From 9c740a891e4734ff9d9a31d3f1c00086128e6eb2 Mon Sep 17 00:00:00 2001
From: Alexander 'z33ky' Hirsch <1zeeky@gmail.com>
Date: Mon, 23 Jun 2025 20:55:13 +0200
Subject: [PATCH] Check type of Squirrel constructor_stub() instance

This prevents manual invocations of the native class constructor with an
invalid value.
---
 sp/src/vscript/vscript_squirrel.cpp | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/sp/src/vscript/vscript_squirrel.cpp b/sp/src/vscript/vscript_squirrel.cpp
index 6856a2a7..8cbcb35e 100644
--- a/sp/src/vscript/vscript_squirrel.cpp
+++ b/sp/src/vscript/vscript_squirrel.cpp
@@ -1562,15 +1562,23 @@ SQInteger constructor_stub(HSQUIRRELVM vm)
 	Assert(pSquirrelVM);
 
 	sq_resetobject(&pSquirrelVM->lastError_);
-
-	void* instance = pClassDesc->m_pfnConstruct();
-
-	// expect construction to always succeed
-	Assert(sq_isnull(pSquirrelVM->lastError_));
-
 	{
 		SQUserPointer p;
-		sq_getinstanceup(vm, 1, &p, 0);
+		if (SQ_FAILED(sq_getinstanceup(vm, 1, &p, 0)))
+		{
+			return SQ_ERROR;
+		}
+
+		if (!p)
+		{
+			return sq_throwerror(vm, "Accessed null instance");
+		}
+
+		void* instance = pClassDesc->m_pfnConstruct();
+
+		// expect construction to always succeed
+		Assert(sq_isnull(pSquirrelVM->lastError_));
+
 		new(p) ClassInstanceData(instance, pClassDesc, nullptr, true);
 	}