From d0ac4e1a0df39ca5c382967148a18e789a098c3f Mon Sep 17 00:00:00 2001
From: Stephen Hines <srhines@google.com>
Date: Wed, 5 Oct 2022 18:23:46 -0700
Subject: Fix stack-use-after-scope for a `std::string`

`android::util::Utf16ToUtf8()` actually returns a `std::string` due to
the actual conversion to Utf8. `ParseResourceNamedType()` operates on a
`StringPiece` of `converted` (the `std::string` returned from that
call), and stashes it away for later use. Of course, by the time we're
using the `StringPiece` in `parsed_type`, `converted` has already gone
out of scope and is invalid to access.

Bug: http://b/250827883
Test: ./art/test/testrunner/run_build_test_target.py -j80 art-asan
Merged-In: Iea71a5cc84b7dfa96e7dcb549435f8394770a4df
Change-Id: Ie03aa417c56df5cedd58bf0b32994d6b4e5395b4
---
 tools/aapt2/ResourceUtils.cpp | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'tools/aapt2/ResourceUtils.cpp')

diff --git a/tools/aapt2/ResourceUtils.cpp b/tools/aapt2/ResourceUtils.cpp
index 23f6c88aad91..3787f3b96f08 100644
--- a/tools/aapt2/ResourceUtils.cpp
+++ b/tools/aapt2/ResourceUtils.cpp
@@ -51,8 +51,10 @@ std::optional<ResourceName> ToResourceName(const android::ResTable::resource_nam
       util::Utf16ToUtf8(StringPiece16(name_in.package, name_in.packageLen));
 
   std::optional<ResourceNamedTypeRef> type;
+  std::string converted;
   if (name_in.type) {
-    type = ParseResourceNamedType(util::Utf16ToUtf8(StringPiece16(name_in.type, name_in.typeLen)));
+    converted = util::Utf16ToUtf8(StringPiece16(name_in.type, name_in.typeLen));
+    type = ParseResourceNamedType(converted);
   } else if (name_in.type8) {
     type = ParseResourceNamedType(StringPiece(name_in.type8, name_in.typeLen));
   } else {
@@ -85,9 +87,10 @@ std::optional<ResourceName> ToResourceName(const android::AssetManager2::Resourc
   name_out.package = std::string(name_in.package, name_in.package_len);
 
   std::optional<ResourceNamedTypeRef> type;
+  std::string converted;
   if (name_in.type16) {
-    type =
-        ParseResourceNamedType(util::Utf16ToUtf8(StringPiece16(name_in.type16, name_in.type_len)));
+    converted = util::Utf16ToUtf8(StringPiece16(name_in.type16, name_in.type_len));
+    type = ParseResourceNamedType(converted);
   } else if (name_in.type) {
     type = ParseResourceNamedType(StringPiece(name_in.type, name_in.type_len));
   } else {
-- 
cgit v1.2.3-59-g8ed1b