Switch declaration order to prevent UAF

This is occuring when the variables go out of scope, due to C++s first in, last out destruction policy. BUG=chromium:808333 Change-Id: I44f37520a22720bc23df4c8a72ff73994c37eea1 Reviewed-on: https://pdfium-review.googlesource.com/31278 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
author: Ryan Harrison <rharrison@chromium.org> 2018-04-24 18:44:29 +0000
committer: Chromium commit bot <commit-bot@chromium.org> 2018-04-24 18:44:29 +0000
commit: 9afcfa46ee07bc22c94d49942f5a61d6a374fd2d (patch)
tree: ed3e030b7fabdfb4ef1182a401652f46c24f1c1f
parent: 6453a67d84dc321a5f28728e04929dc2ff35ff88 (diff)
download: pdfium-9afcfa46ee07bc22c94d49942f5a61d6a374fd2d.tar.xz
1 files changed, 3 insertions, 2 deletions
diff --git a/xfa/fxfa/parser/cxfa_document.cpp b/xfa/fxfa/parser/cxfa_document.cpp
index c3e73e2f19..6860c83376 100644
--- a/xfa/fxfa/parser/cxfa_document.cpp
+++ b/xfa/fxfa/parser/cxfa_document.cpp
@@ -1511,12 +1511,13 @@ void CXFA_Document::DoProtoMerge() {
   }
 
   for (CXFA_Node* pUseHrefNode : sUseNodes) {
+    // Must outlive the WideStringViews below.
+    WideString wsUseVal =
+        pUseHrefNode->JSObject()->GetCData(XFA_Attribute::Usehref);
     WideStringView wsURI;
     WideStringView wsID;
     WideStringView wsSOM;
 
-    WideString wsUseVal =
-        pUseHrefNode->JSObject()->GetCData(XFA_Attribute::Usehref);
     if (!wsUseVal.IsEmpty()) {
       auto uSharpPos = wsUseVal.Find('#');
       if (!uSharpPos.has_value()) {
author	Ryan Harrison <rharrison@chromium.org>	2018-04-24 18:44:29 +0000
committer	Chromium commit bot <commit-bot@chromium.org>	2018-04-24 18:44:29 +0000
commit	9afcfa46ee07bc22c94d49942f5a61d6a374fd2d (patch)
tree	ed3e030b7fabdfb4ef1182a401652f46c24f1c1f
parent	6453a67d84dc321a5f28728e04929dc2ff35ff88 (diff)
download	pdfium-9afcfa46ee07bc22c94d49942f5a61d6a374fd2d.tar.xz