From 23c93ef6e3b9a289cdcece487b314325a21b28ff Mon Sep 17 00:00:00 2001
From: Tom Sepez <tsepez@chromium.org>
Date: Tue, 18 Jul 2017 16:10:39 -0700
Subject: Avoid unterminated string segment in cfx_saxreaderhandler.cpp

Use the overloaded << operator, which takes length into account
for StringC types, rather than a raw ptr (which gets promoted into
a std::string resulting in a length call that overflows since
StringCs aren't necessarily nul-terminated).

Bug: 746073
Change-Id: Iffbbff53e12da8741acc7ce54000232cc66d83bc
Reviewed-on: https://pdfium-review.googlesource.com/8150
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
---
 core/fxcrt/xml/cfx_saxreaderhandler.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/fxcrt/xml/cfx_saxreaderhandler.cpp b/core/fxcrt/xml/cfx_saxreaderhandler.cpp
index 9967f3eea8..f1e0c7ad94 100644
--- a/core/fxcrt/xml/cfx_saxreaderhandler.cpp
+++ b/core/fxcrt/xml/cfx_saxreaderhandler.cpp
@@ -30,7 +30,7 @@ CFX_SAXContext* CFX_SAXReaderHandler::OnTagEnter(
   if (eType == CFX_SAXItem::Type::Instruction)
     m_SAXContext.m_TextBuf << "?";
 
-  m_SAXContext.m_TextBuf << bsTagName.c_str();
+  m_SAXContext.m_TextBuf << bsTagName;
   m_SAXContext.m_bsTagName = bsTagName;
   return &m_SAXContext;
 }
-- 
cgit v1.2.3