Fix potential for crash after ReferenceError during function declarat…

…ion (fix #2457)
espruino · Jan 31, 2024 · 5fee08f · 5fee08f
1 parent 372d4af
commit 5fee08f
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -17,6 +17,7 @@
             Fix issue with g.wrapString when running on flash-based strings
             Fix lock leak when using flat/flash/native strings as object indices
             Fix g.wrapString lockup if wrap width is less than the character width
+            Fix potential for crash after ReferenceError during function declaration (fix #2457)
 
      2v20 : Ensure String.charCodeAt returns NaN for out of bounds chars
             Bangle.js2: When rendering overlays, *do not* use the current FG/BG color for 1 bit overlays

diff --git a/src/jsparse.c b/src/jsparse.c
@@ -1319,9 +1319,12 @@ NO_INLINE JsVar *jspeFactorFunctionCall() {
   while ((lex->tk=='(' || (isConstructor && JSP_SHOULD_EXECUTE)) && !jspIsInterrupted()) {
     JsVar *funcName = a;
     JsVar *func = jsvSkipName(funcName);
-
+    if (!func)  { // could have ReferenceErrored while skipping name
+      jsvUnLock2(funcName, parent);
+      return 0;
+    }
     /* The constructor function doesn't change parsing, so if we're
-     * not executing, just short-cut it. */
+    * not executing, just short-cut it. */
     if (isConstructor && JSP_SHOULD_EXECUTE) {
       // If we have '(' parse an argument list, otherwise don't look for any args
       bool parseArgs = lex->tk=='(';