From 741c362fb75fd8acd2ed2059c6e3e716a63a7ac8 Mon Sep 17 00:00:00 2001
From: Tom Sepez <tsepez@chromium.org>
Date: Fri, 26 May 2017 09:37:01 -0700
Subject: Avoid dangling encrypt dict pointer in CPDF_Parser

CPDF_Parser::StartParse should release the current encrypt dict
before trashing it by calling RebuildCrossRef() at cpdf_parser.cpp:195.
This gives rise to the pattern that calls to ReleaseEncryptHandler()
are followed by SetEncryptDict(nullptr), so just move the later into
the former.

Bug: 726503
Change-Id: I38bc81f0c0416812035a8a2541c09e875f1fb49a
Reviewed-on: https://pdfium-review.googlesource.com/6030
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
---
 core/fpdfapi/parser/cpdf_parser.cpp | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/core/fpdfapi/parser/cpdf_parser.cpp b/core/fpdfapi/parser/cpdf_parser.cpp
index bf8bc7b542..01c3b8ccd1 100644
--- a/core/fpdfapi/parser/cpdf_parser.cpp
+++ b/core/fpdfapi/parser/cpdf_parser.cpp
@@ -63,7 +63,6 @@ CPDF_Parser::CPDF_Parser()
 
 CPDF_Parser::~CPDF_Parser() {
   ReleaseEncryptHandler();
-  SetEncryptDictionary(nullptr);
 }
 
 uint32_t CPDF_Parser::GetLastObjNum() const {
@@ -222,8 +221,6 @@ CPDF_Parser::Error CPDF_Parser::StartParse(
 }
 CPDF_Parser::Error CPDF_Parser::SetEncryptHandler() {
   ReleaseEncryptHandler();
-  SetEncryptDictionary(nullptr);
-
   if (!m_pTrailer)
     return FORMAT_ERROR;
 
@@ -260,6 +257,7 @@ CPDF_Parser::Error CPDF_Parser::SetEncryptHandler() {
 void CPDF_Parser::ReleaseEncryptHandler() {
   m_pSyntax->m_pCryptoHandler.Reset();
   m_pSecurityHandler.reset();
+  SetEncryptDictionary(nullptr);
 }
 
 FX_FILESIZE CPDF_Parser::GetObjectOffset(uint32_t objnum) const {
-- 
cgit v1.2.3