[NaCl SDK] nacl_io: Fix use-after-free bug in html5fs

nacl_io::Path::Part returns a temporary string. The code that hashes the path
to create a phony ino calls this, and stashes a pointer to the memory.

The real issue with nacl_io_demo is that the quota was too low. I've upped it
to 5 megs now.

BUG=478230
R=sbc@chromium.org

Review URL: https://codereview.chromium.org/1062463004

Cr-Commit-Position: refs/heads/master@{#326850}

native_client_sdk/src/examples/demo/nacl_io_demo/example.js

@@ -12,7 +12,7 @@ function $(id) {
 
 // Called by the common.js module.
 function domContentLoaded(name, tc, config, width, height) {
-  navigator.webkitPersistentStorage.requestQuota(1024 * 1024,
+  navigator.webkitPersistentStorage.requestQuota(5 * 1024 * 1024,
       function(bytes) {
         common.updateStatus(
             'Allocated ' + bytes + ' bytes of persistant storage.');

native_client_sdk/src/libraries/nacl_io/html5fs/html5_fs.cc

@@ -45,9 +45,8 @@ ino_t Html5Fs::HashPath(const Path& path) {
 
   // Apply a running DJB2a to each part of the path
   for (size_t segment = 0; segment < path.Size(); segment++) {
-    const char *ptr = path.Part(segment).c_str();
-    size_t len = path.Part(segment).length();
-    hash = HashPathSegment(hash, ptr, len);
+    const std::string& part = path.Part(segment);
+    hash = HashPathSegment(hash, part.c_str(), part.length());
   }
   return hash;
 }