diff options
author | Ryan Harrison <rharrison@chromium.org> | 2018-04-24 18:44:29 +0000 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2018-04-24 18:44:29 +0000 |
commit | 9afcfa46ee07bc22c94d49942f5a61d6a374fd2d (patch) | |
tree | ed3e030b7fabdfb4ef1182a401652f46c24f1c1f /xfa/fxfa | |
parent | 6453a67d84dc321a5f28728e04929dc2ff35ff88 (diff) | |
download | pdfium-9afcfa46ee07bc22c94d49942f5a61d6a374fd2d.tar.xz |
Switch declaration order to prevent UAF
This is occuring when the variables go out of scope, due to C++s first
in, last out destruction policy.
BUG=chromium:808333
Change-Id: I44f37520a22720bc23df4c8a72ff73994c37eea1
Reviewed-on: https://pdfium-review.googlesource.com/31278
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Diffstat (limited to 'xfa/fxfa')
-rw-r--r-- | xfa/fxfa/parser/cxfa_document.cpp | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/xfa/fxfa/parser/cxfa_document.cpp b/xfa/fxfa/parser/cxfa_document.cpp index c3e73e2f19..6860c83376 100644 --- a/xfa/fxfa/parser/cxfa_document.cpp +++ b/xfa/fxfa/parser/cxfa_document.cpp @@ -1511,12 +1511,13 @@ void CXFA_Document::DoProtoMerge() { } for (CXFA_Node* pUseHrefNode : sUseNodes) { + // Must outlive the WideStringViews below. + WideString wsUseVal = + pUseHrefNode->JSObject()->GetCData(XFA_Attribute::Usehref); WideStringView wsURI; WideStringView wsID; WideStringView wsSOM; - WideString wsUseVal = - pUseHrefNode->JSObject()->GetCData(XFA_Attribute::Usehref); if (!wsUseVal.IsEmpty()) { auto uSharpPos = wsUseVal.Find('#'); if (!uSharpPos.has_value()) { |