[njs] Fixed null pointer dereferences introduced in f5bdddca3252.

Dmitry Volyntsev xeioex at nginx.com
Sat Apr 27 17:45:07 UTC 2019


details:   https://hg.nginx.org/njs/rev/277845bea37a
branches:  
changeset: 935:277845bea37a
user:      Dmitry Volyntsev <xeioex at nginx.com>
date:      Sat Apr 27 20:28:37 2019 +0300
description:
Fixed null pointer dereferences introduced in f5bdddca3252.

CID 1444775, CID 1444776.

diffstat:

 njs/njs_array.c    |  5 +++++
 njs/njs_function.c |  5 +++++
 2 files changed, 10 insertions(+), 0 deletions(-)

diffs (30 lines):

diff -r 28c972d5416d -r 277845bea37a njs/njs_array.c
--- a/njs/njs_array.c	Fri Apr 26 21:30:04 2019 +0800
+++ b/njs/njs_array.c	Sat Apr 27 20:28:37 2019 +0300
@@ -432,6 +432,11 @@ njs_array_length(njs_vm_t *vm, njs_value
         proto = proto->__proto__;
     } while (proto != NULL);
 
+    if (nxt_slow_path(proto == NULL)) {
+        njs_internal_error(vm, "no array in proto chain");
+        return NJS_ERROR;
+    }
+
     array = (njs_array_t *) proto;
 
     if (setval != NULL) {
diff -r 28c972d5416d -r 277845bea37a njs/njs_function.c
--- a/njs/njs_function.c	Fri Apr 26 21:30:04 2019 +0800
+++ b/njs/njs_function.c	Sat Apr 27 20:28:37 2019 +0300
@@ -921,6 +921,11 @@ njs_function_instance_length(njs_vm_t *v
         proto = proto->__proto__;
     } while (proto != NULL);
 
+    if (nxt_slow_path(proto == NULL)) {
+        njs_internal_error(vm, "no function in proto chain");
+        return NJS_ERROR;
+    }
+
     function = (njs_function_t *) proto;
 
     if (function->native) {


More information about the nginx-devel mailing list