From 86a93b9b4763ccbf0684919283241ab5901363f0 Mon Sep 17 00:00:00 2001
From: Timothy Flynn <trflynn89@pm.me>
Date: Wed, 19 Mar 2025 17:02:18 -0400
Subject: [PATCH] UI/Qt: Prevent UAF while parsing autocomplete response data

JsonParser only holds a view into the provided string, the caller must
keep it alive. Though we can actually just use JsonValue::from_string
here instead.
---
 UI/Qt/AutoComplete.cpp | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/UI/Qt/AutoComplete.cpp b/UI/Qt/AutoComplete.cpp
index abfd7c19975..90306dc7126 100644
--- a/UI/Qt/AutoComplete.cpp
+++ b/UI/Qt/AutoComplete.cpp
@@ -6,7 +6,6 @@
 
 #include <AK/JsonArray.h>
 #include <AK/JsonObject.h>
-#include <AK/JsonParser.h>
 #include <LibURL/URL.h>
 #include <UI/Qt/AutoComplete.h>
 #include <UI/Qt/Settings.h>
@@ -111,8 +110,8 @@ ErrorOr<void> AutoComplete::got_network_response(QNetworkReply* reply)
     if (reply->error() == QNetworkReply::NetworkError::OperationCanceledError)
         return {};
 
-    AK::JsonParser parser(ak_byte_string_from_qstring(reply->readAll()));
-    auto json = TRY(parser.parse());
+    auto reply_data = ak_string_from_qstring(reply->readAll());
+    auto json = TRY(JsonValue::from_string(reply_data));
 
     auto engine_name = Settings::the()->autocomplete_engine().name;
     Vector<String> results;