From 90a684b32b93988e890d854deff384addd875de9 Mon Sep 17 00:00:00 2001
From: Tor Lillqvist <tml@collabora.com>
Date: Wed, 11 Mar 2015 09:56:57 +0200
Subject: Move more variables out of the timestamping block

One or more pointers into them apparently gets stored into the NSSCMSMessage
data structures during the my_NSS_CMSSignerInfo_AddUnauthAttr() call, and thus
when the variables go out of scope said data can and will be reused for some
arbitrary other thing, and those pointers in the NSSCMSMessage will point to
bogus data.

Avoids a crash when compiled with gcc. (No crash when compiled with Clang, it
apparently allocates nested block stack variables differently.)

(The Windows MSVC build uses a different code path entirely here.)

Change-Id: Ic941d766904a216cce86ee6bd38864801b9110e8
---
 vcl/source/gdi/pdfwriter_impl.cxx | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

(limited to 'vcl')

diff --git a/vcl/source/gdi/pdfwriter_impl.cxx b/vcl/source/gdi/pdfwriter_impl.cxx
index 55a918b864df..df2e74ee9d83 100644
--- a/vcl/source/gdi/pdfwriter_impl.cxx
+++ b/vcl/source/gdi/pdfwriter_impl.cxx
@@ -6893,6 +6893,10 @@ bool PDFWriterImpl::finalizeSignature()
 
     char *pass(strdup(OUStringToOString( m_aContext.SignPassword, RTL_TEXTENCODING_UTF8 ).getStr()));
 
+    TimeStampReq src;
+    OStringBuffer response_buffer;
+    TimeStampResp response;
+    SECItem response_item;
     NSSCMSAttribute timestamp;
     SECItem values[2];
     SECItem *valuesp = values;
@@ -6963,7 +6967,6 @@ bool PDFWriterImpl::finalizeSignature()
             fclose(out);
         }
 #endif
-        TimeStampReq src;
 
         unsigned char cOne = 1;
         src.version.type = siUnsignedInteger;
@@ -7064,8 +7067,6 @@ bool PDFWriterImpl::finalizeSignature()
             return false;
         }
 
-        OStringBuffer response_buffer;
-
         if ((rc = curl_easy_setopt(curl, CURLOPT_WRITEDATA, &response_buffer)) != CURLE_OK ||
             (rc = curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, AppendToBuffer)) != CURLE_OK)
         {
@@ -7129,10 +7130,8 @@ bool PDFWriterImpl::finalizeSignature()
         curl_easy_cleanup(curl);
         SECITEM_FreeItem(timestamp_request, PR_TRUE);
 
-        TimeStampResp response;
         memset(&response, 0, sizeof(response));
 
-        SECItem response_item;
         response_item.type = siBuffer;
         response_item.data = reinterpret_cast<unsigned char*>(const_cast<char*>(response_buffer.getStr()));
         response_item.len = response_buffer.getLength();
-- 
cgit