Fix more bugs found by /analyze tool

Three more bugs are discovered:
-- potientially used freed pointer;
-- potientially used uninitialized variable;
-- Used '&&' instead of bitwise operator '&'

BUG=chromium:613623, chromium:427616

Review-Url: https://codereview.chromium.org/2040503002

3 files changed, 15 insertions, 31 deletions

diff --git a/core/fpdfapi/fpdf_parser/cpdf_stream_acc.cpp b/core/fpdfapi/fpdf_parser/cpdf_stream_acc.cpp
index afac3ebf6f..81144919fe 100644
--- a/core/fpdfapi/fpdf_parser/cpdf_stream_acc.cpp
+++ b/core/fpdfapi/fpdf_parser/cpdf_stream_acc.cpp
@@ -42,55 +42,40 @@ void CPDF_StreamAcc::LoadAllData(const CPDF_Stream* pStream,
   } else {
     pSrcData = pStream->GetRawData();
   }
-  uint8_t* pDecryptedData = pSrcData;
-  uint32_t dwDecryptedSize = dwSrcSize;
   if (!pStream->GetDict()->KeyExist("Filter") || bRawAccess) {
-    m_pData = pDecryptedData;
-    m_dwSize = dwDecryptedSize;
+    m_pData = pSrcData;
+    m_dwSize = dwSrcSize;
   } else {
-    FX_BOOL bRet = PDF_DataDecode(
-        pDecryptedData, dwDecryptedSize, m_pStream->GetDict(), m_pData,
-        m_dwSize, m_ImageDecoder, m_pImageParam, estimated_size, bImageAcc);
+    FX_BOOL bRet = PDF_DataDecode(pSrcData, dwSrcSize, m_pStream->GetDict(),
+                                  m_pData, m_dwSize, m_ImageDecoder,
+                                  m_pImageParam, estimated_size, bImageAcc);
     if (!bRet) {
-      m_pData = pDecryptedData;
-      m_dwSize = dwDecryptedSize;
+      m_pData = pSrcData;
+      m_dwSize = dwSrcSize;
     }
   }
-  if (pSrcData != pStream->GetRawData() && pSrcData != m_pData) {
+  if (pSrcData != pStream->GetRawData() && pSrcData != m_pData)
     FX_Free(pSrcData);
-  }
-  if (pDecryptedData != pSrcData && pDecryptedData != m_pData) {
-    FX_Free(pDecryptedData);
-  }
   m_pSrcData = nullptr;
   m_bNewBuf = m_pData != pStream->GetRawData();
 }
 
 CPDF_StreamAcc::~CPDF_StreamAcc() {
-  if (m_bNewBuf) {
+  if (m_bNewBuf)
     FX_Free(m_pData);
-  }
   FX_Free(m_pSrcData);
 }
 
 const uint8_t* CPDF_StreamAcc::GetData() const {
-  if (m_bNewBuf) {
+  if (m_bNewBuf)
     return m_pData;
-  }
-  if (!m_pStream) {
-    return nullptr;
-  }
-  return m_pStream->GetRawData();
+  return m_pStream ? m_pStream->GetRawData() : nullptr;
 }
 
 uint32_t CPDF_StreamAcc::GetSize() const {
-  if (m_bNewBuf) {
+  if (m_bNewBuf)
     return m_dwSize;
-  }
-  if (!m_pStream) {
-    return 0;
-  }
-  return m_pStream->GetRawSize();
+  return m_pStream ? m_pStream->GetRawSize() : 0;
 }
 
 uint8_t* CPDF_StreamAcc::DetachData() {
diff --git a/xfa/fwl/core/cfwl_widgetmgr.cpp b/xfa/fwl/core/cfwl_widgetmgr.cpp
index 90d621477a..78d8206369 100644
--- a/xfa/fwl/core/cfwl_widgetmgr.cpp
+++ b/xfa/fwl/core/cfwl_widgetmgr.cpp
@@ -768,8 +768,7 @@ FX_BOOL CFWL_WidgetMgrDelegate::IsNeedRepaint(IFWL_Widget* pWidget,
   FX_BOOL bOrginPtIntersectWidthDirty =
       rtDirty.Contains(rtWidget.left, rtWidget.top);
   static FWL_NEEDREPAINTHITDATA hitPoint[kNeedRepaintHitPoints];
-  int32_t iSize = sizeof(FWL_NEEDREPAINTHITDATA);
-  FXSYS_memset(hitPoint, 0, iSize);
+  FXSYS_memset(hitPoint, 0, sizeof(hitPoint));
   FX_FLOAT fxPiece = rtWidget.width / kNeedRepaintHitPiece;
   FX_FLOAT fyPiece = rtWidget.height / kNeedRepaintHitPiece;
   hitPoint[2].hitPoint.x = hitPoint[6].hitPoint.x = rtWidget.left;
diff --git a/xfa/fxfa/app/xfa_ffchoicelist.cpp b/xfa/fxfa/app/xfa_ffchoicelist.cpp
index 51d693fa35..4258eef29b 100644
--- a/xfa/fxfa/app/xfa_ffchoicelist.cpp
+++ b/xfa/fxfa/app/xfa_ffchoicelist.cpp
@@ -91,7 +91,7 @@ FX_BOOL CXFA_FFListBox::IsDataChanged() {
 
   for (int32_t i = 0; i < iSels; ++i) {
     IFWL_ListItem* hlistItem = pListBox->GetItem(iSelArray[i]);
-    if (!(pListBox->GetItemStates(hlistItem) && FWL_ITEMSTATE_LTB_Selected))
+    if (!(pListBox->GetItemStates(hlistItem) & FWL_ITEMSTATE_LTB_Selected))
       return TRUE;
   }
   return FALSE;