Module: wine Branch: stable Commit: 70e2adbe203df674314f46130f95ad642326fd42 URL: https://gitlab.winehq.org/wine/wine/-/commit/70e2adbe203df674314f46130f95ad6...
Author: Gabriel Ivăncescu gabrielopcode@gmail.com Date: Thu Apr 14 19:24:38 2022 +0300
jscript: Handle NULL return pointers in all constructors.
Instead of crashing.
Signed-off-by: Gabriel Ivăncescu gabrielopcode@gmail.com Signed-off-by: Jacek Caban jacek@codeweavers.com Signed-off-by: Alexandre Julliard julliard@winehq.org (cherry picked from commit c464c1bd4781ca650a5397ff6a2cfd574c1877f0) Signed-off-by: Michael Stefaniuc mstefani@winehq.org
---
dlls/jscript/activex.c | 3 ++- dlls/jscript/array.c | 4 ++++ dlls/jscript/bool.c | 3 +++ dlls/jscript/date.c | 6 ++++-- dlls/jscript/enumerator.c | 3 ++- dlls/jscript/function.c | 3 ++- dlls/jscript/number.c | 11 ++++++----- dlls/jscript/set.c | 4 ++++ dlls/jscript/string.c | 9 ++++++--- dlls/jscript/tests/api.js | 15 +++++++++++++++ dlls/jscript/vbarray.c | 4 +++- 11 files changed, 51 insertions(+), 14 deletions(-)
diff --git a/dlls/jscript/activex.c b/dlls/jscript/activex.c index 80a89b5ae89..c7145ebc24a 100644 --- a/dlls/jscript/activex.c +++ b/dlls/jscript/activex.c @@ -181,7 +181,8 @@ static HRESULT ActiveXObject_value(script_ctx_t *ctx, vdisp_t *jsthis, WORD flag return E_NOTIMPL; }
- *r = jsval_disp(disp); + if(r) *r = jsval_disp(disp); + else IDispatch_Release(disp); return S_OK; }
diff --git a/dlls/jscript/array.c b/dlls/jscript/array.c index 5f61f997a9b..2d4ebc9ffd0 100644 --- a/dlls/jscript/array.c +++ b/dlls/jscript/array.c @@ -1325,6 +1325,8 @@ static HRESULT ArrayConstr_value(script_ctx_t *ctx, vdisp_t *vthis, WORD flags,
if(n < 0 || !is_int32(n)) return JS_E_INVALID_LENGTH; + if(!r) + return S_OK;
hres = create_array(ctx, n, &obj); if(FAILED(hres)) @@ -1334,6 +1336,8 @@ static HRESULT ArrayConstr_value(script_ctx_t *ctx, vdisp_t *vthis, WORD flags, return S_OK; }
+ if(!r) + return S_OK; hres = create_array(ctx, argc, &obj); if(FAILED(hres)) return hres; diff --git a/dlls/jscript/bool.c b/dlls/jscript/bool.c index 184d8d03308..baab501c03b 100644 --- a/dlls/jscript/bool.c +++ b/dlls/jscript/bool.c @@ -145,6 +145,9 @@ static HRESULT BoolConstr_value(script_ctx_t *ctx, vdisp_t *jsthis, WORD flags, case DISPATCH_CONSTRUCT: { jsdisp_t *bool;
+ if(!r) + return S_OK; + hres = create_bool(ctx, value, &bool); if(FAILED(hres)) return hres; diff --git a/dlls/jscript/date.c b/dlls/jscript/date.c index b130c8365fd..15fa88d8ec6 100644 --- a/dlls/jscript/date.c +++ b/dlls/jscript/date.c @@ -2247,7 +2247,8 @@ static HRESULT DateConstr_parse(script_ctx_t *ctx, vdisp_t *jsthis, WORD flags, if(FAILED(hres)) return hres;
- *r = jsval_number(n); + if(r) + *r = jsval_number(n); return S_OK; }
@@ -2402,7 +2403,8 @@ static HRESULT DateConstr_value(script_ctx_t *ctx, vdisp_t *jsthis, WORD flags, } }
- *r = jsval_obj(&date->dispex); + if(r) *r = jsval_obj(&date->dispex); + else jsdisp_release(&date->dispex); return S_OK;
case INVOKE_FUNC: { diff --git a/dlls/jscript/enumerator.c b/dlls/jscript/enumerator.c index 038b4742715..c02ddb7d266 100644 --- a/dlls/jscript/enumerator.c +++ b/dlls/jscript/enumerator.c @@ -304,7 +304,8 @@ static HRESULT EnumeratorConstr_value(script_ctx_t *ctx, vdisp_t *vthis, WORD fl if(FAILED(hres)) return hres;
- *r = jsval_obj(obj); + if(r) *r = jsval_obj(obj); + else jsdisp_release(obj); break; } default: diff --git a/dlls/jscript/function.c b/dlls/jscript/function.c index 3eef1aa2dd6..e0cd37c6c2c 100644 --- a/dlls/jscript/function.c +++ b/dlls/jscript/function.c @@ -1000,7 +1000,8 @@ static HRESULT FunctionConstr_value(script_ctx_t *ctx, vdisp_t *jsthis, WORD fla if(FAILED(hres)) return hres;
- *r = jsval_disp(ret); + if(r) *r = jsval_disp(ret); + else IDispatch_Release(ret); break; } default: diff --git a/dlls/jscript/number.c b/dlls/jscript/number.c index 410f27b782c..a1503b59f45 100644 --- a/dlls/jscript/number.c +++ b/dlls/jscript/number.c @@ -555,11 +555,12 @@ static HRESULT NumberConstr_value(script_ctx_t *ctx, vdisp_t *jsthis, WORD flags n = 0; }
- hres = create_number(ctx, n, &obj); - if(FAILED(hres)) - return hres; - - *r = jsval_obj(obj); + if(r) { + hres = create_number(ctx, n, &obj); + if(FAILED(hres)) + return hres; + *r = jsval_obj(obj); + } break; } default: diff --git a/dlls/jscript/set.c b/dlls/jscript/set.c index 5ae41d81ded..172ef4a2815 100644 --- a/dlls/jscript/set.c +++ b/dlls/jscript/set.c @@ -114,6 +114,8 @@ static HRESULT Set_constructor(script_ctx_t *ctx, vdisp_t *jsthis, WORD flags, u case DISPATCH_CONSTRUCT: TRACE("\n");
+ if(!r) + return S_OK; if(!(set = heap_alloc_zero(sizeof(*set)))) return E_OUTOFMEMORY;
@@ -440,6 +442,8 @@ static HRESULT Map_constructor(script_ctx_t *ctx, vdisp_t *jsthis, WORD flags, u case DISPATCH_CONSTRUCT: TRACE("\n");
+ if(!r) + return S_OK; if(!(map = heap_alloc_zero(sizeof(*map)))) return E_OUTOFMEMORY;
diff --git a/dlls/jscript/string.c b/dlls/jscript/string.c index 5958216b861..14ea31c2d14 100644 --- a/dlls/jscript/string.c +++ b/dlls/jscript/string.c @@ -1642,7 +1642,8 @@ static HRESULT StringConstr_value(script_ctx_t *ctx, vdisp_t *jsthis, WORD flags str = jsstr_empty(); }
- *r = jsval_string(str); + if(r) *r = jsval_string(str); + else jsstr_release(str); break; } case DISPATCH_CONSTRUCT: { @@ -1657,8 +1658,10 @@ static HRESULT StringConstr_value(script_ctx_t *ctx, vdisp_t *jsthis, WORD flags str = jsstr_empty(); }
- hres = create_string(ctx, str, &ret); - if (SUCCEEDED(hres)) *r = jsval_obj(ret); + if(r) { + hres = create_string(ctx, str, &ret); + if(SUCCEEDED(hres)) *r = jsval_obj(ret); + } jsstr_release(str); return hres; } diff --git a/dlls/jscript/tests/api.js b/dlls/jscript/tests/api.js index d5d8e7d34b9..ac36eba3899 100644 --- a/dlls/jscript/tests/api.js +++ b/dlls/jscript/tests/api.js @@ -278,6 +278,8 @@ ok(Object.prototype.hasOwnProperty('toString'), "Object.prototype.hasOwnProperty ok(Object.prototype.hasOwnProperty('isPrototypeOf'), "Object.prototype.hasOwnProperty('isPrototypeOf') is false"); ok(Function.prototype.hasOwnProperty('call'), "Function.prototype.hasOwnProperty('call') is false");
+Object(); +new Object(); obj = new Object();
ok(!obj.hasOwnProperty('toString'), "obj.hasOwnProperty('toString') is true"); @@ -287,28 +289,37 @@ ok(!Object.hasOwnProperty('isPrototypeOf'), "Object.hasOwnProperty('isPrototypeO ok(!parseFloat.hasOwnProperty('call'), "parseFloat.hasOwnProperty('call') is true"); ok(!Function.hasOwnProperty('call'), "Function.hasOwnProperty('call') is true");
+Array(); +new Array(); obj = new Array(); ok(Array.prototype.hasOwnProperty('sort'), "Array.prototype.hasOwnProperty('sort') is false"); ok(Array.prototype.hasOwnProperty('length'), "Array.prototype.hasOwnProperty('length') is false"); ok(!obj.hasOwnProperty('sort'), "obj.hasOwnProperty('sort') is true"); ok(obj.hasOwnProperty('length'), "obj.hasOwnProperty('length') is true");
+Boolean(); +new Boolean(); obj = new Boolean(false); ok(!obj.hasOwnProperty('toString'), "obj.hasOwnProperty('toString') is true"); ok(!Boolean.hasOwnProperty('toString'), "Boolean.hasOwnProperty('toString') is true"); ok(Boolean.prototype.hasOwnProperty('toString'), "Boolean.prototype.hasOwnProperty('toString') is false");
+Date(); +new Date(); obj = new Date(); ok(!obj.hasOwnProperty('getTime'), "obj.hasOwnProperty('getTime') is true"); ok(!Date.hasOwnProperty('getTime'), "Date.hasOwnProperty('getTime') is true"); ok(Date.prototype.hasOwnProperty('getTime'), "Date.prototype.hasOwnProperty('getTime') is false"); ok(!("now" in Date), "now found in Date");
+Number(); +new Number(); obj = new Number(); ok(!obj.hasOwnProperty('toFixed'), "obj.hasOwnProperty('toFixed') is true"); ok(!Number.hasOwnProperty('toFixed'), "Number.hasOwnProperty('toFixed') is true"); ok(Number.prototype.hasOwnProperty('toFixed'), "Number.prototype.hasOwnProperty('toFixed') is false");
+/x/; obj = /x/; ok(!obj.hasOwnProperty('exec'), "obj.hasOwnProperty('exec') is true"); ok(obj.hasOwnProperty('source'), "obj.hasOwnProperty('source') is false"); @@ -316,6 +327,8 @@ ok(!RegExp.hasOwnProperty('exec'), "RegExp.hasOwnProperty('exec') is true"); ok(!RegExp.hasOwnProperty('source'), "RegExp.hasOwnProperty('source') is true"); ok(RegExp.prototype.hasOwnProperty('source'), "RegExp.prototype.hasOwnProperty('source') is false");
+String(); +new String(); obj = new String(); ok(!obj.hasOwnProperty('charAt'), "obj.hasOwnProperty('charAt') is true"); ok(obj.hasOwnProperty('length'), "obj.hasOwnProperty('length') is false"); @@ -3064,6 +3077,8 @@ ok(String.length == 1, "String.length = " + String.length); var tmp = createArray(); ok(getVT(tmp) == "VT_ARRAY|VT_VARIANT", "getVT(createArray()) = " + getVT(tmp)); ok(getVT(VBArray(tmp)) == "VT_ARRAY|VT_VARIANT", "getVT(VBArray(tmp)) = " + getVT(VBArray(tmp))); +VBArray(tmp); +new VBArray(tmp); tmp = new VBArray(tmp); tmp = new VBArray(VBArray(createArray())); ok(tmp.dimensions() == 2, "tmp.dimensions() = " + tmp.dimensions()); diff --git a/dlls/jscript/vbarray.c b/dlls/jscript/vbarray.c index 41faa20ed79..20d8aa7d8a0 100644 --- a/dlls/jscript/vbarray.c +++ b/dlls/jscript/vbarray.c @@ -294,11 +294,13 @@ static HRESULT VBArrayConstr_value(script_ctx_t *ctx, vdisp_t *vthis, WORD flags if(argc<1 || !is_variant(argv[0]) || V_VT(get_variant(argv[0])) != (VT_ARRAY|VT_VARIANT)) return JS_E_VBARRAY_EXPECTED;
- return jsval_copy(argv[0], r); + return r ? jsval_copy(argv[0], r) : S_OK;
case DISPATCH_CONSTRUCT: if(argc<1 || !is_variant(argv[0]) || V_VT(get_variant(argv[0])) != (VT_ARRAY|VT_VARIANT)) return JS_E_VBARRAY_EXPECTED; + if(!r) + return S_OK;
hres = alloc_vbarray(ctx, NULL, &vbarray); if(FAILED(hres))
-
Alexandre Julliard