[Backport] CVE-2020-6398 - Uninitialized use in PDFium

Manual backport of patch originally reviewed on
https://pdfium-review.googlesource.com/c/pdfium/+/63933:
M80: Avoid regenerating revision 5 and 6 encryption dictionaries.

Unlike revision 2 and 3, revision 5 and 6 encryption is not tied to the
document ID in the trailer. Thus regenerating the encryption dictionary
when the ID changes is completely unnecessary. Avoid doing this.

Unlike https://pdfium-review.googlesource.com/c/pdfium/+/63933, this
merge CL does not include the tests.

Bug: chromium:1032090
Change-Id: I7f855cd31968f28668c0cf0ded8286d17fc990ad
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>

1 files changed, 3 insertions, 1 deletions

diff --git a/chromium/third_party/pdfium/core/fpdfapi/edit/cpdf_creator.cpp b/chromium/third_party/pdfium/core/fpdfapi/edit/cpdf_creator.cpp
index 11c0f2d089b..9706f0b3908 100644
--- a/chromium/third_party/pdfium/core/fpdfapi/edit/cpdf_creator.cpp
+++ b/chromium/third_party/pdfium/core/fpdfapi/edit/cpdf_creator.cpp
@@ -617,7 +617,9 @@ void CPDF_Creator::InitID() {
   m_pIDArray->Add(m_pIDArray->GetObjectAt(0)->Clone());
   if (m_pEncryptDict) {
     ASSERT(m_pParser);
-    if (m_pEncryptDict->GetStringFor("Filter") == "Standard") {
+    int revision = m_pEncryptDict->GetIntegerFor("R");
+    if ((revision == 2 || revision == 3) &&
+        m_pEncryptDict->GetStringFor("Filter") == "Standard") {
       m_pNewEncryptDict = ToDictionary(m_pEncryptDict->Clone());
       m_pEncryptDict = m_pNewEncryptDict.Get();
       m_pSecurityHandler = pdfium::MakeRetain<CPDF_SecurityHandler>();