From: Dmitry Volyntsev Date: Fri, 12 Jun 2026 00:34:23 +0000 (-0700) Subject: QuickJS: fix fetch() init property value leaks X-Git-Tag: 1.0.0~14 X-Git-Url: http://git.kaiwu.me/postgresql/log/contrib/postgres_fdw/stylesheets/stylesheet.css?a=commitdiff_plain;h=a0bc03dcf682417ffb8bd8fbafc311705a743427;p=njs.git QuickJS: fix fetch() init property value leaks Previously, the values of the buffer_size, max_response_body_size and verify init properties were not released after conversion, leaking heap values such as objects with a valueOf() method. --- diff --git a/nginx/ngx_qjs_fetch.c b/nginx/ngx_qjs_fetch.c index 854deb52..535773bc 100644 --- a/nginx/ngx_qjs_fetch.c +++ b/nginx/ngx_qjs_fetch.c @@ -287,8 +287,10 @@ ngx_qjs_ext_fetch(JSContext *cx, JSValueConst this_val, int argc, } if (!JS_IsUndefined(value)) { - if (JS_ToInt64(cx, (int64_t *) &http->buffer_size, value) < 0) { - JS_FreeValue(cx, value); + rc = JS_ToInt64(cx, (int64_t *) &http->buffer_size, value); + JS_FreeValue(cx, value); + + if (rc < 0) { goto fail; } } @@ -299,10 +301,11 @@ ngx_qjs_ext_fetch(JSContext *cx, JSValueConst this_val, int argc, } if (!JS_IsUndefined(value)) { - if (JS_ToInt64(cx, (int64_t *) &http->max_response_body_size, - value) < 0) - { - JS_FreeValue(cx, value); + rc = JS_ToInt64(cx, (int64_t *) &http->max_response_body_size, + value); + JS_FreeValue(cx, value); + + if (rc < 0) { goto fail; } } @@ -315,6 +318,7 @@ ngx_qjs_ext_fetch(JSContext *cx, JSValueConst this_val, int argc, if (!JS_IsUndefined(value)) { http->ssl_verify = JS_ToBool(cx, value); + JS_FreeValue(cx, value); } #endif }