer member
|m_pSyntax|.  NULL it out before syntax goes out of scope.

R=jun_fang@foxitsoftware.com

Review URL: https://codereview.chromium.org/652063002

1 files changed, 11 insertions, 1 deletions

diff --git a/core/src/fpdfapi/fpdf_page/fpdf_page_parser_old.cpp b/core/src/fpdfapi/fpdf_page/fpdf_page_parser_old.cpp
index 85cf034c1f..bb29595721 100644
--- a/core/src/fpdfapi/fpdf_page/fpdf_page_parser_old.cpp
+++ b/core/src/fpdfapi/fpdf_page/fpdf_page_parser_old.cpp
@@ -31,6 +31,16 @@ FX_BOOL _PDF_HasInvalidOpChar(FX_LPCSTR op)
     }
     return FALSE;
 }
+class CPDF_StreamParserAutoClearer {
+  public:
+    CPDF_StreamParserAutoClearer(CPDF_StreamParser** scoped_variable, CPDF_StreamParser* new_parser)
+            : scoped_variable_(scoped_variable) {
+        *scoped_variable_ = new_parser;
+    }
+    ~CPDF_StreamParserAutoClearer() { *scoped_variable_ = NULL; }
+  private:
+    CPDF_StreamParser** scoped_variable_;
+};
 FX_DWORD CPDF_StreamContentParser::Parse(FX_LPCBYTE pData, FX_DWORD dwSize, FX_DWORD max_cost)
 {
     if (m_Level > _FPDF_MAX_FORM_LEVEL_) {
@@ -38,7 +48,7 @@ FX_DWORD CPDF_StreamContentParser::Parse(FX_LPCBYTE pData, FX_DWORD dwSize, FX_D
     }
     FX_DWORD InitObjCount = m_pObjectList->CountObjects();
     CPDF_StreamParser syntax(pData, dwSize);
-    m_pSyntax = &syntax;
+    CPDF_StreamParserAutoClearer auto_clearer(&m_pSyntax, &syntax);
     m_CompatCount = 0;
     while (1) {
         FX_DWORD cost = m_pObjectList->CountObjects() - InitObjCount;