RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 13:27:34 +00:00
Code Issues Activity Actions

LibJS: Only update EC instruction pointer when pushing to EC stack

Browse source 
Instead of trying to keep a live reference to the bytecode interpreter's
current instruction stream iterator, we now simply copy the current
iterator whenever pushing to the ExecutionContext stack.

This fixes a stack-use-after-return issue reported by ASAN.
This commit is contained in:
Andreas Kling 2023-09-02 17:38:17 +02:00
parent 2966188ea3
commit c78506d79b
4 changed files with 19 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Userland/Libraries/LibJS/Runtime/ExecutionContext.h
View file

@ -44,7 +44,7 @@ public:
// Non-standard: This points at something that owns this ExecutionContext, in case it needs to be protected from GC.
GCPtr<Cell> context_owner;
Optional<Bytecode::InstructionStreamIterator&> instruction_stream_iterator;
Optional<Bytecode::InstructionStreamIterator> instruction_stream_iterator;
DeprecatedFlyString function_name;
Value this_value;
MarkedVector<Value> arguments;