Signed-off-by: Paul Gofman pgofman@codeweavers.com --- new_statement_list() uses parser_alloc_tmp() and the memory for statement list may get freed in script_parse() thus making compile_function() use the freed memory.
dlls/jscript/parser.y | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-)
diff --git a/dlls/jscript/parser.y b/dlls/jscript/parser.y index 9fc7ea61dc3..4bad7e326db 100644 --- a/dlls/jscript/parser.y +++ b/dlls/jscript/parser.y @@ -249,7 +249,17 @@ static expression_t *new_prop_and_value_expression(parser_ctx_t*,property_list_t
/* ECMA-262 10th Edition 15.1 */ Script - : ScriptBody HtmlComment { ctx->source = $1; } + : ScriptBody HtmlComment { + if ($1) + { + ctx->source = parser_alloc(ctx, sizeof(*ctx->source)); + *ctx->source = *$1; + } + else + { + ctx->source = NULL; + } + }
/* ECMA-262 10th Edition 15.1 */ ScriptBody @@ -1440,7 +1450,15 @@ static expression_t *new_function_expression(parser_ctx_t *ctx, const WCHAR *ide
ret->identifier = identifier; ret->parameter_list = parameter_list ? parameter_list->head : NULL; - ret->statement_list = statement_list; + if (statement_list) + { + ret->statement_list = parser_alloc(ctx, sizeof(*ret->statement_list)); + *ret->statement_list = *statement_list; + } + else + { + ret->statement_list = NULL; + } ret->event_target = event_target; ret->src_str = src_str; ret->src_len = src_len; @@ -1657,7 +1675,6 @@ HRESULT script_parse(script_ctx_t *ctx, struct _compiler_ctx_t *compiler, byteco jsstr_release(line_str); return DISP_E_EXCEPTION; } - *ret = parser_ctx; return S_OK; }
Or maybe we should better change the structures and return the statement chain itself instead of list structure?
On 7/30/21 02:36, Paul Gofman wrote:
Signed-off-by: Paul Gofman pgofman@codeweavers.com
new_statement_list() uses parser_alloc_tmp() and the memory for statement list may get freed in script_parse() thus making compile_function() use the freed memory.
dlls/jscript/parser.y | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-)
diff --git a/dlls/jscript/parser.y b/dlls/jscript/parser.y index 9fc7ea61dc3..4bad7e326db 100644 --- a/dlls/jscript/parser.y +++ b/dlls/jscript/parser.y @@ -249,7 +249,17 @@ static expression_t *new_prop_and_value_expression(parser_ctx_t*,property_list_t
/* ECMA-262 10th Edition 15.1 */ Script
: ScriptBody HtmlComment { ctx->source = $1; }
: ScriptBody HtmlComment {
if ($1)
{
ctx->source = parser_alloc(ctx, sizeof(*ctx->source));
*ctx->source = *$1;
}
else
{
ctx->source = NULL;
}
}
On 7/30/21 1:23 PM, Paul Gofman wrote:
Or maybe we should better change the structures and return the statement chain itself instead of list structure?
It seems to me that we could store just the head of the list in both parset_ctx_t and function_expression_t.
Thanks,
Jacek