diff options
author | Fabrice Bellard <fabrice@bellard.org> | 2025-03-13 16:30:02 +0100 |
---|---|---|
committer | Fabrice Bellard <fabrice@bellard.org> | 2025-03-13 16:30:02 +0100 |
commit | 027f3cb5e44ac42cbcb0d0ec7b3462fe31f5e36a (patch) | |
tree | 3910288180748f3d66e28399af970fd83bf6c69b /quickjs.c | |
parent | c739debf0fa03cbc1a403749afbbfad76a2f16dc (diff) | |
download | quickjs-027f3cb5e44ac42cbcb0d0ec7b3462fe31f5e36a.tar.gz quickjs-027f3cb5e44ac42cbcb0d0ec7b3462fe31f5e36a.zip |
fix crash when add_property() fails on build arguments (penneryu)
Diffstat (limited to 'quickjs.c')
-rw-r--r-- | quickjs.c | 13 |
1 files changed, 9 insertions, 4 deletions
@@ -14857,16 +14857,16 @@ static JSValue js_build_arguments(JSContext *ctx, int argc, JSValueConst *argv) /* add the length field (cannot fail) */ pr = add_property(ctx, p, JS_ATOM_length, JS_PROP_WRITABLE | JS_PROP_CONFIGURABLE); + if (unlikely(!pr)) + goto fail; pr->u.value = JS_NewInt32(ctx, argc); /* initialize the fast array part */ tab = NULL; if (argc > 0) { tab = js_malloc(ctx, sizeof(tab[0]) * argc); - if (!tab) { - JS_FreeValue(ctx, val); - return JS_EXCEPTION; - } + if (!tab) + goto fail; for(i = 0; i < argc; i++) { tab[i] = JS_DupValue(ctx, argv[i]); } @@ -14882,6 +14882,9 @@ static JSValue js_build_arguments(JSContext *ctx, int argc, JSValueConst *argv) ctx->throw_type_error, ctx->throw_type_error, JS_PROP_HAS_GET | JS_PROP_HAS_SET); return val; + fail: + JS_FreeValue(ctx, val); + return JS_EXCEPTION; } #define GLOBAL_VAR_OFFSET 0x40000000 @@ -14906,6 +14909,8 @@ static JSValue js_build_mapped_arguments(JSContext *ctx, int argc, /* add the length field (cannot fail) */ pr = add_property(ctx, p, JS_ATOM_length, JS_PROP_WRITABLE | JS_PROP_CONFIGURABLE); + if (unlikely(!pr)) + goto fail; pr->u.value = JS_NewInt32(ctx, argc); for(i = 0; i < arg_count; i++) { |