mujs/jsfunction.c at ac03b95b184b70f3fafc8f285bc2c4a796698035

mirror of https://github.com/ccxvii/mujs.git synced 2026-02-06 09:51:41 +08:00

Files

Tor Andersson 1780d0ea73 Bug 704756: Don't trust function.length property!

Calling js_call with n < 0 led to us popping a negative number of items
from the stack, which could make us miss the stack size check.

Sanitize all uses of function.length in Function.prototype.apply and
Function.prototype.bind.

2021-12-08 12:56:12 +01:00

4.7 KiB

Raw Blame History

View Raw

4.7 KiB Raw Blame History

4.7 KiB

Raw Blame History