From 6b22f2bd6003ccc1849900dad0c356cb295d3469 Mon Sep 17 00:00:00 2001
From: Paul Gofman <pgofman@codeweavers.com>
Date: Fri, 6 Aug 2021 16:56:49 +0200
Subject: [PATCH] jscript: Avoid use after free in JSON_parse().

Signed-off-by: Paul Gofman <pgofman@codeweavers.com>
Signed-off-by: Jacek Caban <jacek@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
---
 dlls/jscript/json.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/dlls/jscript/json.c b/dlls/jscript/json.c
index a8014f95b4f..f2fbb80dc09 100644
--- a/dlls/jscript/json.c
+++ b/dlls/jscript/json.c
@@ -291,16 +291,14 @@ static HRESULT JSON_parse(script_ctx_t *ctx, vdisp_t *jsthis, WORD flags, unsign
     parse_ctx.end = buf + jsstr_length(str);
     parse_ctx.ctx = ctx;
     hres = parse_json_value(&parse_ctx, &ret);
+    if(SUCCEEDED(hres) && skip_spaces(&parse_ctx)) {
+        FIXME("syntax error\n");
+        hres = E_FAIL;
+    }
     jsstr_release(str);
     if(FAILED(hres))
         return hres;
 
-    if(skip_spaces(&parse_ctx)) {
-        FIXME("syntax error\n");
-        jsval_release(ret);
-        return E_FAIL;
-    }
-
     if(r)
         *r = ret;
     else