[njs] Fixed uninitialized-memory-access in Object.defineProperties().

Dmitry Volyntsev xeioex at nginx.com
Thu May 16 12:21:48 UTC 2019 

details:   https://hg.nginx.org/njs/rev/e0fdef4eb478
branches:  
changeset: 965:e0fdef4eb478
user:      Dmitry Volyntsev <xeioex at nginx.com>
date:      Thu May 16 15:20:31 2019 +0300
description:
Fixed uninitialized-memory-access in Object.defineProperties().

This closes #158 issue on Github.

diffstat:

 njs/njs_object.c         |  11 +++++------
 njs/test/njs_unit_test.c |   3 +++
 2 files changed, 8 insertions(+), 6 deletions(-)

diffs (45 lines):

diff -r 56c75545da25 -r e0fdef4eb478 njs/njs_object.c
--- a/njs/njs_object.c	Wed May 15 12:51:31 2019 +0300
+++ b/njs/njs_object.c	Thu May 16 15:20:31 2019 +0300
@@ -1705,7 +1705,7 @@ njs_object_define_property(njs_vm_t *vm,
         return NXT_ERROR;
     }
 
-    value = &args[1];
+    value = njs_argument(args, 1);
 
     if (!value->data.u.object->extensible) {
         njs_type_error(vm, "object is not extensible");
@@ -1743,15 +1743,14 @@ njs_object_define_properties(njs_vm_t *v
     njs_object_prop_t  *prop;
     const njs_value_t  *descriptor;
 
-    value = &args[1];
-
-    if (!njs_is_object(value)) {
+    if (!njs_is_object(njs_arg(args, nargs, 1))) {
         njs_type_error(vm, "cannot convert %s argument to object",
-                       njs_type_string(value->type));
-
+                       njs_type_string(njs_arg(args, nargs, 1)->type));
         return NXT_ERROR;
     }
 
+    value = njs_argument(args, 1);
+
     if (!value->data.u.object->extensible) {
         njs_type_error(vm, "object is not extensible");
         return NXT_ERROR;
diff -r 56c75545da25 -r e0fdef4eb478 njs/test/njs_unit_test.c
--- a/njs/test/njs_unit_test.c	Wed May 15 12:51:31 2019 +0300
+++ b/njs/test/njs_unit_test.c	Thu May 16 15:20:31 2019 +0300
@@ -9162,6 +9162,9 @@ static njs_unit_test_t  njs_test[] =
     { nxt_string("var o = Object.defineProperties({a:1}, {}); o.a"),
       nxt_string("1") },
 
+    { nxt_string("Object.defineProperties()"),
+      nxt_string("TypeError: cannot convert undefined argument to object") },
+
     { nxt_string("Object.defineProperties(1, {})"),
       nxt_string("TypeError: cannot convert number argument to object") },

More information about the nginx-devel mailing list