From c464c1bd4781ca650a5397ff6a2cfd574c1877f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gabriel=20Iv=C4=83ncescu?= Date: Thu, 14 Apr 2022 19:24:38 +0300 Subject: [PATCH] jscript: Handle NULL return pointers in all constructors. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Instead of crashing. Signed-off-by: Gabriel Ivăncescu Signed-off-by: Jacek Caban Signed-off-by: Alexandre Julliard --- dlls/jscript/activex.c | 3 ++- dlls/jscript/array.c | 4 ++++ dlls/jscript/bool.c | 3 +++ dlls/jscript/date.c | 6 ++++-- dlls/jscript/enumerator.c | 3 ++- dlls/jscript/function.c | 3 ++- dlls/jscript/number.c | 11 ++++++----- dlls/jscript/set.c | 4 ++++ dlls/jscript/string.c | 9 ++++++--- dlls/jscript/tests/api.js | 15 +++++++++++++++ dlls/jscript/vbarray.c | 4 +++- 11 files changed, 51 insertions(+), 14 deletions(-) diff --git a/dlls/jscript/activex.c b/dlls/jscript/activex.c index 5d79d2b0b82..a74f6acb529 100644 --- a/dlls/jscript/activex.c +++ b/dlls/jscript/activex.c @@ -181,7 +181,8 @@ static HRESULT ActiveXObject_value(script_ctx_t *ctx, jsval_t vthis, WORD flags, return E_NOTIMPL; } - *r = jsval_disp(disp); + if(r) *r = jsval_disp(disp); + else IDispatch_Release(disp); return S_OK; } diff --git a/dlls/jscript/array.c b/dlls/jscript/array.c index dcabc0dfb71..ee725792830 100644 --- a/dlls/jscript/array.c +++ b/dlls/jscript/array.c @@ -1374,6 +1374,8 @@ static HRESULT ArrayConstr_value(script_ctx_t *ctx, jsval_t vthis, WORD flags, u if(n < 0 || !is_int32(n)) return JS_E_INVALID_LENGTH; + if(!r) + return S_OK; hres = create_array(ctx, n, &obj); if(FAILED(hres)) @@ -1383,6 +1385,8 @@ static HRESULT ArrayConstr_value(script_ctx_t *ctx, jsval_t vthis, WORD flags, u return S_OK; } + if(!r) + return S_OK; hres = create_array(ctx, argc, &obj); if(FAILED(hres)) return hres; diff --git a/dlls/jscript/bool.c b/dlls/jscript/bool.c index a230855d452..3a4aa9c9199 100644 --- a/dlls/jscript/bool.c +++ b/dlls/jscript/bool.c @@ -151,6 +151,9 @@ static HRESULT BoolConstr_value(script_ctx_t *ctx, jsval_t vthis, WORD flags, un case DISPATCH_CONSTRUCT: { jsdisp_t *bool; + if(!r) + return S_OK; + hres = create_bool(ctx, value, &bool); if(FAILED(hres)) return hres; diff --git a/dlls/jscript/date.c b/dlls/jscript/date.c index e482c4a4a02..bc09f05d4b9 100644 --- a/dlls/jscript/date.c +++ b/dlls/jscript/date.c @@ -2248,7 +2248,8 @@ static HRESULT DateConstr_parse(script_ctx_t *ctx, jsval_t vthis, WORD flags, un if(FAILED(hres)) return hres; - *r = jsval_number(n); + if(r) + *r = jsval_number(n); return S_OK; } @@ -2403,7 +2404,8 @@ static HRESULT DateConstr_value(script_ctx_t *ctx, jsval_t vthis, WORD flags, un } } - *r = jsval_obj(&date->dispex); + if(r) *r = jsval_obj(&date->dispex); + else jsdisp_release(&date->dispex); return S_OK; case INVOKE_FUNC: { diff --git a/dlls/jscript/enumerator.c b/dlls/jscript/enumerator.c index 94eb9f209bc..f82263eaf26 100644 --- a/dlls/jscript/enumerator.c +++ b/dlls/jscript/enumerator.c @@ -300,7 +300,8 @@ static HRESULT EnumeratorConstr_value(script_ctx_t *ctx, jsval_t vthis, WORD fla if(FAILED(hres)) return hres; - *r = jsval_obj(obj); + if(r) *r = jsval_obj(obj); + else jsdisp_release(obj); break; } default: diff --git a/dlls/jscript/function.c b/dlls/jscript/function.c index 03c541c5d2a..12511bbaaa6 100644 --- a/dlls/jscript/function.c +++ b/dlls/jscript/function.c @@ -1008,7 +1008,8 @@ static HRESULT FunctionConstr_value(script_ctx_t *ctx, jsval_t vthis, WORD flags if(FAILED(hres)) return hres; - *r = jsval_disp(ret); + if(r) *r = jsval_disp(ret); + else IDispatch_Release(ret); break; } default: diff --git a/dlls/jscript/number.c b/dlls/jscript/number.c index 472acd0d4b2..be733fb5af5 100644 --- a/dlls/jscript/number.c +++ b/dlls/jscript/number.c @@ -554,11 +554,12 @@ static HRESULT NumberConstr_value(script_ctx_t *ctx, jsval_t vthis, WORD flags, n = 0; } - hres = create_number(ctx, n, &obj); - if(FAILED(hres)) - return hres; - - *r = jsval_obj(obj); + if(r) { + hres = create_number(ctx, n, &obj); + if(FAILED(hres)) + return hres; + *r = jsval_obj(obj); + } break; } default: diff --git a/dlls/jscript/set.c b/dlls/jscript/set.c index 7973d4216df..8098d76cb2f 100644 --- a/dlls/jscript/set.c +++ b/dlls/jscript/set.c @@ -114,6 +114,8 @@ static HRESULT Set_constructor(script_ctx_t *ctx, jsval_t vthis, WORD flags, uns case DISPATCH_CONSTRUCT: TRACE("\n"); + if(!r) + return S_OK; if(!(set = heap_alloc_zero(sizeof(*set)))) return E_OUTOFMEMORY; @@ -461,6 +463,8 @@ static HRESULT Map_constructor(script_ctx_t *ctx, jsval_t vthis, WORD flags, uns case DISPATCH_CONSTRUCT: TRACE("\n"); + if(!r) + return S_OK; if(!(map = heap_alloc_zero(sizeof(*map)))) return E_OUTOFMEMORY; diff --git a/dlls/jscript/string.c b/dlls/jscript/string.c index 0b2e69538f0..e73b9e8b52f 100644 --- a/dlls/jscript/string.c +++ b/dlls/jscript/string.c @@ -1644,7 +1644,8 @@ static HRESULT StringConstr_value(script_ctx_t *ctx, jsval_t vthis, WORD flags, str = jsstr_empty(); } - *r = jsval_string(str); + if(r) *r = jsval_string(str); + else jsstr_release(str); break; } case DISPATCH_CONSTRUCT: { @@ -1659,8 +1660,10 @@ static HRESULT StringConstr_value(script_ctx_t *ctx, jsval_t vthis, WORD flags, str = jsstr_empty(); } - hres = create_string(ctx, str, &ret); - if (SUCCEEDED(hres)) *r = jsval_obj(ret); + if(r) { + hres = create_string(ctx, str, &ret); + if(SUCCEEDED(hres)) *r = jsval_obj(ret); + } jsstr_release(str); return hres; } diff --git a/dlls/jscript/tests/api.js b/dlls/jscript/tests/api.js index fe336d46ba9..1efc0239cc3 100644 --- a/dlls/jscript/tests/api.js +++ b/dlls/jscript/tests/api.js @@ -287,6 +287,8 @@ ok(Object.prototype.hasOwnProperty('toString'), "Object.prototype.hasOwnProperty ok(Object.prototype.hasOwnProperty('isPrototypeOf'), "Object.prototype.hasOwnProperty('isPrototypeOf') is false"); ok(Function.prototype.hasOwnProperty('call'), "Function.prototype.hasOwnProperty('call') is false"); +Object(); +new Object(); obj = new Object(); ok(!obj.hasOwnProperty('toString'), "obj.hasOwnProperty('toString') is true"); @@ -296,28 +298,37 @@ ok(!Object.hasOwnProperty('isPrototypeOf'), "Object.hasOwnProperty('isPrototypeO ok(!parseFloat.hasOwnProperty('call'), "parseFloat.hasOwnProperty('call') is true"); ok(!Function.hasOwnProperty('call'), "Function.hasOwnProperty('call') is true"); +Array(); +new Array(); obj = new Array(); ok(Array.prototype.hasOwnProperty('sort'), "Array.prototype.hasOwnProperty('sort') is false"); ok(Array.prototype.hasOwnProperty('length'), "Array.prototype.hasOwnProperty('length') is false"); ok(!obj.hasOwnProperty('sort'), "obj.hasOwnProperty('sort') is true"); ok(obj.hasOwnProperty('length'), "obj.hasOwnProperty('length') is true"); +Boolean(); +new Boolean(); obj = new Boolean(false); ok(!obj.hasOwnProperty('toString'), "obj.hasOwnProperty('toString') is true"); ok(!Boolean.hasOwnProperty('toString'), "Boolean.hasOwnProperty('toString') is true"); ok(Boolean.prototype.hasOwnProperty('toString'), "Boolean.prototype.hasOwnProperty('toString') is false"); +Date(); +new Date(); obj = new Date(); ok(!obj.hasOwnProperty('getTime'), "obj.hasOwnProperty('getTime') is true"); ok(!Date.hasOwnProperty('getTime'), "Date.hasOwnProperty('getTime') is true"); ok(Date.prototype.hasOwnProperty('getTime'), "Date.prototype.hasOwnProperty('getTime') is false"); ok(!("now" in Date), "now found in Date"); +Number(); +new Number(); obj = new Number(); ok(!obj.hasOwnProperty('toFixed'), "obj.hasOwnProperty('toFixed') is true"); ok(!Number.hasOwnProperty('toFixed'), "Number.hasOwnProperty('toFixed') is true"); ok(Number.prototype.hasOwnProperty('toFixed'), "Number.prototype.hasOwnProperty('toFixed') is false"); +/x/; obj = /x/; ok(!obj.hasOwnProperty('exec'), "obj.hasOwnProperty('exec') is true"); ok(obj.hasOwnProperty('source'), "obj.hasOwnProperty('source') is false"); @@ -325,6 +336,8 @@ ok(!RegExp.hasOwnProperty('exec'), "RegExp.hasOwnProperty('exec') is true"); ok(!RegExp.hasOwnProperty('source'), "RegExp.hasOwnProperty('source') is true"); ok(RegExp.prototype.hasOwnProperty('source'), "RegExp.prototype.hasOwnProperty('source') is false"); +String(); +new String(); obj = new String(); ok(!obj.hasOwnProperty('charAt'), "obj.hasOwnProperty('charAt') is true"); ok(obj.hasOwnProperty('length'), "obj.hasOwnProperty('length') is false"); @@ -3127,6 +3140,8 @@ ok(String.length == 1, "String.length = " + String.length); var tmp = createArray(); ok(getVT(tmp) == "VT_ARRAY|VT_VARIANT", "getVT(createArray()) = " + getVT(tmp)); ok(getVT(VBArray(tmp)) == "VT_ARRAY|VT_VARIANT", "getVT(VBArray(tmp)) = " + getVT(VBArray(tmp))); +VBArray(tmp); +new VBArray(tmp); tmp = new VBArray(tmp); tmp = new VBArray(VBArray(createArray())); ok(tmp.dimensions() == 2, "tmp.dimensions() = " + tmp.dimensions()); diff --git a/dlls/jscript/vbarray.c b/dlls/jscript/vbarray.c index 987d71444ee..d55e90d0bbf 100644 --- a/dlls/jscript/vbarray.c +++ b/dlls/jscript/vbarray.c @@ -291,11 +291,13 @@ static HRESULT VBArrayConstr_value(script_ctx_t *ctx, jsval_t vthis, WORD flags, if(argc<1 || !is_variant(argv[0]) || V_VT(get_variant(argv[0])) != (VT_ARRAY|VT_VARIANT)) return JS_E_VBARRAY_EXPECTED; - return jsval_copy(argv[0], r); + return r ? jsval_copy(argv[0], r) : S_OK; case DISPATCH_CONSTRUCT: if(argc<1 || !is_variant(argv[0]) || V_VT(get_variant(argv[0])) != (VT_ARRAY|VT_VARIANT)) return JS_E_VBARRAY_EXPECTED; + if(!r) + return S_OK; hres = alloc_vbarray(ctx, NULL, &vbarray); if(FAILED(hres))