From decc00dcdf6ae24c55d21770f643f1edf67cfdeb Mon Sep 17 00:00:00 2001
From: Timothy Flynn <trflynn89@pm.me>
Date: Wed, 3 Apr 2024 21:46:39 -0400
Subject: [PATCH] LibGLSL: Avoid UAF when creating a preprocessor instance

The intialization of Definition::value allocates a string that we were
holding a view into. Store the result as a String to keep it alive; its
only usage is passing it to GenericLexer in another function.
---
 Userland/Libraries/LibGLSL/Preprocessor.cpp | 2 +-
 Userland/Libraries/LibGLSL/Preprocessor.h   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Userland/Libraries/LibGLSL/Preprocessor.cpp b/Userland/Libraries/LibGLSL/Preprocessor.cpp
index b20ee7f91d..8ffad9018a 100644
--- a/Userland/Libraries/LibGLSL/Preprocessor.cpp
+++ b/Userland/Libraries/LibGLSL/Preprocessor.cpp
@@ -366,7 +366,7 @@ ErrorOr<Optional<Preprocessor::Definition>> Preprocessor::create_definition(Stri
     }
 
     if (token_index < tokens.size())
-        definition.value = TRY(remove_escaped_newlines(line.substring_view(tokens[token_index].start().column))).bytes_as_string_view();
+        definition.value = TRY(remove_escaped_newlines(line.substring_view(tokens[token_index].start().column)));
 
     return definition;
 }
diff --git a/Userland/Libraries/LibGLSL/Preprocessor.h b/Userland/Libraries/LibGLSL/Preprocessor.h
index 8291c5f764..4fad48ddd0 100644
--- a/Userland/Libraries/LibGLSL/Preprocessor.h
+++ b/Userland/Libraries/LibGLSL/Preprocessor.h
@@ -28,7 +28,7 @@ public:
     struct Definition {
         StringView key;
         Vector<StringView> parameters;
-        StringView value;
+        String value;
         FlyString filename;
         size_t line { 0 };
         size_t column { 0 };