RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-31 07:58:11 +00:00
Code Issues Activity Actions

LibJS: Do not invoke Cell::vm in constructors before Cell is constructed

Browse source 
In a subclass of Cell, we cannot use Cell::vm() before the base Cell
object itself is constructed. Use the Realm's VM instead.

This was caught by UBSAN with vptr sanitation enabled.
This commit is contained in:
Timothy Flynn 2022-09-14 19:10:27 -04:00 committed by Andreas Kling
parent 3efe611dbf
commit 85e313077a
46 changed files with 97 additions and 97 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Userland/Libraries/LibJS/Runtime/Intl/DurationFormatConstructor.cpp
View file

@ -16,7 +16,7 @@ namespace JS::Intl {
// 1.2 The Intl.DurationFormat Constructor, https://tc39.es/proposal-intl-duration-format/#sec-intl-durationformat-constructor
DurationFormatConstructor::DurationFormatConstructor(Realm& realm)
: NativeFunction(vm().names.DurationFormat.as_string(), *realm.intrinsics().function_prototype())
: NativeFunction(realm.vm().names.DurationFormat.as_string(), *realm.intrinsics().function_prototype())
{
}