RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-10-31 11:22:45 +00:00
Code Issues Activity Actions

LibJS: Do not invoke Cell::vm in constructors before Cell is constructed

Browse source 
In a subclass of Cell, we cannot use Cell::vm() before the base Cell
object itself is constructed. Use the Realm's VM instead.

This was caught by UBSAN with vptr sanitation enabled.
This commit is contained in:
Timothy Flynn 2022-09-14 19:10:27 -04:00 committed by Andreas Kling
parent 3efe611dbf
commit 85e313077a
46 changed files with 97 additions and 97 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Userland/Libraries/LibJS/Runtime/FinalizationRegistryConstructor.cpp
View file

@ -14,7 +14,7 @@
namespace JS {
FinalizationRegistryConstructor::FinalizationRegistryConstructor(Realm& realm)
: NativeFunction(vm().names.FinalizationRegistry.as_string(), *realm.intrinsics().function_prototype())
: NativeFunction(realm.vm().names.FinalizationRegistry.as_string(), *realm.intrinsics().function_prototype())
{
}