[PATCH] jscript: Fix use after free in Object_defineProperty().
Paul Gofman
pgofman at codeweavers.com
Wed Aug 4 17:28:49 CDT 2021
Signed-off-by: Paul Gofman <pgofman at codeweavers.com>
---
dlls/jscript/object.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/dlls/jscript/object.c b/dlls/jscript/object.c
index c8c0572c839..169b47caea4 100644
--- a/dlls/jscript/object.c
+++ b/dlls/jscript/object.c
@@ -470,11 +470,15 @@ static HRESULT Object_defineProperty(script_ctx_t *ctx, vdisp_t *jsthis, WORD fl
}else {
hres = JS_E_OBJECT_EXPECTED;
}
- jsstr_release(name_str);
+
if(FAILED(hres))
+ {
+ jsstr_release(name_str);
return hres;
+ }
hres = jsdisp_define_property(obj, name, &prop_desc);
+ jsstr_release(name_str);
release_property_descriptor(&prop_desc);
if(SUCCEEDED(hres) && r)
*r = jsval_obj(jsdisp_addref(obj));
--
2.31.1
More information about the wine-devel
mailing list