From e6fa74ffed5ffaf2a7cd550415d8216883fd1961 Mon Sep 17 00:00:00 2001
From: Hans Goudey <h.goudey@me.com>
Date: Tue, 14 Sep 2021 18:13:52 -0500
Subject: Fix: Use after free in spreadsheet attribute column ID

A temporary string was created in the attribute_foreach callback
and used in a map at a higher scope. When the callback finished,
the string went out of scope, was freed, then the elements in the
set pointed to freed memory.
---
 .../editors/space_spreadsheet/spreadsheet_data_source_geometry.cc      | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'source/blender/editors/space_spreadsheet/spreadsheet_data_source_geometry.cc')

diff --git a/source/blender/editors/space_spreadsheet/spreadsheet_data_source_geometry.cc b/source/blender/editors/space_spreadsheet/spreadsheet_data_source_geometry.cc
index bd2d89e4f27..78d9f61d8d5 100644
--- a/source/blender/editors/space_spreadsheet/spreadsheet_data_source_geometry.cc
+++ b/source/blender/editors/space_spreadsheet/spreadsheet_data_source_geometry.cc
@@ -54,8 +54,7 @@ void GeometryDataSource::foreach_default_column_ids(
           return true;
         }
         SpreadsheetColumnID column_id;
-        std::string name = attribute_id.name();
-        column_id.name = (char *)name.c_str();
+        column_id.name = (char *)attribute_id.name().data();
         fn(column_id);
         return true;
       });
-- 
cgit v1.2.3