Skip to content
Snippets Groups Projects
Commit 8fc08f0d authored by Rob Swindell's avatar Rob Swindell :speech_balloon:
Browse files

Fix CID 508260: Null pointer dereference 

And really, more importantly, the msg header field_list array length would
always be interpretted as 0-length!

... introduced in commit 54523145
parent c8a83171
Branches
Tags
1 merge request!455Update branch with changes from master
Pipeline #6537 passed
Stage: build
Stage: test
Stage: cleanup
Hide whitespace changes
Inline Side-by-side
Showing
with 1 addition and 1 deletion
src/sbbs3/js_msgbase.c
+ 1
1
View file @ 8fc08f0d
......@@ -947,7 +947,7 @@ static bool parse_header_object(JSContext* cx, private_t* p, JSObject* hdr, smbm
if(JS_GetProperty(cx, hdr, "field_list", &val) && JSVAL_IS_OBJECT(val)) {
array=JSVAL_TO_OBJECT(val);
len=0;
if(array == NULL && !JS_GetArrayLength(cx, array, &len)) {
if(array == NULL || !JS_GetArrayLength(cx, array, &len)) {
JS_ReportError(cx, "Invalid \"field_list\" array in header object");
goto err;
}
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment