[PATCH] jscript: Allocate non-temporary storage for statement lists which persist after parsing.
Paul Gofman
pgofman at codeweavers.com
Thu Jul 29 18:36:08 CDT 2021
Signed-off-by: Paul Gofman <pgofman at codeweavers.com>
---
new_statement_list() uses parser_alloc_tmp() and the memory for statement list may get freed
in script_parse() thus making compile_function() use the freed memory.
dlls/jscript/parser.y | 23 ++++++++++++++++++++---
1 file changed, 20 insertions(+), 3 deletions(-)
diff --git a/dlls/jscript/parser.y b/dlls/jscript/parser.y
index 9fc7ea61dc3..4bad7e326db 100644
--- a/dlls/jscript/parser.y
+++ b/dlls/jscript/parser.y
@@ -249,7 +249,17 @@ static expression_t *new_prop_and_value_expression(parser_ctx_t*,property_list_t
/* ECMA-262 10th Edition 15.1 */
Script
- : ScriptBody HtmlComment { ctx->source = $1; }
+ : ScriptBody HtmlComment {
+ if ($1)
+ {
+ ctx->source = parser_alloc(ctx, sizeof(*ctx->source));
+ *ctx->source = *$1;
+ }
+ else
+ {
+ ctx->source = NULL;
+ }
+ }
/* ECMA-262 10th Edition 15.1 */
ScriptBody
@@ -1440,7 +1450,15 @@ static expression_t *new_function_expression(parser_ctx_t *ctx, const WCHAR *ide
ret->identifier = identifier;
ret->parameter_list = parameter_list ? parameter_list->head : NULL;
- ret->statement_list = statement_list;
+ if (statement_list)
+ {
+ ret->statement_list = parser_alloc(ctx, sizeof(*ret->statement_list));
+ *ret->statement_list = *statement_list;
+ }
+ else
+ {
+ ret->statement_list = NULL;
+ }
ret->event_target = event_target;
ret->src_str = src_str;
ret->src_len = src_len;
@@ -1657,7 +1675,6 @@ HRESULT script_parse(script_ctx_t *ctx, struct _compiler_ctx_t *compiler, byteco
jsstr_release(line_str);
return DISP_E_EXCEPTION;
}
-
*ret = parser_ctx;
return S_OK;
}
--
2.31.1
More information about the wine-devel
mailing list