From 38fac2837f4aec420d81f80018dffa1ab66c02a3 Mon Sep 17 00:00:00 2001
From: Simon Rozman <simon@rozman.si>
Date: Thu, 16 Mar 2023 11:02:23 +0100
Subject: [PATCH] parser: Duplicate locale

The Release testing revealed that compiler might free temporary
std::locale instances sooner than we thought, exposing UaF.

On 64-bit arch, a reference takes 8 bytes, a std::locale copy takes 16
bytes. So duplicating a locale in each parser instance is not such a big
deal to risk an UaF.

Signed-off-by: Simon Rozman <simon@rozman.si>
---
 include/stdex/parser.hpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/stdex/parser.hpp b/include/stdex/parser.hpp
index 15b9e9a83..b5949f95f 100644
--- a/include/stdex/parser.hpp
+++ b/include/stdex/parser.hpp
@@ -148,7 +148,7 @@ namespace stdex
 			interval<size_t> interval; ///< Test for interval
 
 		protected:
-			const std::locale& m_locale;
+			std::locale m_locale;
 		};
 
 		using parser = basic_parser<char>;