[gjs: 2/5] function: Don't crash if a callback doesn't return an array of values

[Philip Chimento <pchimento src gnome org>]

commit 095e9ce4ed0d0551991a82ea1e814d9e1d24e023
Author: Marco Trevisan (Treviño) <mail 3v1n0 net>
Date:   Tue Mar 17 18:07:52 2020 +0100

    function: Don't crash if a callback doesn't return an array of values
    
    When a function returns multiple values, we expect to have an array,
    however gjs doesn't do any strong check on this and we just assume that
    JS just returned us an array, and this may lead to a crash when calling
    JS_GetElement on an value that isn't an object or an array.
    
    So, check if that the JS function just returned us an array, and warn in
    case this didn't happen.

 gi/function.cpp | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
---
diff --git a/gi/function.cpp b/gi/function.cpp
index 6b8baf70..34e9a7ae 100644
--- a/gi/function.cpp
+++ b/gi/function.cpp
@@ -390,6 +390,21 @@ static void gjs_callback_closure(ffi_cif* cif G_GNUC_UNUSED, void* result,
             break;
         }
     } else {
+        bool is_array = rval.isObject();
+        if (!JS_IsArrayObject(context, rval, &is_array))
+            goto out;
+
+        if (!is_array) {
+            JSFunction* fn = gjs_closure_get_callable(trampoline->js_function);
+            gjs_throw(context,
+                      "Function %s (%s.%s) returned unexpected value, "
+                      "expecting an Array",
+                      gjs_debug_string(JS_GetFunctionDisplayId(fn)).c_str(),
+                      g_base_info_get_namespace(trampoline->info),
+                      g_base_info_get_name(trampoline->info));
+            goto out;
+        }
+
         JS::RootedValue elem(context);
         JS::RootedObject out_array(context, rval.toObjectOrNull());
         gsize elem_idx = 0;