From 1eaf00320b158012da9248c4df11243b955d719f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Rozsypal?=
 <33589083+rqu@users.noreply.github.com>
Date: Tue, 29 Dec 2020 08:10:36 +0100
Subject: [PATCH] Fix use-after-free in isolate_sandbox.cpp

---
 src/sandbox/isolate_sandbox.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/sandbox/isolate_sandbox.cpp b/src/sandbox/isolate_sandbox.cpp
index 1c23893d..7f69fcce 100644
--- a/src/sandbox/isolate_sandbox.cpp
+++ b/src/sandbox/isolate_sandbox.cpp
@@ -165,7 +165,7 @@ void isolate_sandbox::isolate_init_child(int fd_0, int fd_1)
 
 	args[0] = isolate_binary_.c_str();
 	args[1] = "--cg";
-	args[2] = ("--box-id=" + std::to_string(id_)).c_str();
+	args[2] = strdup(("--box-id=" + std::to_string(id_)).c_str());
 	args[3] = "--init";
 	args[4] = NULL;
 
@@ -198,7 +198,7 @@ void isolate_sandbox::isolate_cleanup()
 		const char *args[5];
 		args[0] = isolate_binary_.c_str();
 		args[1] = "--cg";
-		args[2] = ("--box-id=" + std::to_string(id_)).c_str();
+		args[2] = strdup(("--box-id=" + std::to_string(id_)).c_str());
 		args[3] = "--cleanup";
 		args[4] = NULL;
 		// const_cast is ugly, but this is working with C code - execv does not modify its arguments