summaryrefslogtreecommitdiff
path: root/quickjs.c
diff options
context:
space:
mode:
authorFabrice Bellard <fabrice@bellard.org>2025-03-13 16:30:02 +0100
committerFabrice Bellard <fabrice@bellard.org>2025-03-13 16:30:02 +0100
commit027f3cb5e44ac42cbcb0d0ec7b3462fe31f5e36a (patch)
tree3910288180748f3d66e28399af970fd83bf6c69b /quickjs.c
parentc739debf0fa03cbc1a403749afbbfad76a2f16dc (diff)
downloadquickjs-027f3cb5e44ac42cbcb0d0ec7b3462fe31f5e36a.tar.gz
quickjs-027f3cb5e44ac42cbcb0d0ec7b3462fe31f5e36a.zip
fix crash when add_property() fails on build arguments (penneryu)
Diffstat (limited to 'quickjs.c')
-rw-r--r--quickjs.c13
1 files changed, 9 insertions, 4 deletions
diff --git a/quickjs.c b/quickjs.c
index 4f42f06..8195270 100644
--- a/quickjs.c
+++ b/quickjs.c
@@ -14857,16 +14857,16 @@ static JSValue js_build_arguments(JSContext *ctx, int argc, JSValueConst *argv)
/* add the length field (cannot fail) */
pr = add_property(ctx, p, JS_ATOM_length,
JS_PROP_WRITABLE | JS_PROP_CONFIGURABLE);
+ if (unlikely(!pr))
+ goto fail;
pr->u.value = JS_NewInt32(ctx, argc);
/* initialize the fast array part */
tab = NULL;
if (argc > 0) {
tab = js_malloc(ctx, sizeof(tab[0]) * argc);
- if (!tab) {
- JS_FreeValue(ctx, val);
- return JS_EXCEPTION;
- }
+ if (!tab)
+ goto fail;
for(i = 0; i < argc; i++) {
tab[i] = JS_DupValue(ctx, argv[i]);
}
@@ -14882,6 +14882,9 @@ static JSValue js_build_arguments(JSContext *ctx, int argc, JSValueConst *argv)
ctx->throw_type_error, ctx->throw_type_error,
JS_PROP_HAS_GET | JS_PROP_HAS_SET);
return val;
+ fail:
+ JS_FreeValue(ctx, val);
+ return JS_EXCEPTION;
}
#define GLOBAL_VAR_OFFSET 0x40000000
@@ -14906,6 +14909,8 @@ static JSValue js_build_mapped_arguments(JSContext *ctx, int argc,
/* add the length field (cannot fail) */
pr = add_property(ctx, p, JS_ATOM_length,
JS_PROP_WRITABLE | JS_PROP_CONFIGURABLE);
+ if (unlikely(!pr))
+ goto fail;
pr->u.value = JS_NewInt32(ctx, argc);
for(i = 0; i < arg_count; i++) {