Fix runtime bugs

- fix string leak in `js_printf_internal` on errors - read `errno` before potential side effects in `js_os_stat`
2025-09-30 06:54:26 +03:00 · 2024-02-11 12:49:40 +01:00
parent c9e6c56c70
commit 48deab1aeb
2 changed files with 21 additions and 22 deletions
--- a/quickjs-libc.c
+++ b/quickjs-libc.c
@@ -150,7 +150,7 @@ static JSValue js_printf_internal(JSContext *ctx,
    uint8_t cbuf[UTF8_CHAR_LEN_MAX+1];
    JSValue res;
    DynBuf dbuf;
-    const char *fmt_str;
+    const char *fmt_str = NULL;
    const uint8_t *fmt, *fmt_end;
    const uint8_t *p;
    char *q;
@@ -251,7 +251,7 @@ static JSValue js_printf_internal(JSContext *ctx,
                    string_arg = JS_ToCString(ctx, argv[i++]);
                    if (!string_arg)
                        goto fail;
-                    int32_arg = unicode_from_utf8((uint8_t *)string_arg, UTF8_CHAR_LEN_MAX, &p);
+                    int32_arg = unicode_from_utf8((const uint8_t *)string_arg, UTF8_CHAR_LEN_MAX, &p);
                    JS_FreeCString(ctx, string_arg);
                } else {
                    if (JS_ToInt32(ctx, &int32_arg, argv[i++]))
@@ -355,6 +355,7 @@ static JSValue js_printf_internal(JSContext *ctx,
    return res;

 fail:
+    JS_FreeCString(ctx, fmt_str);
    dbuf_free(&dbuf);
    return JS_EXCEPTION;
 }
@@ -1638,7 +1639,7 @@ static JSValue js_os_seek(JSContext *ctx, JSValueConst this_val,
 }

 static JSValue js_os_read_write(JSContext *ctx, JSValueConst this_val,
-                                      int argc, JSValueConst *argv, int magic)
+                                int argc, JSValueConst *argv, int magic)
 {
    int fd;
    uint64_t pos, len;
@@ -1779,7 +1780,7 @@ static JSValue js_os_ttySetRaw(JSContext *ctx, JSValueConst this_val,
 #endif /* !_WIN32 */

 static JSValue js_os_remove(JSContext *ctx, JSValueConst this_val,
-                             int argc, JSValueConst *argv)
+                            int argc, JSValueConst *argv)
 {
    const char *filename;
    int ret;
@@ -2532,12 +2533,14 @@ static JSValue js_os_stat(JSContext *ctx, JSValueConst this_val,
    else
        res = stat(path, &st);
 #endif
+    if (res < 0)
+        err = errno;
+    else
+        err = 0;
    JS_FreeCString(ctx, path);
    if (res < 0) {
-        err = errno;
        obj = JS_NULL;
    } else {
-        err = 0;
        obj = JS_NewObject(ctx);
        if (JS_IsException(obj))
            return JS_EXCEPTION;
@@ -2648,7 +2651,7 @@ static JSValue js_os_utimes(JSContext *ctx, JSValueConst this_val,

 /* sleep(delay_ms) */
 static JSValue js_os_sleep(JSContext *ctx, JSValueConst this_val,
-                          int argc, JSValueConst *argv)
+                           int argc, JSValueConst *argv)
 {
    int64_t delay;
    int ret;
@@ -2712,7 +2715,7 @@ static JSValue js_os_realpath(JSContext *ctx, JSValueConst this_val,

 #if !defined(_WIN32)
 static JSValue js_os_symlink(JSContext *ctx, JSValueConst this_val,
-                              int argc, JSValueConst *argv)
+                             int argc, JSValueConst *argv)
 {
    const char *target, *linkpath;
    int err;
@@ -3763,7 +3766,7 @@ JSModuleDef *js_init_module_os(JSContext *ctx, const char *module_name)
 /**********************************************************/

 static JSValue js_print(JSContext *ctx, JSValueConst this_val,
-                              int argc, JSValueConst *argv)
+                        int argc, JSValueConst *argv)
 {
    int i;
    const char *str;