From e59833765507a39852a4932fc2d3c488968aeea4 Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Wed, 4 Sep 2024 13:43:30 +0100
Subject: [PATCH] NativeMessageBox: Fix string pointer use-after-free

toWideCharPointer() returns a pointer to a buffer managed by the String.
The wchar_t pointers are not read until the invocation of
TaskDialogIndirect, so the String instances must remain alive until this
point.
---
 .../native/juce_NativeMessageBox_windows.cpp           | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/modules/juce_gui_basics/native/juce_NativeMessageBox_windows.cpp b/modules/juce_gui_basics/native/juce_NativeMessageBox_windows.cpp
index 813a343bf8..9be087deb1 100644
--- a/modules/juce_gui_basics/native/juce_NativeMessageBox_windows.cpp
+++ b/modules/juce_gui_basics/native/juce_NativeMessageBox_windows.cpp
@@ -100,12 +100,15 @@ std::unique_ptr<ScopedMessageBoxInterface> ScopedMessageBoxInterface::create (co
 
             return [this, parent]
             {
+                const auto title = options.getTitle();
+                const auto message = options.getMessage();
+
                 TASKDIALOGCONFIG config{};
 
                 config.cbSize         = sizeof (config);
                 config.hwndParent     = parent;
-                config.pszWindowTitle = options.getTitle().toWideCharPointer();
-                config.pszContent     = options.getMessage().toWideCharPointer();
+                config.pszWindowTitle = title.toWideCharPointer();
+                config.pszContent     = message.toWideCharPointer();
                 config.hInstance      = (HINSTANCE) Process::getCurrentModuleInstanceHandle();
                 config.lpCallbackData = reinterpret_cast<LONG_PTR> (this);
                 config.pfCallback     = [] (HWND hwnd, UINT msg, WPARAM, LPARAM, LONG_PTR lpRefData)
@@ -154,11 +157,12 @@ std::unique_ptr<ScopedMessageBoxInterface> ScopedMessageBoxInterface::create (co
                     }();
                 }
 
+                std::vector<String> buttonStrings;
                 std::vector<TASKDIALOG_BUTTON> buttonLabels;
 
                 for (auto i = 0; i < options.getNumButtons(); ++i)
                     if (const auto buttonText = options.getButtonText (i); buttonText.isNotEmpty())
-                        buttonLabels.push_back ({ (int) buttonLabels.size(), buttonText.toWideCharPointer() });
+                        buttonLabels.push_back ({ (int) buttonLabels.size(), buttonStrings.emplace_back (buttonText).toWideCharPointer() });
 
                 config.pButtons = buttonLabels.data();
                 config.cButtons = (UINT) buttonLabels.size();