[PATCH 1/2] jscript: Fix some memory problems in disp_call_value
Puetz Kevin A
PuetzKevinA at JohnDeere.com
Wed Jul 22 23:58:37 CDT 2020
- account for the argc+1 (to store DISPID_THIS) when allocating rgvarg
- only assign rgvarg[0]=jsthis if when space was reserved for DISPID_THIS
- actually free args with VariantClear
(revert debugging hack that slipped into 274503c839de2a30aef22eab4b9dc879d254a813)
Signed-off-by: Kevin Puetz <PuetzKevinA at JohnDeere.com>
Index: wine/dlls/jscript/dispex.c
===================================================================
--- wine.orig/dlls/jscript/dispex.c
+++ wine/dlls/jscript/dispex.c
@@ -2095,12 +2095,14 @@ HRESULT disp_call_value(script_ctx_t *ct
dp.rgdispidNamedArgs = NULL;
}
- if(argc > ARRAY_SIZE(buf) && !(args = heap_alloc(argc * sizeof(VARIANT))))
+ if(dp.cArgs > ARRAY_SIZE(buf) && !(args = heap_alloc(dp.cArgs * sizeof(VARIANT))))
return E_OUTOFMEMORY;
dp.rgvarg = args;
- V_VT(dp.rgvarg) = VT_DISPATCH;
- V_DISPATCH(dp.rgvarg) = jsthis;
+ if(jsthis) {
+ V_VT(dp.rgvarg) = VT_DISPATCH;
+ V_DISPATCH(dp.rgvarg) = jsthis;
+ }
for(i=0; SUCCEEDED(hres) && i < argc; i++)
hres = jsval_to_variant(argv[i], dp.rgvarg+dp.cArgs-i-1);
@@ -2110,7 +2112,7 @@ HRESULT disp_call_value(script_ctx_t *ct
hres = disp_invoke(ctx, disp, DISPID_VALUE, flags, &dp, r ? &retv : NULL);
}
- for(i = 0; i < argc&&0; i++)
+ for(i = 0; i < argc; i++)
VariantClear(dp.rgvarg + dp.cArgs - i - 1);
if(args != buf)
heap_free(args);
More information about the wine-devel
mailing list