fix use-after-free with regex_match()

The smatch does not copy the input, it points to the original. So if the
string is on the stack and goes out of scope because it's only used as a
parameter, it will just be junk. Make a copy of it at a higher scope.

1 files changed, 4 insertions, 4 deletions

diff --git a/src/draft.cc b/src/draft.cc
index cd4553de..5ce41dc5 100644
--- a/src/draft.cc
+++ b/src/draft.cc
@@ -102,13 +102,15 @@ void draft_t::parse_args(const value_t& args)
   value_t::sequence_t::const_iterator end   = args.end();
 
   for (; begin != end; begin++) {
+    string arg = (*begin).to_string();
+
     if (check_for_date &&
-        regex_match((*begin).to_string(), what, date_mask)) {
+        regex_match(arg, what, date_mask)) {
       tmpl->date = parse_date(what[0]);
       check_for_date = false;
     }
     else if (check_for_date &&
-             bool(weekday = string_to_day_of_week((*begin).to_string()))) {
+             bool(weekday = string_to_day_of_week(arg))) {
 #if defined(__GNUC__) && __GNUC__ >= 4 && __GNUC_MINOR__ >= 7
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wmaybe-uninitialized"
@@ -124,8 +126,6 @@ void draft_t::parse_args(const value_t& args)
       check_for_date = false;
     }
     else {
-      string arg = (*begin).to_string();
-
       if (arg == "at") {
         if (++begin == end)
           throw std::runtime_error(_("Invalid xact command arguments"));