- account for the argc+1 (to store DISPID_THIS) when allocating rgvarg - only assign rgvarg[0]=jsthis if when space was reserved for DISPID_THIS - actually free args with VariantClear (revert debugging hack that slipped into 274503c839de2a30aef22eab4b9dc879d254a813) Signed-off-by: Kevin Puetz <PuetzKevinA(a)JohnDeere.com> Index: wine/dlls/jscript/dispex.c =================================================================== --- wine.orig/dlls/jscript/dispex.c +++ wine/dlls/jscript/dispex.c @@ -2095,12 +2095,14 @@ HRESULT disp_call_value(script_ctx_t *ct dp.rgdispidNamedArgs = NULL; } - if(argc > ARRAY_SIZE(buf) && !(args = heap_alloc(argc * sizeof(VARIANT)))) + if(dp.cArgs > ARRAY_SIZE(buf) && !(args = heap_alloc(dp.cArgs * sizeof(VARIANT)))) return E_OUTOFMEMORY; dp.rgvarg = args; - V_VT(dp.rgvarg) = VT_DISPATCH; - V_DISPATCH(dp.rgvarg) = jsthis; + if(jsthis) { + V_VT(dp.rgvarg) = VT_DISPATCH; + V_DISPATCH(dp.rgvarg) = jsthis; + } for(i=0; SUCCEEDED(hres) && i < argc; i++) hres = jsval_to_variant(argv[i], dp.rgvarg+dp.cArgs-i-1); @@ -2110,7 +2112,7 @@ HRESULT disp_call_value(script_ctx_t *ct hres = disp_invoke(ctx, disp, DISPID_VALUE, flags, &dp, r ? &retv : NULL); } - for(i = 0; i < argc&&0; i++) + for(i = 0; i < argc; i++) VariantClear(dp.rgvarg + dp.cArgs - i - 1); if(args != buf) heap_free(args);