From 1dafd6b04fe37492996b20c590c986eadf2ebdcd Mon Sep 17 00:00:00 2001 From: Penner Date: Mon, 25 Nov 2024 17:20:00 +0800 Subject: [PATCH] fix crash when add property maybe failed on build arguments --- quickjs.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/quickjs.c b/quickjs.c index 642ae34..80d10d4 100644 --- a/quickjs.c +++ b/quickjs.c @@ -14855,6 +14855,10 @@ static JSValue js_build_arguments(JSContext *ctx, int argc, JSValueConst *argv) /* add the length field (cannot fail) */ pr = add_property(ctx, p, JS_ATOM_length, JS_PROP_WRITABLE | JS_PROP_CONFIGURABLE); + if (!pr) { + JS_FreeValue(ctx, val); + return JS_EXCEPTION; + } pr->u.value = JS_NewInt32(ctx, argc); /* initialize the fast array part */ @@ -14904,6 +14908,8 @@ static JSValue js_build_mapped_arguments(JSContext *ctx, int argc, /* add the length field (cannot fail) */ pr = add_property(ctx, p, JS_ATOM_length, JS_PROP_WRITABLE | JS_PROP_CONFIGURABLE); + if (!pr) + goto fail; pr->u.value = JS_NewInt32(ctx, argc); for(i = 0; i < arg_count; i++) {