RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 10:07:44 +00:00
Code Issues Activity Actions

LibJS+LibWeb: Make JS::ExecutionContext protect its Web::HTML::ESO owner

Browse source 
We can't be nuking the ESO while its owned execution context is still on
the VM's execution context stack, as that may lead to a use-after-free.

This patch solves this by adding a `context_owner` field to each context
and treating it as a GC root.
This commit is contained in:
Andreas Kling 2022-11-21 11:18:15 +01:00 committed by Linus Groh
parent 1fdce71483
commit 849499988e
3 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
Userland/Libraries/LibJS/Runtime/ExecutionContext.h
View file

@ -58,6 +58,9 @@ public:
Environment* variable_environment { nullptr }; // [[VariableEnvironment]]
PrivateEnvironment* private_environment { nullptr }; // [[PrivateEnvironment]]
// Non-standard: This points at something that owns this ExecutionContext, in case it needs to be protected from GC.
Cell* context_owner { nullptr };
ASTNode const* current_node { nullptr };
FlyString function_name;
Value this_value;