From 1df5568eee4df82bfed46ce96b77b4ff1a6524d6 Mon Sep 17 00:00:00 2001
From: rswindell <>
Date: Fri, 1 Dec 2017 04:52:08 +0000
Subject: [PATCH] Fix likely cause of crash in MsgBase.get_msg_header(String
 id): incrementing the argv index in a call to JSSTRING_TO_MSTRING causes the
 index to be incremented twice!

---
 src/sbbs3/js_msgbase.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/sbbs3/js_msgbase.c b/src/sbbs3/js_msgbase.c
index 9ba2c3b047..0da6b95981 100644
--- a/src/sbbs3/js_msgbase.c
+++ b/src/sbbs3/js_msgbase.c
@@ -1496,7 +1496,8 @@ js_get_msg_header(JSContext *cx, uintN argc, jsval *arglist)
 		smb_unlockmsghdr(&(p->p->smb),&(p->msg)); 
 		JS_RESUMEREQUEST(cx, rc);
 	} else if(JSVAL_IS_STRING(argv[n]))	{		/* Get by ID */
-		JSSTRING_TO_MSTRING(cx, JSVAL_TO_STRING(argv[n++]), cstr, NULL);
+		JSSTRING_TO_MSTRING(cx, JSVAL_TO_STRING(argv[n]), cstr, NULL);
+		n++;
 		HANDLE_PENDING(cx);
 		rc=JS_SUSPENDREQUEST(cx);
 		if((p->p->status=smb_getmsghdr_by_msgid(&(p->p->smb),&(p->msg)
-- 
GitLab