RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 18:57:34 +00:00
Code Issues Activity Actions

LibJS: Don't mark blocks for unification multiple times

Browse source 
This would cause a UAF otherwise
This commit is contained in:
Hendiadyoin1 2022-11-02 14:28:47 +01:00 committed by Ali Mohammad Pur
parent 35db0c5e18
commit 7697e09660
1 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Userland/Libraries/LibJS/Bytecode/Pass/UnifySameBlocks.cpp
View file

@ -24,6 +24,8 @@ void UnifySameBlocks::perform(PassPipelineExecutable& executable)
auto& block = executable.executable.basic_blocks[i]; auto& block = executable.executable.basic_blocks[i];
auto block_bytes = block.instruction_stream(); auto block_bytes = block.instruction_stream();
for (auto& candidate_block : executable.executable.basic_blocks.span().slice(i + 1)) { for (auto& candidate_block : executable.executable.basic_blocks.span().slice(i + 1)) {
if (equal_blocks.contains(&*candidate_block))
continue;
// FIXME: This can probably be relaxed a bit... // FIXME: This can probably be relaxed a bit...
if (candidate_block->size() != block.size()) if (candidate_block->size() != block.size())
continue; continue;