3 files changed, 8 insertions, 0 deletions

diff --git a/core/fpdfapi/parser/cpdf_crypto_handler.cpp b/core/fpdfapi/parser/cpdf_crypto_handler.cpp
index ef84480c23..74428ba6a8 100644
--- a/core/fpdfapi/parser/cpdf_crypto_handler.cpp
+++ b/core/fpdfapi/parser/cpdf_crypto_handler.cpp
@@ -297,6 +297,10 @@ bool CPDF_CryptoHandler::Init(int cipher, const uint8_t* key, int keylen) {
   return true;
 }
 
+bool CPDF_CryptoHandler::IsCipherAES() const {
+  return m_Cipher == FXCIPHER_AES;
+}
+
 bool CPDF_CryptoHandler::DecryptStream(void* context,
                                        const uint8_t* src_buf,
                                        uint32_t src_size,
diff --git a/core/fpdfapi/parser/cpdf_crypto_handler.h b/core/fpdfapi/parser/cpdf_crypto_handler.h
index 14a5743d15..adf0c6c680 100644
--- a/core/fpdfapi/parser/cpdf_crypto_handler.h
+++ b/core/fpdfapi/parser/cpdf_crypto_handler.h
@@ -48,6 +48,7 @@ class CPDF_CryptoHandler : public CFX_Retainable {
                       uint32_t& dest_size);
 
   bool Init(int cipher, const uint8_t* key, int keylen);
+  bool IsCipherAES() const;
 
  private:
   CPDF_CryptoHandler();
diff --git a/core/fpdfapi/parser/cpdf_syntax_parser.cpp b/core/fpdfapi/parser/cpdf_syntax_parser.cpp
index 4a7810fc43..779bf81e0f 100644
--- a/core/fpdfapi/parser/cpdf_syntax_parser.cpp
+++ b/core/fpdfapi/parser/cpdf_syntax_parser.cpp
@@ -690,6 +690,9 @@ std::unique_ptr<CPDF_Stream> CPDF_SyntaxParser::ReadStream(
 
   std::unique_ptr<uint8_t, FxFreeDeleter> pData;
   if (len > 0) {
+    if (pCryptoHandler && pCryptoHandler->IsCipherAES() && len < 16)
+      return nullptr;
+
     pData.reset(FX_Alloc(uint8_t, len));
     ReadBlock(pData.get(), len);
     if (pCryptoHandler) {