[PATCH 0/1] MR10650: vbscript: Fix crash when GetRef is called as a statement. - Wine-GitLab - list.winehq.org

newer
[PATCH v6 0/2] MR10463: winemac:...

[PATCH 0/1] MR10650: vbscript: Fix crash when GetRef is called as a statement.

older
[PATCH v8 0/2] MR10589: vbscript:...

Francis De Brabandere (＠francisdb)

April 13, 2026

9:23 p.m.

Global_GetRef() wrote to *res unconditionally. Callers that discard the return value (`Call GetRef("name")` or bare-call form) pass NULL, which segfaults on Wine but runs cleanly on Windows. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/10650

Reply

Sign in to reply online Use email software

Show replies by date

Francis De Brabandere

April 2026

9:23 p.m.

New subject: [PATCH 1/1] vbscript: Fix crash when GetRef is called as a statement.

From: Francis De Brabandere <francisdb@gmail.com> Global_GetRef() wrote to *res unconditionally. Callers that discard the return value (`Call GetRef("name")` or bare-call form) pass NULL, which segfaults on Wine but runs cleanly on Windows. --- dlls/vbscript/global.c | 4 ++++ dlls/vbscript/tests/lang.vbs | 10 ++++++++++ 2 files changed, 14 insertions(+) diff --git a/dlls/vbscript/global.c b/dlls/vbscript/global.c index ea137cdb478..23a5f235c85 100644 --- a/dlls/vbscript/global.c +++ b/dlls/vbscript/global.c @@ -3789,6 +3789,8 @@ static HRESULT Global_GetRef(BuiltinDisp *This, VARIANT *arg, unsigned args_cnt, cnt = item->script_obj->global_funcs_cnt; for(i = 0; i < cnt; i++) { if(!vbs_wcsicmp(funcs[i]->name, name)) { + if(!res) + return S_OK; hres = create_func_ref(This->ctx, funcs[i], &disp); if(FAILED(hres)) return hres; @@ -3804,6 +3806,8 @@ static HRESULT Global_GetRef(BuiltinDisp *This, VARIANT *arg, unsigned args_cnt, cnt = This->ctx->script_obj->global_funcs_cnt; for(i = 0; i < cnt; i++) { if(!vbs_wcsicmp(funcs[i]->name, name)) { + if(!res) + return S_OK; hres = create_func_ref(This->ctx, funcs[i], &disp); if(FAILED(hres)) return hres; diff --git a/dlls/vbscript/tests/lang.vbs b/dlls/vbscript/tests/lang.vbs index 777d7bfc5a9..e52c2dece86 100644 --- a/dlls/vbscript/tests/lang.vbs +++ b/dlls/vbscript/tests/lang.vbs @@ -2897,6 +2897,16 @@ Err.Clear Set getRefRef = GetRef(vbNullString) Call ok(Err.Number = 5, "GetRef vbNullString error is " & Err.Number) +' GetRef called as a statement (result discarded). Must not crash even +' though no res pointer is passed to the builtin. +Err.Clear +Call GetRef("GetRefTestFunc") +Call ok(Err.Number = 0, "Call GetRef statement err = " & Err.Number) + +Err.Clear +GetRef "GetRefTestFunc" +Call ok(Err.Number = 0, "Bare GetRef statement err = " & Err.Number) + ' Eval tests Call ok(Eval("1 + 2") = 3, "Eval(""1 + 2"") = " & Eval("1 + 2")) Call ok(Eval("""test""") = "test", "Eval(""""""test"""""") = " & Eval("""test""")) -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/10650

Reply

Sign in to reply online Use email software

Jacek Caban (＠jacek)

3:56 p.m.

New subject: [PATCH 0/1] MR10650: vbscript: Fix crash when GetRef is called as a statement. - approved

This merge request was approved by Jacek Caban. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/10650

Reply

Sign in to reply online Use email software

7

Age (days ago)

9

Last active (days ago)

2 comments

3 participants

tags

participants (3)

Francis De Brabandere
Francis De Brabandere (＠francisdb)
Jacek Caban (＠jacek)