[gjs/gnome-3-34] function: Don't crash if a callback doesn't return an array of values

[Philip Chimento <pchimento src gnome org>]

commit 84adf686fbc9358bcc76d3de840bc57b99477d73
Author: Marco Trevisan (Treviño) <mail 3v1n0 net>
Date:   Tue Mar 17 18:07:52 2020 +0100

    function: Don't crash if a callback doesn't return an array of values
    
    When a function returns multiple values, we expect to have an array,
    however gjs doesn't do any strong check on this and we just assume that
    JS just returned us an array, and this may lead to a crash when calling
    JS_GetElement on an value that isn't an object or an array.
    
    So, check if that the JS function just returned us an array, and warn in
    case this didn't happen.

 gi/function.cpp | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
---
diff --git a/gi/function.cpp b/gi/function.cpp
index 9ca00048..cedea602 100644
--- a/gi/function.cpp
+++ b/gi/function.cpp
@@ -378,6 +378,21 @@ static void gjs_callback_closure(ffi_cif* cif G_GNUC_UNUSED, void* result,
             break;
         }
     } else {
+        bool is_array = rval.isObject();
+        if (!JS_IsArrayObject(context, rval, &is_array))
+            goto out;
+
+        if (!is_array) {
+            JSFunction* fn = gjs_closure_get_callable(trampoline->js_function);
+            gjs_throw(context,
+                      "Function %s (%s.%s) returned unexpected value, "
+                      "expecting an Array",
+                      gjs_debug_string(JS_GetFunctionDisplayId(fn)).c_str(),
+                      g_base_info_get_namespace(trampoline->info),
+                      g_base_info_get_name(trampoline->info));
+            goto out;
+        }
+
         JS::RootedValue elem(context);
         JS::RootedObject out_array(context, rval.toObjectOrNull());
         gsize elem_idx = 0;