jscript: Fix some memory problems in disp_call_value.

Signed-off-by: Kevin Puetz <PuetzKevinA@JohnDeere.com>
Signed-off-by: Jacek Caban <jacek@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
This commit is contained in:
Puetz Kevin A 2020-07-23 04:58:37 +00:00 committed by Alexandre Julliard
parent 0703005948
commit 616f5a5d4b

View file

@ -2095,12 +2095,14 @@ HRESULT disp_call_value(script_ctx_t *ctx, IDispatch *disp, IDispatch *jsthis, W
dp.rgdispidNamedArgs = NULL;
}
if(argc > ARRAY_SIZE(buf) && !(args = heap_alloc(argc * sizeof(VARIANT))))
if(dp.cArgs > ARRAY_SIZE(buf) && !(args = heap_alloc(dp.cArgs * sizeof(VARIANT))))
return E_OUTOFMEMORY;
dp.rgvarg = args;
if(jsthis) {
V_VT(dp.rgvarg) = VT_DISPATCH;
V_DISPATCH(dp.rgvarg) = jsthis;
}
for(i=0; SUCCEEDED(hres) && i < argc; i++)
hres = jsval_to_variant(argv[i], dp.rgvarg+dp.cArgs-i-1);
@ -2110,7 +2112,7 @@ HRESULT disp_call_value(script_ctx_t *ctx, IDispatch *disp, IDispatch *jsthis, W
hres = disp_invoke(ctx, disp, DISPID_VALUE, flags, &dp, r ? &retv : NULL);
}
for(i = 0; i < argc&&0; i++)
for(i = 0; i < argc; i++)
VariantClear(dp.rgvarg + dp.cArgs - i - 1);
if(args != buf)
heap_free(args);