RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-30 15:28:11 +00:00
Code Issues Activity Actions

LibJS: Only update EC instruction pointer when pushing to EC stack

Browse source 
Instead of trying to keep a live reference to the bytecode interpreter's
current instruction stream iterator, we now simply copy the current
iterator whenever pushing to the ExecutionContext stack.

This fixes a stack-use-after-return issue reported by ASAN.
This commit is contained in:
Andreas Kling 2023-09-02 17:38:17 +02:00
parent 2966188ea3
commit c78506d79b
4 changed files with 19 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

1
Userland/Libraries/LibJS/Bytecode/Interpreter.cpp
View file

@ -201,7 +201,6 @@ Interpreter::ValueAndFrame Interpreter::run_and_return_frame(Realm& realm, Execu
for (;;) {
auto pc = InstructionStreamIterator { m_current_block->instruction_stream(), m_current_executable };
TemporaryChange temp_change { m_pc, Optional<InstructionStreamIterator&>(pc) };
TemporaryChange context_change { vm().running_execution_context().instruction_stream_iterator, Optional<InstructionStreamIterator&>(pc) };
// FIXME: This is getting kinda spaghetti-y
bool will_jump = false;