From e478396a04f1ddffd2c3957e7424450dea113634 Mon Sep 17 00:00:00 2001
From: Wilhelm Schuermann <wimschuermann@googlemail.com>
Date: Tue, 15 Sep 2015 12:27:25 +0200
Subject: [PATCH] DOM: Prevent use-after-free in CLI2::canonicalize

---
 src/DOM.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/DOM.cpp b/src/DOM.cpp
index a1b6ab8f0..929f40823 100644
--- a/src/DOM.cpp
+++ b/src/DOM.cpp
@@ -259,7 +259,7 @@ bool DOM::get (const std::string& name, const Task& task, Variant& value)
   auto size = elements.size ();
 
   std::string canonical;
-  if (context.cli2.canonicalize (canonical, "attribute", elements[0]))
+  if ((size == 1 || size == 2) && context.cli2.canonicalize (canonical, "attribute", elements[0]))
   {
     // Now that 'ref' is the contextual task, and any ID/UUID is chopped off the
     // elements vector, DOM resolution is now simple.