From 741745baabf1c8d3625631114a961bf404a4ae7d Mon Sep 17 00:00:00 2001
From: Luke Wilde <lukew@serenityos.org>
Date: Sun, 27 Mar 2022 17:49:10 +0100
Subject: [PATCH] LibJS/Bytecode: Update NewArray stringifier to print a
 register range

NewArray now only contains two elements maximum in `m_elements` to
indicate the range of registers to create the array from.

However, `m_element_count` still contains how many registers are in the
range and the stringifier was not updated to account for this. Thus, if
the range contained more than 2 registers, it would do a read OOB on
`m_elements`.

This makes it now just print the first and second entries in
`m_elements` in the format of `[<reg>-<reg>]`.
---
 Userland/Libraries/LibJS/Bytecode/Op.cpp | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/Userland/Libraries/LibJS/Bytecode/Op.cpp b/Userland/Libraries/LibJS/Bytecode/Op.cpp
index 4393ee3ba2..dea1aad0b1 100644
--- a/Userland/Libraries/LibJS/Bytecode/Op.cpp
+++ b/Userland/Libraries/LibJS/Bytecode/Op.cpp
@@ -725,13 +725,7 @@ String NewArray::to_string_impl(Bytecode::Executable const&) const
     StringBuilder builder;
     builder.append("NewArray");
     if (m_element_count != 0) {
-        builder.append(" [");
-        for (size_t i = 0; i < m_element_count; ++i) {
-            builder.appendff("{}", m_elements[i]);
-            if (i != m_element_count - 1)
-                builder.append(',');
-        }
-        builder.append(']');
+        builder.appendff(" [{}-{}]", m_elements[0], m_elements[1]);
     }
     return builder.to_string();
 }