mirror of
https://github.com/rkd77/elinks.git
synced 2025-01-03 14:57:44 -05:00
Debian bug 534835: Check *_get_interpreter return values
This should fix a crash in: at /home/Kalle/src/elinks-0.12/src/ecmascript/spidermonkey.c:251 at /home/Kalle/src/elinks-0.12/src/ecmascript/ecmascript.c:104 at /home/Kalle/src/elinks-0.12/src/viewer/text/vs.c:64 It seems that spidermonkey_get_interpreter failed and returned NULL to ecmascript_get_interpreter, which did not check the return value and behaved as if the ECMAScript interpreter had been properly initialized. This caused destroy_vs to call ecmascript_put_interpreter, but backend_data which should have been a JSContext * was NULL, causing a crash in SpiderMonkey. An alternative fix might be to make spidermonkey_put_interpreter skip the JS_DestroyContext call if ctx is NULL. However, I think it is better to make sure ecmascript_get_interpreter returns NULL if spidermonkey_get_interpreter fails, so that vs->ecmascript is left NULL and there's no chance that some other code might try to dereference the (JSContext *) NULL.
This commit is contained in:
parent
10c07f9933
commit
11c0cb859b
@ -80,11 +80,20 @@ ecmascript_get_interpreter(struct view_state *vs)
|
||||
interpreter->vs = vs;
|
||||
interpreter->vs->ecmascript_fragile = 0;
|
||||
init_list(interpreter->onload_snippets);
|
||||
/* The following backend call reads interpreter->vs. */
|
||||
if (
|
||||
#ifdef CONFIG_ECMASCRIPT_SEE
|
||||
see_get_interpreter(interpreter);
|
||||
!see_get_interpreter(interpreter)
|
||||
#else
|
||||
spidermonkey_get_interpreter(interpreter);
|
||||
!spidermonkey_get_interpreter(interpreter)
|
||||
#endif
|
||||
) {
|
||||
/* Undo what was done above. */
|
||||
interpreter->vs->ecmascript_fragile = 1;
|
||||
mem_free(interpreter);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
init_string(&interpreter->code);
|
||||
return interpreter;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user