From 4fda695c3c21ff997d669040751aa25ed47f0794 Mon Sep 17 00:00:00 2001
From: Hermet Park <hermet@lottiefiles.com>
Date: Fri, 23 Aug 2024 18:27:15 +0900
Subject: [PATCH] lottie/expressions: Improve safety

- Prevent expression processing if a property fails to parse.
- Fixed an incorrect usage of JerryScript.

This is a hotfix to address expression-related crashes.
---
 src/loaders/lottie/tvgLottieExpressions.cpp | 5 ++++-
 src/loaders/lottie/tvgLottieProperty.h      | 1 +
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/loaders/lottie/tvgLottieExpressions.cpp b/src/loaders/lottie/tvgLottieExpressions.cpp
index cbf0f17b..20c4cb76 100644
--- a/src/loaders/lottie/tvgLottieExpressions.cpp
+++ b/src/loaders/lottie/tvgLottieExpressions.cpp
@@ -1080,7 +1080,7 @@ static void _buildProperty(float frameNo, jerry_value_t context, LottieExpressio
 
 static jerry_value_t _comp(const jerry_call_info_t* info, const jerry_value_t args[], const jerry_length_t argsCnt)
 {
-    auto data = static_cast<ExpContent*>(jerry_object_get_native_ptr(info->function, nullptr));
+    auto data = static_cast<ExpContent*>(jerry_object_get_native_ptr(info->function, &freeCb));
     auto comp = static_cast<LottieLayer*>(data->obj);
     auto layer = comp->layerById(_idByName(args[0]));
 
@@ -1300,6 +1300,8 @@ jerry_value_t LottieExpressions::buildGlobal()
 
 jerry_value_t LottieExpressions::evaluate(float frameNo, LottieExpression* exp)
 {
+    if (exp->disabled) return jerry_undefined();
+
     buildGlobal(exp);
 
     //main composition
@@ -1327,6 +1329,7 @@ jerry_value_t LottieExpressions::evaluate(float frameNo, LottieExpression* exp)
 
     if (jerry_value_is_exception(eval) || jerry_value_is_undefined(eval)) {
         TVGERR("LOTTIE", "Failed to dispatch the expressions!");
+        exp->disabled = true;
         return jerry_undefined();
     }
 
diff --git a/src/loaders/lottie/tvgLottieProperty.h b/src/loaders/lottie/tvgLottieProperty.h
index eea68392..9b5e40bb 100644
--- a/src/loaders/lottie/tvgLottieProperty.h
+++ b/src/loaders/lottie/tvgLottieProperty.h
@@ -135,6 +135,7 @@ struct LottieExpression
     LottieLayer* layer;
     LottieObject* object;
     LottieProperty* property;
+    bool disabled = false;
 
     struct {
         uint32_t key = 0;      //the keyframe number repeating to