Fix free of NULL value in function ecma_typedarray_helper_dispatch_construct

lygstate · lygstate · commit d8ad30b83391 · 2021-01-15T10:09:32.000-08:00
Currently, ecma_op_get_prototype_from_constructor may return NULL and the function didn't raise that exception. Also optimize multiple assignment of prototype_obj_p and multiple access of JERRY_CONTEXT (current_new_target) out. This fixes jerryscript-project#4463 JerryScript-DCO-1.0-Signed-off-by: Yonggang Luo luoyonggang@gmail.com
diff --git a/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-typedarray-helpers.c b/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-typedarray-helpers.c
@@ -20,6 +20,7 @@
 #include "ecma-builtins.h"
 #include "ecma-gc.h"
 #include "ecma-objects.h"
+#include "ecma-exceptions.h"
 #include "ecma-typedarray-object.h"
 #include "ecma-function-object.h"
 #include "jcontext.h"
@@ -40,11 +41,20 @@ ecma_typedarray_helper_dispatch_construct (const ecma_value_t *arguments_list_p,
 {
   JERRY_ASSERT (arguments_list_len == 0 || arguments_list_p != NULL);
   ecma_builtin_id_t proto_id = ecma_typedarray_helper_get_prototype_id (typedarray_id);
-  ecma_object_t *prototype_obj_p = ecma_builtin_get (proto_id);
+  ecma_object_t *current_new_target_p = JERRY_CONTEXT (current_new_target);
+  ecma_object_t *prototype_obj_p;
 
-  if (JERRY_CONTEXT (current_new_target))
+  if (current_new_target_p != NULL)
   {
-    prototype_obj_p = ecma_op_get_prototype_from_constructor (JERRY_CONTEXT (current_new_target), proto_id);
+    prototype_obj_p = ecma_op_get_prototype_from_constructor (current_new_target_p, proto_id);
+    if (prototype_obj_p == NULL)
+    {
+      return ecma_raise_type_error (ECMA_ERR_MSG ("TypedArray constructor should have prototype"));
+    }
+  }
+  else
+  {
+    prototype_obj_p = ecma_builtin_get (proto_id);
   }
 
   ecma_value_t val = ecma_op_create_typedarray (arguments_list_p,
@@ -53,7 +63,7 @@ ecma_typedarray_helper_dispatch_construct (const ecma_value_t *arguments_list_p,
                                                 ecma_typedarray_helper_get_shift_size (typedarray_id),
                                                 typedarray_id);
 
-  if (JERRY_CONTEXT (current_new_target))
+  if (current_new_target_p != NULL)
   {
     ecma_deref_object (prototype_obj_p);
   }
