Switch declaration order to prevent UAF This is occuring when the variables go out of scope, due to C++s first in, last out destruction policy. BUG=chromium:808333 Change-Id: I44f37520a22720bc23df4c8a72ff73994c37eea1 Reviewed-on: https://pdfium-review.googlesource.com/31278 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>

commit: 9afcfa46ee07bc22c94d49942f5a61d6a374fd2d [log] [tgz]
author: Ryan Harrison <rharrison@chromium.org> Tue Apr 24 18:44:29 2018 +0000
committer: Chromium commit bot <commit-bot@chromium.org> Tue Apr 24 18:44:29 2018 +0000
tree: ed3e030b7fabdfb4ef1182a401652f46c24f1c1f
parent: 6453a67d84dc321a5f28728e04929dc2ff35ff88 [diff]
diff --git a/xfa/fxfa/parser/cxfa_document.cpp b/xfa/fxfa/parser/cxfa_document.cpp
index c3e73e2..6860c83 100644
--- a/xfa/fxfa/parser/cxfa_document.cpp
+++ b/xfa/fxfa/parser/cxfa_document.cpp

@@ -1511,12 +1511,13 @@
   }
 
   for (CXFA_Node* pUseHrefNode : sUseNodes) {
+    // Must outlive the WideStringViews below.
+    WideString wsUseVal =
+        pUseHrefNode->JSObject()->GetCData(XFA_Attribute::Usehref);
     WideStringView wsURI;
     WideStringView wsID;
     WideStringView wsSOM;
 
-    WideString wsUseVal =
-        pUseHrefNode->JSObject()->GetCData(XFA_Attribute::Usehref);
     if (!wsUseVal.IsEmpty()) {
       auto uSharpPos = wsUseVal.Find('#');
       if (!uSharpPos.has_value()) {
commit	9afcfa46ee07bc22c94d49942f5a61d6a374fd2d	[log] [tgz]
author	Ryan Harrison <rharrison@chromium.org>	Tue Apr 24 18:44:29 2018 +0000
committer	Chromium commit bot <commit-bot@chromium.org>	Tue Apr 24 18:44:29 2018 +0000
tree	ed3e030b7fabdfb4ef1182a401652f46c24f1c1f
parent	6453a67d84dc321a5f28728e04929dc2ff35ff88 [diff]