QgsXmlUtils::readFlagAttribute(): fix use-after-free

rouault · rouault · commit f5d2d8586066 · 2018-10-06T15:00:39.000+02:00
Found with Valgrind

```const char* c_str = qstr.toUtf8().data()``` is invalid
since the QByteArray returned by toUtf8() is destroyed at the
end of the expression, letting c_str point to freed memory

On the contrary ```foo(qstr.toUtf8().data())``` is valid since
the temporary object is destroyed only after foo invokation.
diff --git a/src/core/qgsxmlutils.h b/src/core/qgsxmlutils.h
@@ -97,8 +97,7 @@ class CORE_EXPORT QgsXmlUtils
       if ( metaEnum.isValid() )
       {
         bool ok = false;
-        const char *vs = sourceCategoriesStr.toUtf8().data();
-        int newValue = metaEnum.keysToValue( vs, &ok );
+        int newValue = metaEnum.keysToValue( sourceCategoriesStr.toUtf8().data(), &ok );
         if ( ok )
           value = static_cast<T>( newValue );
       }

Original file line number	Diff line number	Diff line change
`@@ -97,8 +97,7 @@ class CORE_EXPORT QgsXmlUtils`
`97`	`97`	`if ( metaEnum.isValid() )`
`98`	`98`	`{`
`99`	`99`	`bool ok = false;`
`100`		`- const char *vs = sourceCategoriesStr.toUtf8().data();`
`101`		`- int newValue = metaEnum.keysToValue( vs, &ok );`
	`100`	`+ int newValue = metaEnum.keysToValue( sourceCategoriesStr.toUtf8().data(), &ok );`
`102`	`101`	`if ( ok )`
`103`	`102`	`value = static_cast<T>( newValue );`
`104`	`103`	`}`