jscript: Handle NULL return pointers in all constructors.

Instead of crashing. Signed-off-by: Gabriel Ivăncescu <gabrielopcode@gmail.com> Signed-off-by: Jacek Caban <jacek@codeweavers.com> Signed-off-by: Alexandre Julliard <julliard@winehq.org>

jscript: Handle NULL return pointers in all constructors.
c464c1bd · Gabriel Ivăncescu · Alexandre Julliard · dca8e256 · c464c1bd · c464c1bd
Commit c464c1bd authored Apr 14, 2022 by Gabriel Ivăncescu Committed by Alexandre Julliard Apr 14, 2022
11 changed files
--- a/dlls/jscript/activex.c
+++ b/dlls/jscript/activex.c
@@ -181,7 +181,8 @@ static HRESULT ActiveXObject_value(script_ctx_t *ctx, jsval_t vthis, WORD flags,
        return E_NOTIMPL;
    }
-    *r = jsval_disp(disp);
+    if(r) *r = jsval_disp(disp);
+    else  IDispatch_Release(disp);
    return S_OK;
 }

--- a/dlls/jscript/array.c
+++ b/dlls/jscript/array.c
@@ -1374,6 +1374,8 @@ static HRESULT ArrayConstr_value(script_ctx_t *ctx, jsval_t vthis, WORD flags, u
            if(n < 0 || !is_int32(n))
                return JS_E_INVALID_LENGTH;
+            if(!r)
+                return S_OK;
            hres = create_array(ctx, n, &obj);
            if(FAILED(hres))
@@ -1383,6 +1385,8 @@ static HRESULT ArrayConstr_value(script_ctx_t *ctx, jsval_t vthis, WORD flags, u
            return S_OK;
        }
+        if(!r)
+            return S_OK;
        hres = create_array(ctx, argc, &obj);
        if(FAILED(hres))
            return hres;

--- a/dlls/jscript/bool.c
+++ b/dlls/jscript/bool.c
@@ -151,6 +151,9 @@ static HRESULT BoolConstr_value(script_ctx_t *ctx, jsval_t vthis, WORD flags, un
    case DISPATCH_CONSTRUCT: {
        jsdisp_t *bool;
+        if(!r)
+            return S_OK;
        hres = create_bool(ctx, value, &bool);
        if(FAILED(hres))
            return hres;

--- a/dlls/jscript/date.c
+++ b/dlls/jscript/date.c
@@ -2248,7 +2248,8 @@ static HRESULT DateConstr_parse(script_ctx_t *ctx, jsval_t vthis, WORD flags, un
    if(FAILED(hres))
        return hres;
-    *r = jsval_number(n);
+    if(r)
+        *r = jsval_number(n);
    return S_OK;
 }
@@ -2403,7 +2404,8 @@ static HRESULT DateConstr_value(script_ctx_t *ctx, jsval_t vthis, WORD flags, un
        }
        }
-        *r = jsval_obj(&date->dispex);
+        if(r) *r = jsval_obj(&date->dispex);
+        else  jsdisp_release(&date->dispex);
        return S_OK;
    case INVOKE_FUNC: {

--- a/dlls/jscript/enumerator.c
+++ b/dlls/jscript/enumerator.c
@@ -300,7 +300,8 @@ static HRESULT EnumeratorConstr_value(script_ctx_t *ctx, jsval_t vthis, WORD fla
        if(FAILED(hres))
            return hres;
-        *r = jsval_obj(obj);
+        if(r) *r = jsval_obj(obj);
+        else  jsdisp_release(obj);
        break;
    }
    default:

--- a/dlls/jscript/function.c
+++ b/dlls/jscript/function.c
@@ -1008,7 +1008,8 @@ static HRESULT FunctionConstr_value(script_ctx_t *ctx, jsval_t vthis, WORD flags
        if(FAILED(hres))
            return hres;
-        *r = jsval_disp(ret);
+        if(r) *r = jsval_disp(ret);
+        else  IDispatch_Release(ret);
        break;
    }
    default:

--- a/dlls/jscript/number.c
+++ b/dlls/jscript/number.c
@@ -554,11 +554,12 @@ static HRESULT NumberConstr_value(script_ctx_t *ctx, jsval_t vthis, WORD flags, 
            n = 0;
        }
-        hres = create_number(ctx, n, &obj);
+        if(r) {
-        if(FAILED(hres))
+            hres = create_number(ctx, n, &obj);
-            return hres;
+            if(FAILED(hres))
+                return hres;
-        *r = jsval_obj(obj);
+            *r = jsval_obj(obj);
+        }
        break;
    }
    default:

--- a/dlls/jscript/set.c
+++ b/dlls/jscript/set.c
@@ -114,6 +114,8 @@ static HRESULT Set_constructor(script_ctx_t *ctx, jsval_t vthis, WORD flags, uns
    case DISPATCH_CONSTRUCT:
        TRACE("\n");
+        if(!r)
+            return S_OK;
        if(!(set = heap_alloc_zero(sizeof(*set))))
            return E_OUTOFMEMORY;
@@ -461,6 +463,8 @@ static HRESULT Map_constructor(script_ctx_t *ctx, jsval_t vthis, WORD flags, uns
    case DISPATCH_CONSTRUCT:
        TRACE("\n");
+        if(!r)
+            return S_OK;
        if(!(map = heap_alloc_zero(sizeof(*map))))
            return E_OUTOFMEMORY;

--- a/dlls/jscript/string.c
+++ b/dlls/jscript/string.c
@@ -1644,7 +1644,8 @@ static HRESULT StringConstr_value(script_ctx_t *ctx, jsval_t vthis, WORD flags, 
            str = jsstr_empty();
        }
-        *r = jsval_string(str);
+        if(r) *r = jsval_string(str);
+        else  jsstr_release(str);
        break;
    }
    case DISPATCH_CONSTRUCT: {
@@ -1659,8 +1660,10 @@ static HRESULT StringConstr_value(script_ctx_t *ctx, jsval_t vthis, WORD flags, 
            str = jsstr_empty();
        }
-        hres = create_string(ctx, str, &ret);
+        if(r) {
-        if (SUCCEEDED(hres)) *r = jsval_obj(ret);
+            hres = create_string(ctx, str, &ret);
+            if(SUCCEEDED(hres)) *r = jsval_obj(ret);
+        }
        jsstr_release(str);
        return hres;
    }

--- a/dlls/jscript/tests/api.js
+++ b/dlls/jscript/tests/api.js
@@ -287,6 +287,8 @@ ok(Object.prototype.hasOwnProperty('toString'), "Object.prototype.hasOwnProperty
 ok(Object.prototype.hasOwnProperty('isPrototypeOf'), "Object.prototype.hasOwnProperty('isPrototypeOf') is false");
 ok(Function.prototype.hasOwnProperty('call'), "Function.prototype.hasOwnProperty('call') is false");
+Object();
+new Object();
 obj = new Object();
 ok(!obj.hasOwnProperty('toString'), "obj.hasOwnProperty('toString') is true");
@@ -296,28 +298,37 @@ ok(!Object.hasOwnProperty('isPrototypeOf'), "Object.hasOwnProperty('isPrototypeO
 ok(!parseFloat.hasOwnProperty('call'), "parseFloat.hasOwnProperty('call') is true");
 ok(!Function.hasOwnProperty('call'), "Function.hasOwnProperty('call') is true");
+Array();
+new Array();
 obj = new Array();
 ok(Array.prototype.hasOwnProperty('sort'), "Array.prototype.hasOwnProperty('sort') is false");
 ok(Array.prototype.hasOwnProperty('length'), "Array.prototype.hasOwnProperty('length') is false");
 ok(!obj.hasOwnProperty('sort'), "obj.hasOwnProperty('sort') is true");
 ok(obj.hasOwnProperty('length'), "obj.hasOwnProperty('length') is true");
+Boolean();
+new Boolean();
 obj = new Boolean(false);
 ok(!obj.hasOwnProperty('toString'), "obj.hasOwnProperty('toString') is true");
 ok(!Boolean.hasOwnProperty('toString'), "Boolean.hasOwnProperty('toString') is true");
 ok(Boolean.prototype.hasOwnProperty('toString'), "Boolean.prototype.hasOwnProperty('toString') is false");
+Date();
+new Date();
 obj = new Date();
 ok(!obj.hasOwnProperty('getTime'), "obj.hasOwnProperty('getTime') is true");
 ok(!Date.hasOwnProperty('getTime'), "Date.hasOwnProperty('getTime') is true");
 ok(Date.prototype.hasOwnProperty('getTime'), "Date.prototype.hasOwnProperty('getTime') is false");
 ok(!("now" in Date), "now found in Date");
+Number();
+new Number();
 obj = new Number();
 ok(!obj.hasOwnProperty('toFixed'), "obj.hasOwnProperty('toFixed') is true");
 ok(!Number.hasOwnProperty('toFixed'), "Number.hasOwnProperty('toFixed') is true");
 ok(Number.prototype.hasOwnProperty('toFixed'), "Number.prototype.hasOwnProperty('toFixed') is false");
+/x/;
 obj = /x/;
 ok(!obj.hasOwnProperty('exec'), "obj.hasOwnProperty('exec') is true");
 ok(obj.hasOwnProperty('source'), "obj.hasOwnProperty('source') is false");
@@ -325,6 +336,8 @@ ok(!RegExp.hasOwnProperty('exec'), "RegExp.hasOwnProperty('exec') is true");
 ok(!RegExp.hasOwnProperty('source'), "RegExp.hasOwnProperty('source') is true");
 ok(RegExp.prototype.hasOwnProperty('source'), "RegExp.prototype.hasOwnProperty('source') is false");
+String();
+new String();
 obj = new String();
 ok(!obj.hasOwnProperty('charAt'), "obj.hasOwnProperty('charAt') is true");
 ok(obj.hasOwnProperty('length'), "obj.hasOwnProperty('length') is false");
@@ -3127,6 +3140,8 @@ ok(String.length == 1, "String.length = " + String.length);
 var tmp = createArray();
 ok(getVT(tmp) == "VT_ARRAY|VT_VARIANT", "getVT(createArray()) = " + getVT(tmp));
 ok(getVT(VBArray(tmp)) == "VT_ARRAY|VT_VARIANT", "getVT(VBArray(tmp)) = " + getVT(VBArray(tmp)));
+VBArray(tmp);
+new VBArray(tmp);
 tmp = new VBArray(tmp);
 tmp = new VBArray(VBArray(createArray()));
 ok(tmp.dimensions() == 2, "tmp.dimensions() = " + tmp.dimensions());

--- a/dlls/jscript/vbarray.c
+++ b/dlls/jscript/vbarray.c
@@ -291,11 +291,13 @@ static HRESULT VBArrayConstr_value(script_ctx_t *ctx, jsval_t vthis, WORD flags,
        if(argc<1 || !is_variant(argv[0]) || V_VT(get_variant(argv[0])) != (VT_ARRAY|VT_VARIANT))
            return JS_E_VBARRAY_EXPECTED;
-        return jsval_copy(argv[0], r);
+        return r ? jsval_copy(argv[0], r) : S_OK;
    case DISPATCH_CONSTRUCT:
        if(argc<1 || !is_variant(argv[0]) || V_VT(get_variant(argv[0])) != (VT_ARRAY|VT_VARIANT))
            return JS_E_VBARRAY_EXPECTED;
+        if(!r)
+            return S_OK;
        hres = alloc_vbarray(ctx, NULL, &vbarray);
        if(FAILED(hres))