From: Francis De Brabandere <francisdb@gmail.com> Dim arr() followed by ReDim arr(N) crashed due to a NULL SAFEARRAY pointer dereference. --- dlls/vbscript/interp.c | 2 +- dlls/vbscript/tests/lang.vbs | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/dlls/vbscript/interp.c b/dlls/vbscript/interp.c index 00ef7d93eb6..57adced5042 100644 --- a/dlls/vbscript/interp.c +++ b/dlls/vbscript/interp.c @@ -1348,7 +1348,7 @@ static HRESULT interp_redim(exec_ctx_t *ctx) if(V_ISARRAY(v)) { SAFEARRAY *sa = V_ISBYREF(v) ? *V_ARRAYREF(v) : V_ARRAY(v); - if(sa->fFeatures & FADF_FIXEDSIZE) + if(sa && (sa->fFeatures & FADF_FIXEDSIZE)) return MAKE_VBSERROR(VBSE_ARRAY_LOCKED); } diff --git a/dlls/vbscript/tests/lang.vbs b/dlls/vbscript/tests/lang.vbs index ff34ac8059b..ea677454ee2 100644 --- a/dlls/vbscript/tests/lang.vbs +++ b/dlls/vbscript/tests/lang.vbs @@ -1898,6 +1898,27 @@ call TestReDimPreserveByRef(rx) ok ubound(rx) = 7, "ubound(rx) = " & ubound(rx) ok rx(3) = 2, "rx(3) = " & rx(3) +' ReDim on an uninitialized dynamic array (Dim arr() has a NULL SAFEARRAY pointer) +dim dynarr() +redim dynarr(3) +ok ubound(dynarr) = 3, "ubound(dynarr) = " & ubound(dynarr) +dynarr(0) = "a" +dynarr(3) = "b" +ok dynarr(0) = "a", "dynarr(0) = " & dynarr(0) +ok dynarr(3) = "b", "dynarr(3) = " & dynarr(3) +redim dynarr(5) +ok ubound(dynarr) = 5, "ubound(dynarr) = " & ubound(dynarr) +ok dynarr(0) = empty, "dynarr(0) after redim = " & dynarr(0) + +' ReDim Preserve on an uninitialized dynamic array should also work and retain data +dim dynarr2() +redim preserve dynarr2(3) +ok ubound(dynarr2) = 3, "ubound(dynarr2) = " & ubound(dynarr2) +dynarr2(0) = "x" +redim preserve dynarr2(5) +ok ubound(dynarr2) = 5, "ubound(dynarr2) = " & ubound(dynarr2) +ok dynarr2(0) = "x", "dynarr2(0) after redim preserve = " & dynarr2(0) + Class ArrClass Dim classarr(3) Dim classnoarr() -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/10446