Fix NULL-ptr dereferences when subscan is NULL

src/sbbs3/js_msg_area.c

@@ -287,16 +287,16 @@ static JSBool js_sub_get(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
 				*vp = JSVAL_FALSE;
 			break;
 		case SUB_PROP_SCAN_PTR:
-			*vp=UINT_TO_JSVAL(scan->ptr);
+			if(scan != NULL) *vp=UINT_TO_JSVAL(scan->ptr);
 			break;
 		case SUB_PROP_SCAN_CFG:
-			*vp=UINT_TO_JSVAL(scan->cfg);
+			if(scan != NULL) *vp=UINT_TO_JSVAL(scan->cfg);
 			break;
 		case SUB_PROP_LAST_READ:
-			*vp=UINT_TO_JSVAL(scan->last);
+			if(scan != NULL) *vp=UINT_TO_JSVAL(scan->last);
 			break;
 		case SUB_PROP_POSTS:
-			*vp=UINT_TO_JSVAL(getposts(p->cfg, p->subnum));
+			if(scan != NULL) *vp=UINT_TO_JSVAL(getposts(p->cfg, p->subnum));
 			break;
 	}
 
@@ -543,6 +543,7 @@ JSBool DLLCALL js_msg_area_resolve(JSContext* cx, JSObject* areaobj, jsid id)
 				if(np == NULL)
 					continue;
 				*np = *p;
+				if(p->subscan != NULL)
 					np->subscan = &p->subscan[d];
 				np->subnum = d;
 				JS_SetPrivate(cx, subobj, np);