From a0bc03dcf682417ffb8bd8fbafc311705a743427 Mon Sep 17 00:00:00 2001 From: Dmitry Volyntsev Date: Thu, 11 Jun 2026 17:34:23 -0700 Subject: [PATCH] QuickJS: fix fetch() init property value leaks Previously, the values of the buffer_size, max_response_body_size and verify init properties were not released after conversion, leaking heap values such as objects with a valueOf() method. --- nginx/ngx_qjs_fetch.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/nginx/ngx_qjs_fetch.c b/nginx/ngx_qjs_fetch.c index 854deb52..535773bc 100644 --- a/nginx/ngx_qjs_fetch.c +++ b/nginx/ngx_qjs_fetch.c @@ -287,8 +287,10 @@ ngx_qjs_ext_fetch(JSContext *cx, JSValueConst this_val, int argc, } if (!JS_IsUndefined(value)) { - if (JS_ToInt64(cx, (int64_t *) &http->buffer_size, value) < 0) { - JS_FreeValue(cx, value); + rc = JS_ToInt64(cx, (int64_t *) &http->buffer_size, value); + JS_FreeValue(cx, value); + + if (rc < 0) { goto fail; } } @@ -299,10 +301,11 @@ ngx_qjs_ext_fetch(JSContext *cx, JSValueConst this_val, int argc, } if (!JS_IsUndefined(value)) { - if (JS_ToInt64(cx, (int64_t *) &http->max_response_body_size, - value) < 0) - { - JS_FreeValue(cx, value); + rc = JS_ToInt64(cx, (int64_t *) &http->max_response_body_size, + value); + JS_FreeValue(cx, value); + + if (rc < 0) { goto fail; } } @@ -315,6 +318,7 @@ ngx_qjs_ext_fetch(JSContext *cx, JSValueConst this_val, int argc, if (!JS_IsUndefined(value)) { http->ssl_verify = JS_ToBool(cx, value); + JS_FreeValue(cx, value); } #endif } -- 2.47.3