UpdateProcThreadAttribute has a restriction that its lpValue parameter

sandbox/win/src/broker_services.cc

Index: sandbox/win/src/broker_services.cc
diff --git a/sandbox/win/src/broker_services.cc b/sandbox/win/src/broker_services.cc
index 8fa7f0d655168a5427287a72228c8f036c4646e4..5d8061fd48998b0af36f72144409dbcd05a9d837 100644
--- a/sandbox/win/src/broker_services.cc
+++ b/sandbox/win/src/broker_services.cc
@@ -401,6 +401,11 @@ ResultCode BrokerServicesBase::SpawnTarget(const wchar_t* exe_path,
 
   // Initialize the startup information from the policy.
   base::win::StartupInformation startup_info;
+  // The liftime of |mitigations| has to be at least as long as |startup_info|
+  // because |UpdateProcThreadAttribute| requires that its |lpValue| parameter
+  // persist until |DeleteProcThreadAttributeList| is called;
+  // StartupInformation's destructor makes such a call.
+  DWORD64 mitigations;
   base::string16 desktop = policy_base->GetAlternateDesktop();
   if (!desktop.empty()) {
     startup_info.startup_info()->lpDesktop =
@@ -415,7 +420,6 @@ ResultCode BrokerServicesBase::SpawnTarget(const wchar_t* exe_path,
     if (app_container)
       ++attribute_count;
 
-    DWORD64 mitigations;
     size_t mitigations_size;
     ConvertProcessMitigationsToPolicy(policy->GetProcessMitigations(),
                                       &mitigations, &mitigations_size);