From 1a5333bcb322d289eb8d48ccdd5f4dd724bf5c5d Mon Sep 17 00:00:00 2001 From: Charlie Gordon Date: Sun, 3 Mar 2024 14:42:01 +0100 Subject: [PATCH] prevent 0 length allocation in `js_worker_postMessage` --- quickjs-libc.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/quickjs-libc.c b/quickjs-libc.c index 01c9db4..b00dc16 100644 --- a/quickjs-libc.c +++ b/quickjs-libc.c @@ -3527,10 +3527,12 @@ static JSValue js_worker_postMessage(JSContext *ctx, JSValueConst this_val, memcpy(msg->data, data, data_len); msg->data_len = data_len; - msg->sab_tab = malloc(sizeof(msg->sab_tab[0]) * sab_tab_len); - if (!msg->sab_tab) - goto fail; - memcpy(msg->sab_tab, sab_tab, sizeof(msg->sab_tab[0]) * sab_tab_len); + if (sab_tab_len > 0) { + msg->sab_tab = malloc(sizeof(msg->sab_tab[0]) * sab_tab_len); + if (!msg->sab_tab) + goto fail; + memcpy(msg->sab_tab, sab_tab, sizeof(msg->sab_tab[0]) * sab_tab_len); + } msg->sab_tab_len = sab_tab_len; js_free(ctx, data);