Fix to 23532. Check validity of JS_ARENA_ALLOCATE call before using it as an argument of memcpy in JS_ArenaGrow.

Thanks to wyeung@real.com for noticing we were being unsafe here and suggesting the fix.
2000-04-21 09:25:43 +00:00 · 2000-04-21 09:25:43 +00:00 · b83e22e2ea
--- a/js/src/jsarena.c
+++ b/js/src/jsarena.c
@ -142,7 +142,8 @@ JS_ArenaGrow(JSArenaPool *pool, void *p, JSUint32 size, JSUint32 incr)
    void *newp;

    JS_ARENA_ALLOCATE(newp, pool, size + incr);
-    memcpy(newp, p, size);
+    if (newp)
+        memcpy(newp, p, size);
    return newp;
 }