ref: 90aca80865e28a1b9be9bc5ef1118438f62e4f8f
parent: 8f12e045f673e67f6f09d50d13ba5d1275491b1e
author: Tor Andersson <tor.andersson@artifex.com>
date: Tue Mar 17 10:04:07 EDT 2020
Fix potential memory corruption when jsV_newmemstring fails to allocate. Don't change the value until the allocation has succeeded.
--- a/jsvalue.c
+++ b/jsvalue.c
@@ -312,8 +312,8 @@
v->type = JS_TSHRSTR;
return v->u.shrstr;
} else {- v->type = JS_TMEMSTR;
v->u.memstr = jsV_newmemstring(J, p, n);
+ v->type = JS_TMEMSTR;
return v->u.memstr->p;
}
}