From 986e5b48b42298dd519c5388cf374dfadbbcee8c Mon Sep 17 00:00:00 2001
From: Dmitry Volyntsev <xeioex@nginx.com>
Date: Thu, 16 May 2019 15:20:31 +0300
Subject: [PATCH] Fixed uninitialized-memory-access in
 Object.defineProperties().

This closes #158 issue on Github.
---
 njs/njs_object.c         | 11 +++++------
 njs/test/njs_unit_test.c |  3 +++
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/njs/njs_object.c b/njs/njs_object.c
index f648d507..33e29104 100644
--- a/njs/njs_object.c
+++ b/njs/njs_object.c
@@ -1705,7 +1705,7 @@ njs_object_define_property(njs_vm_t *vm, njs_value_t *args, nxt_uint_t nargs,
         return NXT_ERROR;
     }
 
-    value = &args[1];
+    value = njs_argument(args, 1);
 
     if (!value->data.u.object->extensible) {
         njs_type_error(vm, "object is not extensible");
@@ -1743,15 +1743,14 @@ njs_object_define_properties(njs_vm_t *vm, njs_value_t *args, nxt_uint_t nargs,
     njs_object_prop_t  *prop;
     const njs_value_t  *descriptor;
 
-    value = &args[1];
-
-    if (!njs_is_object(value)) {
+    if (!njs_is_object(njs_arg(args, nargs, 1))) {
         njs_type_error(vm, "cannot convert %s argument to object",
-                       njs_type_string(value->type));
-
+                       njs_type_string(njs_arg(args, nargs, 1)->type));
         return NXT_ERROR;
     }
 
+    value = njs_argument(args, 1);
+
     if (!value->data.u.object->extensible) {
         njs_type_error(vm, "object is not extensible");
         return NXT_ERROR;
diff --git a/njs/test/njs_unit_test.c b/njs/test/njs_unit_test.c
index 02bc3c16..4f02b13e 100644
--- a/njs/test/njs_unit_test.c
+++ b/njs/test/njs_unit_test.c
@@ -9162,6 +9162,9 @@ static njs_unit_test_t  njs_test[] =
     { nxt_string("var o = Object.defineProperties({a:1}, {}); o.a"),
       nxt_string("1") },
 
+    { nxt_string("Object.defineProperties()"),
+      nxt_string("TypeError: cannot convert undefined argument to object") },
+
     { nxt_string("Object.defineProperties(1, {})"),
       nxt_string("TypeError: cannot convert number argument to object") },
 
-- 
2.47.3