Paul Gofman : jscript: Fix use after free in Object_defineProperty().

5 Aug 2021

Module: wine
Branch: master
Commit: a439f7202a9c8f06deb43f81d0f8704caf408162
URL:    https://source.winehq.org/git/wine.git/?a=commit;h=a439f7202a9c8f06deb43f81d...
Author: Paul Gofman pgofman@codeweavers.com
Date:   Thu Aug  5 01:28:49 2021 +0300
jscript: Fix use after free in Object_defineProperty().
Signed-off-by: Paul Gofman pgofman@codeweavers.com
Signed-off-by: Jacek Caban jacek@codeweavers.com
Signed-off-by: Alexandre Julliard julliard@winehq.org
---
dlls/jscript/object.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/dlls/jscript/object.c b/dlls/jscript/object.c
index c8c0572c839..169b47caea4 100644
--- a/dlls/jscript/object.c
+++ b/dlls/jscript/object.c
@@ -470,11 +470,15 @@ static HRESULT Object_defineProperty(script_ctx_t *ctx, vdisp_t *jsthis, WORD fl
     }else {
         hres = JS_E_OBJECT_EXPECTED;
     }
-    jsstr_release(name_str);
+
     if(FAILED(hres))
+    {
+        jsstr_release(name_str);
         return hres;
+    }
hres = jsdisp_define_property(obj, name, &prop_desc);
+    jsstr_release(name_str);
     release_property_descriptor(&prop_desc);
     if(SUCCEEDED(hres) && r)
         *r = jsval_obj(jsdisp_addref(obj));

    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

Paul Gofman : jscript: Fix use after free in Object_defineProperty().