[njs] Fixed NULL-pointer dereference in "proto" property handler.

Wed Mar 4 14:14:12 UTC 2020

details:   https://hg.nginx.org/njs/rev/a16e0c8f4bb2
branches:  
changeset: 1350:a16e0c8f4bb2
user:      Alexander Borisov <alexander.borisov at nginx.com>
date:      Wed Mar 04 17:12:55 2020 +0300
description:
Fixed NULL-pointer dereference in "__proto__" property handler.

This closes #293 issue on GitHub.

diffstat:

 src/njs_object.c         |  7 ++++++-
 src/test/njs_unit_test.c |  3 +++
 2 files changed, 9 insertions(+), 1 deletions(-)

diffs (30 lines):

diff -r 65f4b11e3302 -r a16e0c8f4bb2 src/njs_object.c

--- a/src/njs_object.c	Tue Mar 03 20:14:48 2020 +0300
+++ b/src/njs_object.c	Wed Mar 04 17:12:55 2020 +0300
@@ -2005,7 +2005,12 @@ njs_primitive_prototype_get_proto(njs_vm
         proto = &vm->prototypes[index].object;
     }
 
-    njs_set_type_object(retval, proto, proto->type);
+    if (proto != NULL) {
+        njs_set_type_object(retval, proto, proto->type);
+
+    } else {
+        njs_set_undefined(retval);
+    }
 
     return NJS_OK;
 }
diff -r 65f4b11e3302 -r a16e0c8f4bb2 src/test/njs_unit_test.c
--- a/src/test/njs_unit_test.c	Tue Mar 03 20:14:48 2020 +0300
+++ b/src/test/njs_unit_test.c	Wed Mar 04 17:12:55 2020 +0300
@@ -12637,6 +12637,9 @@ static njs_unit_test_t  njs_test[] =
     { njs_str("typeof Object.setPrototypeOf({}, null)"),
       njs_str("object") },
 
+    { njs_str("Object.setPrototypeOf(Object.getPrototypeOf(''), null).__proto__"),
+      njs_str("undefined") },
+
     { njs_str("var p = {}; var o = Object.create(p);"
                  "p.isPrototypeOf(o)"),
       njs_str("true") },


[njs] Fixed NULL-pointer dereference in "__proto__" property handler.

[njs] Fixed NULL-pointer dereference in "proto" property handler.