summaryrefslogtreecommitdiff
path: root/core
diff options
context:
space:
mode:
authorTom Sepez <tsepez@chromium.org>2017-05-26 09:37:01 -0700
committerChromium commit bot <commit-bot@chromium.org>2017-05-26 18:29:46 +0000
commit741c362fb75fd8acd2ed2059c6e3e716a63a7ac8 (patch)
treeb97aa74db40168128b7ec64f9fa2ef5191e7eb4a /core
parentd9281818c09a628668202558fbd1b79f39a98e4c (diff)
downloadpdfium-741c362fb75fd8acd2ed2059c6e3e716a63a7ac8.tar.xz
Avoid dangling encrypt dict pointer in CPDF_Parser
CPDF_Parser::StartParse should release the current encrypt dict before trashing it by calling RebuildCrossRef() at cpdf_parser.cpp:195. This gives rise to the pattern that calls to ReleaseEncryptHandler() are followed by SetEncryptDict(nullptr), so just move the later into the former. Bug: 726503 Change-Id: I38bc81f0c0416812035a8a2541c09e875f1fb49a Reviewed-on: https://pdfium-review.googlesource.com/6030 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
Diffstat (limited to 'core')
-rw-r--r--core/fpdfapi/parser/cpdf_parser.cpp4
1 files changed, 1 insertions, 3 deletions
diff --git a/core/fpdfapi/parser/cpdf_parser.cpp b/core/fpdfapi/parser/cpdf_parser.cpp
index bf8bc7b542..01c3b8ccd1 100644
--- a/core/fpdfapi/parser/cpdf_parser.cpp
+++ b/core/fpdfapi/parser/cpdf_parser.cpp
@@ -63,7 +63,6 @@ CPDF_Parser::CPDF_Parser()
CPDF_Parser::~CPDF_Parser() {
ReleaseEncryptHandler();
- SetEncryptDictionary(nullptr);
}
uint32_t CPDF_Parser::GetLastObjNum() const {
@@ -222,8 +221,6 @@ CPDF_Parser::Error CPDF_Parser::StartParse(
}
CPDF_Parser::Error CPDF_Parser::SetEncryptHandler() {
ReleaseEncryptHandler();
- SetEncryptDictionary(nullptr);
-
if (!m_pTrailer)
return FORMAT_ERROR;
@@ -260,6 +257,7 @@ CPDF_Parser::Error CPDF_Parser::SetEncryptHandler() {
void CPDF_Parser::ReleaseEncryptHandler() {
m_pSyntax->m_pCryptoHandler.Reset();
m_pSecurityHandler.reset();
+ SetEncryptDictionary(nullptr);
}
FX_FILESIZE CPDF_Parser::GetObjectOffset(uint32_t objnum) const {