wine/dlls/jscript
Gabriel Ivăncescu 2173cac68e jscript: Fix addressing invalid memory if ref is an argument.
`ref` can be negative in case it refers to an argument. Even though scope !=
frame->base_scope would rule this out (because only base scopes have args),
it was checked *after* the memory access, which would read out of bounds
memory first. This didn't appear as an issue in practice since it's using the
heap pool, so there's probably valid memory before it, but it's still wrong.

Signed-off-by: Gabriel Ivăncescu <gabrielopcode@gmail.com>
2023-06-21 18:54:39 +02:00
..
tests jscript: Correctly implement context for indirect eval calls in ES5+ modes. 2023-06-21 18:54:39 +02:00
activex.c
array.c
bool.c
cc_parser.y
compile.c jscript: Correctly implement context for indirect eval calls in ES5+ modes. 2023-06-21 18:54:39 +02:00
date.c
decode.c
dispex.c
engine.c jscript: Fix addressing invalid memory if ref is an argument. 2023-06-21 18:54:39 +02:00
engine.h jscript: Correctly implement context for indirect eval calls in ES5+ modes. 2023-06-21 18:54:39 +02:00
enumerator.c
error.c jscript: Throw proper error for unexpected quantifiers in RegExp. 2023-05-30 16:42:12 +02:00
function.c jscript: Correctly implement context for indirect eval calls in ES5+ modes. 2023-06-21 18:54:39 +02:00
global.c jscript: Correctly implement context for indirect eval calls in ES5+ modes. 2023-06-21 18:54:39 +02:00
jscript.c
jscript.h jscript: Correctly implement context for indirect eval calls in ES5+ modes. 2023-06-21 18:54:39 +02:00
jscript.rc jscript: Throw proper error for unexpected quantifiers in RegExp. 2023-05-30 16:42:12 +02:00
jscript.rgs
jscript.spec
jscript_classes.idl
jscript_main.c
jsglobal.idl
jsglobal_dispid.h
json.c
jsregexp.c jscript: Fix memory leak on error path in regexp_string_match (scan-build). 2023-06-07 22:48:27 +02:00
jsstr.c
jsstr.h
jsutils.c
jsval.h
lex.c
Makefile.in
math.c
number.c
object.c
parser.h
parser.y
regexp.c jscript: Throw proper error for out of memory conditions in RegExp. 2023-05-30 16:42:12 +02:00
regexp.h
resource.h jscript: Throw proper error for unexpected quantifiers in RegExp. 2023-05-30 16:42:12 +02:00
set.c
string.c jscript: Remove unnecessary call to malloc in strbuf_ensure_size. 2023-06-05 14:01:07 +02:00
vbarray.c