$OpenBSD: patch-gi_arg_c,v 1.1 2013/04/12 07:26:44 jasper Exp $

From f4a5b2c9af715668e3559ff0b66a311d7e9936b2 Mon Sep 17 00:00:00 2001
From: Giovanni Campagna <gcampagna@src.gnome.org>
Date: Tue, 02 Apr 2013 16:04:13 +0000
Subject: Fix crash when marshalling a GType array containing non objects

It would cast a jsval of the wrong type to object and pass NULL
to gjs_gtype_get_actual_gtype()

Tests included.

https://bugzilla.gnome.org/show_bug.cgi?id=696933

--- gi/arg.c.orig	Mon Jan  7 18:45:57 2013
+++ gi/arg.c	Fri Apr 12 09:23:34 2013
@@ -627,20 +627,24 @@ gjs_gtypearray_to_array(JSContext   *context,
             return JS_FALSE;
         }
 
+        if (!JSVAL_IS_OBJECT(elem))
+            goto err;
+
         gtype = gjs_gtype_get_actual_gtype(context, JSVAL_TO_OBJECT(elem));
+        if (gtype == G_TYPE_INVALID)
+            goto err;
 
-        if (gtype == G_TYPE_INVALID) {
-            g_free(result);
-            gjs_throw(context, "Invalid element in GType array");
-            return JS_FALSE;
-        }
-
         result[i] = gtype;
     }
 
     *arr_p = result;
 
     return JS_TRUE;
+
+ err:
+    g_free(result);
+    gjs_throw(context, "Invalid element in GType array");
+    return JS_FALSE;
 }
 
 static JSBool
