DoneJS/quickjs-done-nextgen
1
0
Fork 0
mirror of https://github.com/DoneJS-Runtime/quickjs-done-nextgen.git synced 2025-01-09 17:43:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix NULL deref in JS_NewRuntime2

Browse source 
The API allows for the malloc_usable_size callback to be NULL, so it
must not be dereferenced before the NULL check.
This commit is contained in:
bptato 2024-11-15 14:40:04 +01:00 committed by Saúl Ibarra Corretgé
parent 284510f781
commit 42f0945114
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
quickjs.c
View file

@ -1795,14 +1795,14 @@ JSRuntime *JS_NewRuntime2(const JSMallocFunctions *mf, void *opaque)
rt = mf->js_calloc(opaque, 1, sizeof(JSRuntime)); rt = mf->js_calloc(opaque, 1, sizeof(JSRuntime));
if (!rt) if (!rt)
return NULL; return NULL;
/* Inline what js_malloc_rt does since we cannot use it here. */
ms.malloc_count++;
ms.malloc_size += mf->js_malloc_usable_size(rt) + MALLOC_OVERHEAD;
rt->mf = *mf; rt->mf = *mf;
if (!rt->mf.js_malloc_usable_size) { if (!rt->mf.js_malloc_usable_size) {
/* use dummy function if none provided */ /* use dummy function if none provided */
rt->mf.js_malloc_usable_size = js_malloc_usable_size_unknown; rt->mf.js_malloc_usable_size = js_malloc_usable_size_unknown;
} }
/* Inline what js_malloc_rt does since we cannot use it here. */
ms.malloc_count++;
ms.malloc_size += rt->mf.js_malloc_usable_size(rt) + MALLOC_OVERHEAD;
rt->malloc_state = ms; rt->malloc_state = ms;
rt->malloc_gc_threshold = 256 * 1024; rt->malloc_gc_threshold = 256 * 1024;