From 42f094511409ef2732f19e3fcb265629ebb11358 Mon Sep 17 00:00:00 2001 From: bptato Date: Fri, 15 Nov 2024 14:40:04 +0100 Subject: [PATCH] Fix NULL deref in JS_NewRuntime2 The API allows for the malloc_usable_size callback to be NULL, so it must not be dereferenced before the NULL check. --- quickjs.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/quickjs.c b/quickjs.c index 119e810..19fcf1b 100644 --- a/quickjs.c +++ b/quickjs.c @@ -1795,14 +1795,14 @@ JSRuntime *JS_NewRuntime2(const JSMallocFunctions *mf, void *opaque) rt = mf->js_calloc(opaque, 1, sizeof(JSRuntime)); if (!rt) return NULL; - /* Inline what js_malloc_rt does since we cannot use it here. */ - ms.malloc_count++; - ms.malloc_size += mf->js_malloc_usable_size(rt) + MALLOC_OVERHEAD; rt->mf = *mf; if (!rt->mf.js_malloc_usable_size) { /* use dummy function if none provided */ rt->mf.js_malloc_usable_size = js_malloc_usable_size_unknown; } + /* Inline what js_malloc_rt does since we cannot use it here. */ + ms.malloc_count++; + ms.malloc_size += rt->mf.js_malloc_usable_size(rt) + MALLOC_OVERHEAD; rt->malloc_state = ms; rt->malloc_gc_threshold = 256 * 1024;