RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 21:57:43 +00:00
Code Issues Activity Actions

LibJS: Take a pointer in get_or_prune_cached_prototype_transition()

Browse source 
Prototypes can be set to null, and while the previous version also kinda
allowed null (by not reading through the null reference), it was making
UBSAN very sad.
This commit is contained in:
Ali Mohammad Pur 2021-10-01 08:03:39 +03:30 committed by Ali Mohammad Pur
parent db98ed5ed0
commit 36516a4c47
2 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

6
Userland/Libraries/LibJS/Runtime/Shape.cpp
View file

@ -36,9 +36,9 @@ Shape* Shape::get_or_prune_cached_forward_transition(TransitionKey const& key)
return it->value;
}
Shape* Shape::get_or_prune_cached_prototype_transition(Object& prototype)
Shape* Shape::get_or_prune_cached_prototype_transition(Object* prototype)
{
auto it = m_prototype_transitions.find(&prototype);
auto it = m_prototype_transitions.find(prototype);
if (it == m_prototype_transitions.end())
return nullptr;
if (!it->value) {
@ -71,7 +71,7 @@ Shape* Shape::create_configure_transition(const StringOrSymbol& property_name, P
Shape* Shape::create_prototype_transition(Object* new_prototype)
{
if (auto* existing_shape = get_or_prune_cached_prototype_transition(*new_prototype))
if (auto* existing_shape = get_or_prune_cached_prototype_transition(new_prototype))
return existing_shape;
auto* new_shape = heap().allocate_without_global_object<Shape>(*this, new_prototype);
m_prototype_transitions.set(new_prototype, new_shape);