Fix potential null object pointer passed to JS_GetProperty in js_gotoxy()

I'm not sure under what script conditions this could happen, but apparently Nelgin was able to produce this null pointer deref (and segfault) using DDMsgReader. This should fix issue #769

Fix potential null object pointer passed to JS_GetProperty in js_gotoxy()
049c18c4 · Rob Swindell · 60e75edb · 049c18c4
Commit 049c18c4 authored 9 months ago by Rob Swindell
--- a/src/sbbs3/js_console.cpp
+++ b/src/sbbs3/js_console.cpp
@@ -1930,10 +1930,13 @@ js_gotoxy(JSContext *cx, uintN argc, jsval *arglist)
 	JS_SET_RVAL(cx, arglist, JSVAL_VOID);
 	if(JSVAL_IS_OBJECT(argv[0])) {
-		if(!JS_GetProperty(cx, JSVAL_TO_OBJECT(argv[0]),"x", &val)
+		JSObject* obj = JSVAL_TO_OBJECT(argv[0]);
+		if(obj == nullptr)
+			return JS_FALSE;
+		if(!JS_GetProperty(cx, obj, "x", &val)
 			|| !JS_ValueToInt32(cx,val,&x))
 			return JS_FALSE;
-		if(!JS_GetProperty(cx, JSVAL_TO_OBJECT(argv[0]),"y", &val)
+		if(!JS_GetProperty(cx, obj, "y", &val)
 			|| !JS_ValueToInt32(cx,val,&y))
 			return JS_FALSE;
 	} else {