From 37cde16ba2939cbc0d4624dcdf01099ae682743a Mon Sep 17 00:00:00 2001
From: Fabrice Bellard <fabrice@bellard.org>
Date: Mon, 21 Apr 2025 14:13:49 +0200
Subject: [PATCH] fixed build_arg_list()

---
 quickjs.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/quickjs.c b/quickjs.c
index 250a218..ac00898 100644
--- a/quickjs.c
+++ b/quickjs.c
@@ -38498,6 +38498,7 @@ static JSValue *build_arg_list(JSContext *ctx, uint32_t *plen,
                                JSValueConst array_arg)
 {
     uint32_t len, i;
+    int64_t len64;
     JSValue *tab, ret;
     JSObject *p;
 
@@ -38505,14 +38506,15 @@ static JSValue *build_arg_list(JSContext *ctx, uint32_t *plen,
         JS_ThrowTypeError(ctx, "not a object");
         return NULL;
     }
-    if (js_get_length32(ctx, &len, array_arg))
+    if (js_get_length64(ctx, &len64, array_arg))
         return NULL;
-    if (len > JS_MAX_LOCAL_VARS) {
+    if (len64 > JS_MAX_LOCAL_VARS) {
         // XXX: check for stack overflow?
         JS_ThrowRangeError(ctx, "too many arguments in function call (only %d allowed)",
                            JS_MAX_LOCAL_VARS);
         return NULL;
     }
+    len = len64;
     /* avoid allocating 0 bytes */
     tab = js_mallocz(ctx, sizeof(tab[0]) * max_uint32(1, len));
     if (!tab)