From 127f44a40b36e2db45049d37ee6ae50cebea0b65 Mon Sep 17 00:00:00 2001 From: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com> Date: Thu, 5 Feb 2026 18:19:32 +0000 Subject: [PATCH] fix stack-use-after-scope issue Signed-off-by: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com> --- src/libxrpl/protocol/STParsedJSON.cpp | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/src/libxrpl/protocol/STParsedJSON.cpp b/src/libxrpl/protocol/STParsedJSON.cpp index 1c25e6d94a..3fb2825581 100644 --- a/src/libxrpl/protocol/STParsedJSON.cpp +++ b/src/libxrpl/protocol/STParsedJSON.cpp @@ -69,13 +69,16 @@ make_name(std::string const& object, std::string const& field) if (field.empty()) return object; - return {object + "." + field}; + return object + "." + field; } +// Note: Store make_name() result in a local variable before string concatenation +// to prevent stack-use-after-scope when the temporary is used in chained operations static inline Json::Value not_an_object(std::string const& object, std::string const& field) { - return RPC::make_error(rpcINVALID_PARAMS, "Field '" + make_name(object, field) + "' is not a JSON object."); + auto const fieldName = make_name(object, field); + return RPC::make_error(rpcINVALID_PARAMS, "Field '" + fieldName + "' is not a JSON object."); } static inline Json::Value @@ -93,25 +96,29 @@ not_an_array(std::string const& object) static inline Json::Value unknown_field(std::string const& object, std::string const& field) { - return RPC::make_error(rpcINVALID_PARAMS, "Field '" + make_name(object, field) + "' is unknown."); + auto const fieldName = make_name(object, field); + return RPC::make_error(rpcINVALID_PARAMS, "Field '" + fieldName + "' is unknown."); } static inline Json::Value out_of_range(std::string const& object, std::string const& field) { - return RPC::make_error(rpcINVALID_PARAMS, "Field '" + make_name(object, field) + "' is out of range."); + auto const fieldName = make_name(object, field); + return RPC::make_error(rpcINVALID_PARAMS, "Field '" + fieldName + "' is out of range."); } static inline Json::Value bad_type(std::string const& object, std::string const& field) { - return RPC::make_error(rpcINVALID_PARAMS, "Field '" + make_name(object, field) + "' has bad type."); + auto const fieldName = make_name(object, field); + return RPC::make_error(rpcINVALID_PARAMS, "Field '" + fieldName + "' has bad type."); } static inline Json::Value invalid_data(std::string const& object, std::string const& field) { - return RPC::make_error(rpcINVALID_PARAMS, "Field '" + make_name(object, field) + "' has invalid data."); + auto const fieldName = make_name(object, field); + return RPC::make_error(rpcINVALID_PARAMS, "Field '" + fieldName + "' has invalid data."); } static inline Json::Value @@ -123,13 +130,15 @@ invalid_data(std::string const& object) static inline Json::Value array_expected(std::string const& object, std::string const& field) { - return RPC::make_error(rpcINVALID_PARAMS, "Field '" + make_name(object, field) + "' must be a JSON array."); + auto const fieldName = make_name(object, field); + return RPC::make_error(rpcINVALID_PARAMS, "Field '" + fieldName + "' must be a JSON array."); } static inline Json::Value string_expected(std::string const& object, std::string const& field) { - return RPC::make_error(rpcINVALID_PARAMS, "Field '" + make_name(object, field) + "' must be a string."); + auto const fieldName = make_name(object, field); + return RPC::make_error(rpcINVALID_PARAMS, "Field '" + fieldName + "' must be a string."); } static inline Json::Value