Skip to content
Snippets Groups Projects
Commit be3b484a authored by rswindell's avatar rswindell
Browse files

Fix bugs in js_internal_charfunc when extra_bytes was non-zero.

parent b0809707
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 5 additions and 6 deletions
src/sbbs3/js_global.c
+ 5
6
View file @ be3b484a
......@@ -2469,16 +2469,15 @@ js_internal_charfunc(JSContext *cx, uintN argc, jsval *arglist, char *(*func)(ch
return(JS_TRUE);
if(extra_bytes) {
rastr=realloc(str, strlen+extra_bytes+1 /* for terminator */);
if(rastr==NULL)
if(rastr==NULL) {
free(str);
return JS_TRUE;
}
str=rastr;
}
js_str = JS_NewStringCopyZ(cx, func(str));
free(str); /* MSVC detected heap corruption here (again):
sbbs.dll!free(void * pUserData=0x08cdc6b0) Line 49 + 0xb bytes C++
> sbbs.dll!js_internal_charfunc(JSContext * cx=0x0a594488, unsigned int argc=1, unsigned __int64 * arglist=0x0c3a0150, char * (char *)* func=0x10153fb0, unsigned int extra_bytes=1) Line 2477 + 0x9 bytes C
sbbs.dll!js_backslash(JSContext * cx=0x0a594488, unsigned int argc=1, unsigned __int64 * arglist=0x0c3a0150) Line 2506 + 0x18 bytes C
*/
free(str);
if(js_str==NULL)
return(JS_FALSE);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment