From ccfe0764eddc17bc531dcf9fc69f9ee3a2b3e0e2 Mon Sep 17 00:00:00 2001 From: bptato <60043228+bptato@users.noreply.github.com> Date: Thu, 4 Jun 2026 11:58:49 +0200 Subject: [PATCH] Check return values of fallible functions (#518) Port of https://github.com/quickjs-ng/quickjs/pull/1409 (bnoordhuis). I modified it to prevent an atom leak in js_parse_statement_or_decl, otherwise it's the same. --- quickjs.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/quickjs.c b/quickjs.c index 2e8b3da..fa5a7a9 100644 --- a/quickjs.c +++ b/quickjs.c @@ -28718,7 +28718,8 @@ static __exception int js_parse_for_in_of(JSParseState *s, int label_name, int chunk_size = pos_expr - pos_next; int offset = bc->size - pos_next; int i; - dbuf_claim(bc, chunk_size); + if (dbuf_claim(bc, chunk_size)) + return -1; dbuf_put(bc, bc->buf + pos_next, chunk_size); memset(bc->buf + pos_next, OP_nop, chunk_size); /* `next` part ends with a goto */ @@ -29124,7 +29125,8 @@ static __exception int js_parse_statement_or_decl(JSParseState *s, int chunk_size = pos_body - pos_cont; int offset = bc->size - pos_cont; int i; - dbuf_claim(bc, chunk_size); + if (dbuf_claim(bc, chunk_size)) + goto fail; dbuf_put(bc, bc->buf + pos_cont, chunk_size); memset(bc->buf + pos_cont, OP_nop, chunk_size); /* increment part ends with a goto */ @@ -38052,11 +38054,14 @@ static int JS_WriteObjectRec(BCWriterState *s, JSValueConst obj) case JS_TAG_STRING_ROPE: { JSValue str; + int ret; str = JS_ToString(s->ctx, obj); if (JS_IsException(str)) goto fail; - JS_WriteObjectRec(s, str); + ret = JS_WriteObjectRec(s, str); JS_FreeValue(s->ctx, str); + if (ret) + goto fail; } break; case JS_TAG_FUNCTION_BYTECODE: