Commit 8f82586f authored by Gabriel Ivăncescu's avatar Gabriel Ivăncescu Committed by Alexandre Julliard

jscript: Fix value arg leak in transform_json_object.

parent aa18bbed
...@@ -295,7 +295,7 @@ static jsval_t transform_json_object(struct transform_json_object_ctx *proc_ctx, ...@@ -295,7 +295,7 @@ static jsval_t transform_json_object(struct transform_json_object_ctx *proc_ctx,
if(!obj) { if(!obj) {
FIXME("non-JS obj in JSON object: %p\n", get_object(args[1])); FIXME("non-JS obj in JSON object: %p\n", get_object(args[1]));
proc_ctx->hres = E_NOTIMPL; proc_ctx->hres = E_NOTIMPL;
return jsval_undefined(); goto ret;
}else if(is_class(obj, JSCLASS_ARRAY)) { }else if(is_class(obj, JSCLASS_ARRAY)) {
unsigned i, length = array_get_length(obj); unsigned i, length = array_get_length(obj);
WCHAR buf[14], *buf_end; WCHAR buf[14], *buf_end;
...@@ -306,13 +306,13 @@ static jsval_t transform_json_object(struct transform_json_object_ctx *proc_ctx, ...@@ -306,13 +306,13 @@ static jsval_t transform_json_object(struct transform_json_object_ctx *proc_ctx,
str = idx_to_str(i, buf_end); str = idx_to_str(i, buf_end);
if(!(jsstr = jsstr_alloc(str))) { if(!(jsstr = jsstr_alloc(str))) {
proc_ctx->hres = E_OUTOFMEMORY; proc_ctx->hres = E_OUTOFMEMORY;
return jsval_undefined(); goto ret;
} }
res = transform_json_object(proc_ctx, obj, jsstr); res = transform_json_object(proc_ctx, obj, jsstr);
jsstr_release(jsstr); jsstr_release(jsstr);
if(is_undefined(res)) { if(is_undefined(res)) {
if(FAILED(proc_ctx->hres)) if(FAILED(proc_ctx->hres))
return jsval_undefined(); goto ret;
if(FAILED(jsdisp_get_id(obj, str, 0, &id))) if(FAILED(jsdisp_get_id(obj, str, 0, &id)))
continue; continue;
proc_ctx->hres = disp_delete((IDispatch*)&obj->IDispatchEx_iface, id, &b); proc_ctx->hres = disp_delete((IDispatch*)&obj->IDispatchEx_iface, id, &b);
...@@ -321,7 +321,7 @@ static jsval_t transform_json_object(struct transform_json_object_ctx *proc_ctx, ...@@ -321,7 +321,7 @@ static jsval_t transform_json_object(struct transform_json_object_ctx *proc_ctx,
jsval_release(res); jsval_release(res);
} }
if(FAILED(proc_ctx->hres)) if(FAILED(proc_ctx->hres))
return jsval_undefined(); goto ret;
} }
}else { }else {
id = DISPID_STARTENUM; id = DISPID_STARTENUM;
...@@ -330,7 +330,7 @@ static jsval_t transform_json_object(struct transform_json_object_ctx *proc_ctx, ...@@ -330,7 +330,7 @@ static jsval_t transform_json_object(struct transform_json_object_ctx *proc_ctx,
if(proc_ctx->hres == S_FALSE) if(proc_ctx->hres == S_FALSE)
break; break;
if(FAILED(proc_ctx->hres) || FAILED(proc_ctx->hres = jsdisp_get_prop_name(obj, id, &jsstr))) if(FAILED(proc_ctx->hres) || FAILED(proc_ctx->hres = jsdisp_get_prop_name(obj, id, &jsstr)))
return jsval_undefined(); goto ret;
res = transform_json_object(proc_ctx, obj, jsstr); res = transform_json_object(proc_ctx, obj, jsstr);
if(is_undefined(res)) { if(is_undefined(res)) {
if(SUCCEEDED(proc_ctx->hres)) if(SUCCEEDED(proc_ctx->hres))
...@@ -344,7 +344,7 @@ static jsval_t transform_json_object(struct transform_json_object_ctx *proc_ctx, ...@@ -344,7 +344,7 @@ static jsval_t transform_json_object(struct transform_json_object_ctx *proc_ctx,
} }
jsstr_release(jsstr); jsstr_release(jsstr);
if(FAILED(proc_ctx->hres)) if(FAILED(proc_ctx->hres))
return jsval_undefined(); goto ret;
} }
} }
} }
...@@ -352,6 +352,8 @@ static jsval_t transform_json_object(struct transform_json_object_ctx *proc_ctx, ...@@ -352,6 +352,8 @@ static jsval_t transform_json_object(struct transform_json_object_ctx *proc_ctx,
args[0] = jsval_string(name); args[0] = jsval_string(name);
proc_ctx->hres = disp_call_value(proc_ctx->ctx, proc_ctx->reviver, jsval_obj(holder), proc_ctx->hres = disp_call_value(proc_ctx->ctx, proc_ctx->reviver, jsval_obj(holder),
DISPATCH_METHOD, ARRAY_SIZE(args), args, &res); DISPATCH_METHOD, ARRAY_SIZE(args), args, &res);
ret:
jsval_release(args[1]);
return FAILED(proc_ctx->hres) ? jsval_undefined() : res; return FAILED(proc_ctx->hres) ? jsval_undefined() : res;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment