Restored JsonVariantLocal to fix the use-after-free

src/ArduinoJson/JsonVariant.hpp

@@ -321,4 +321,15 @@ class JsonVariantConst : public JsonVariantProxy<const JsonVariantData>,
     return JsonVariantConst(objectGet(variantAsObject(_data), makeString(key)));
   }
 };
+
+class JsonVariantLocal : public JsonVariant {
+ public:
+  explicit JsonVariantLocal(MemoryPool *memoryPool)
+      : JsonVariant(memoryPool, &_localData) {
+    _localData.type = JSON_NULL;
+  }
+
+ private:
+  JsonVariantData _localData;
+};
 }  // namespace ARDUINOJSON_NAMESPACE

src/ArduinoJson/MsgPack/MsgPackDeserializer.hpp

@@ -278,8 +278,7 @@ class MsgPackDeserializer {
     if (_nestingLimit == 0) return DeserializationError::TooDeep;
     --_nestingLimit;
     for (; n; --n) {
-      JsonVariantData keyData;
+      JsonVariantLocal key(_memoryPool);
-      JsonVariant key(_memoryPool, &keyData);
       DeserializationError err = parse(key);
       if (err) return err;
       if (!key.is<char *>()) return DeserializationError::NotSupported;