asadbek064/quickjs
1
Fork 0
mirror of https://github.com/bellard/quickjs.git synced 2026-05-27 19:09:36 +00:00
Code Issues 1 Actions Projects Releases Wiki Activity

Fix leak in js_array_buffer_constructor3

Browse Source 
If alloc_flag is unset, then we are expected to consume the buffer even
if we throw an exception.  (At least this is what js_array_buffer_transfer
seems to assume.)
This commit is contained in:
bptato 2026-05-16 16:48:51 +02:00
parent e182e3df5c
commit 05f73aaf5d
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
quickjs.c
View File

@ -56056,13 +56056,15 @@ static JSValue js_array_buffer_constructor3(JSContext *ctx,
if (!alloc_flag && buf && max_len && free_func != js_array_buffer_free) {
// not observable from JS land, only through C API misuse;
// JS code cannot create externally managed buffers directly
if (free_func)
free_func(rt, opaque, buf);
return JS_ThrowInternalError(ctx,
"resizable ArrayBuffers not supported "
"for externally managed buffers");
}
obj = js_create_from_ctor(ctx, new_target, class_id);
if (JS_IsException(obj))
return obj;
goto fail2;
/* XXX: we are currently limited to 2 GB */
if (len > INT32_MAX) {
JS_ThrowRangeError(ctx, "invalid array buffer length");
@ -56113,6 +56115,9 @@ static JSValue js_array_buffer_constructor3(JSContext *ctx,
fail:
JS_FreeValue(ctx, obj);
js_free(ctx, abuf);
fail2:
if (!alloc_flag && free_func)
free_func(rt, opaque, buf);
return JS_EXCEPTION;
}