diff options
author | Ke Liu <stackexploit@gmail.com> | 2018-04-19 04:11:42 +0000 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2018-04-19 04:11:42 +0000 |
commit | f24afac5e17e10f70336912ff85d8cb9c783f8a8 (patch) | |
tree | e5d2d58fa249f67ba984007ac09c5b14f9021e06 /core/fxcrt | |
parent | e06880f8eb984a48921f0560bd7ab4e055da432d (diff) | |
download | pdfium-f24afac5e17e10f70336912ff85d8cb9c783f8a8.tar.xz |
Fix UAF in CFX_XMLElement::Save
Use a ByteString object to store the returned value of
WideString.UTF8Encode() instead of using a ByteStringView object
to store the returned value of WideString.UTF8Encode().AsStringView().
Bug: chromium:834149
Change-Id: I8fa8dd7920140730c0417c188572d7b53e4ffb48
Reviewed-on: https://pdfium-review.googlesource.com/30890
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
Diffstat (limited to 'core/fxcrt')
-rw-r--r-- | core/fxcrt/xml/cfx_xmlelement.cpp | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/core/fxcrt/xml/cfx_xmlelement.cpp b/core/fxcrt/xml/cfx_xmlelement.cpp index cab15f24c4..5e79da63cf 100644 --- a/core/fxcrt/xml/cfx_xmlelement.cpp +++ b/core/fxcrt/xml/cfx_xmlelement.cpp @@ -97,10 +97,10 @@ void CFX_XMLElement::SetTextData(const WideString& wsText) { } void CFX_XMLElement::Save(const RetainPtr<IFX_SeekableStream>& pXMLStream) { - ByteStringView name_encoded = name_.UTF8Encode().AsStringView(); + ByteString bsNameEncoded = name_.UTF8Encode(); pXMLStream->WriteString("<"); - pXMLStream->WriteString(name_encoded); + pXMLStream->WriteString(bsNameEncoded.AsStringView()); for (auto it : attrs_) { // Note, the space between attributes is added by AttributeToString which @@ -121,7 +121,7 @@ void CFX_XMLElement::Save(const RetainPtr<IFX_SeekableStream>& pXMLStream) { pChild->Save(pXMLStream); } pXMLStream->WriteString("</"); - pXMLStream->WriteString(name_encoded); + pXMLStream->WriteString(bsNameEncoded.AsStringView()); pXMLStream->WriteString(">\n"); } |